Posts Tagged ‘Shell’

Why Russophobes hates Putin – How situation changed in Russia during Vladimir Putin presidency

Thursday, April 3rd, 2014

why-Russophobes-hates-putin-how-situation-changed-in-Russia-during-putin-reign

POSITIVE RESULTS  FOR RUSSIA DURING REIGN OF VLADIMIR PUTIN

  • For last 12 years of government Putin increated Russia's budget 22 times.
  • Increated warfare spendings 30 times.
  • Increated GDP 12 times (by GDP Russia moved from 36th to 6th place in the World).
  • Increated Russian golden reserves 48 times.
  • Returned back 256 oil, petrol and other natural resources sources / mine-yards (under non-Russian government curretnly are only 3 of
  • Russia's source for natural resources.
  • Nationalized 65% of oil industry and 95% of gas industry.
  • For a 5th consequential year 2nd / 3rd place in export of grain (just for a comparison USA is currently ranked 4th largest weed exporter). The avarage sallary of national institution employed increased 18.5 times.
  • Avarage pension increased 14 times.
  • Reduce of population decreased from 1.5 million per year in year 1999 to 21 000 in 2011, i.e. 71 times.
  • Prohibited deputies in Government to have bank accounts in foreign banks.Prevented American attack against Syria.
  • Put an end to war in Chechnya.


From January y. 2000 to present times Russian ruble rate changed from 28 Rubles per dollar to 29 Rubles per dollar – i.e. severe inflation in Russia ended.Present day Russia is a normal European country not that poor country where approimate pension was 20 dollars and where masters was the financial pyramids and the International Monatery Fund

In 1992 Eltsin cancelled completely export duty of oil products.
In 23 January E. Primakov government forced again oil taxes.
In export price of 9.5 dollars per barrel custom taxes were 2.5 euro per tone and in price 12,5 dollars per barrel 5 euro / tone.Such a minor increase in taxes produced 14 billion rubles in already empty Russian budget.

In August 1999 Eltsin assigned Putin for prime minister.
In just a month later the export taxes Putin increased duty taxes to 7.5 euro/tone and in 8 december to 15 euro/tone. Till then incomes from oil taxes has been steadily increasing and nowadays exporters calculate in national budget half of incomes origin from oil prices and export taxes.
From January to November 2007 Russian customs influxed in national budget 2.57 trillion Rubles.
Oil export takes has drastically raised incomes of citizens.This had major impact on construction business.All Russia nowadays is in reality enormous "construction yard", to illustrate from January to September 2007 375 009 homes were built occupying 34 million square meters.
Cement factories cannot satisfy local market requirements and Russia is forced to import cement from China.
Increased incomes of population led to increase in estates search, this increased apartment prices and as a consequence increased incomes from building activies.
Result is in consutriction business are invested enormous amounts of capital and a real construction boom is observed.
Another consequence of increased income was increase in demand for automobiles. Just for 2006 the quantity of demanded automobiles in Russia increased with 45% and reached 32 billion dollars with a count of sold new cars numbering 2 million. By indicator of sold new cars Russia orders on 5th place after in Europe taking place right after Germany, Great Britain, Italy and France.

Currently are being build a couple of new automobile plants, and existing ones increase production volume.
All this is consequence of increase in demand and therefore from increase in citizens income.

rn>For 10 years budets expenditure for social politics (pensions and social help) increased with 30%.

Before Putin pensions were under existence-minimum with appr. 25% and in 90th pensions were not paid at all.
Now pensions are 50% above existence-minimum and is constantly increasing.
In 2000 approximate sallary in Russia was 2223 Rubles (appr. 80 dollars).
Now approximate sallary in Russia 19174 rubles (apprx. 660 dollars).
Purchase of domestic goods for 10 years increased 10 times. Number of own automobilse increased 3 times.
Putin nationalized YUKOS, without 'making nervous' emering Russian busness in a market manner – with bankruptcy and auction. All this happened lawful, following laws adopted by democratic parliament.
The president doesn't have the right to use other  means. Formal occasion for arest of Hodorkovski were taxation frauds of YUKOS. In such machinations are involved practically all large private companies and this is the reason why nobody believes that excuse. It is unbelievable. However Putin simply defended Russia's interests.

 

 

Putin_russia_speech_and-the-russian-flag-a-primer-for-honest-politic


The proof for that is transmission of actives of YUKOS to national corporation "Rosneft". It would have been more righteous if this actives were just confiscated … but there are laws and Putin had just stick to them. After all the President can't go out of framework of his jurisdiction.
It can be just added that after Khodorkovsky  was injailed, collectivity (incomes)of taxes of ex-actives of YUKOS increased 80 TIMES!
In y. 2004 Putin finally removed law "Agreement for Separation of Production  (Separation Agreement)". This law was annexed during Eltsin's regime, in order to benefit Oligarchs (Khodorkovsky, Gusinsky, Beresovsky etc.) in order to make possible Russian oil reserves to be possessed by Western (American and British) oil corporations.
By the power of this law Russian oil and natural fields went into international jurisdiction, and therefore the money from Russian oil doesn't entered budget of Russia but influxed in Western companies.
Money from oil drills went mainly into Dutch "Shell" for covering of corporation expenses. Only after something remained from that they sold it to Russia. In 2006 Putin declared following in that connection "And now we don't get anything from them and if they increase their profit we will not receive it even in 10 years from now."
In fact to this moment Russia didn't get any money from their own oil.
After the law was removed in 2004, revenues in budeg increased from 3 to 4 times.
After cancellation of contracts for oil fields "Sakhalin-1" and "Sakhalin-2" Russia's loans to American company calculated to 700 million dollars, for that time this was too much. The whole Anglo-Saxon world pricked against Putin because of a simple reason: "UK planned to assure its oil reserves for years to come in expense of Russia – only Germany and France who didn't have a direct interest in that process kept neutral …
In 1992 – 1995 the head aparatus of Russia formed its view based on foreign advisors. All legislation from 1990's was hence written by them. In Russian country administration was working 10 000 foreign coaches.  George Soros was financing writting of student history books where the Battle for Stalingrad was mentioned in only 2 pages and about the meeting between Elbe and Soviet and American soldiers (Elbe Day) in 10 pages.

 

Russian_Army_meeting_American_Army-Elba-day


: In that mournful times on pupils notebook you can see portrainst of 4 American presidents of USA.
Until this very day there are left relics from that anti-Russian propaganda but hopefully with time Putin will throw away american propaganda from education system.
But why Putin cannot immediately dismiss all this hostile to Russia clerks? The reason is simple: Constitution of Russia written under dictation of Western coaches, does not allow quick changse into it.
Nowadays the President is just one of many clerks with resticted power. Yes truly president power is a bit bigger than other clerks, but country head can't influence everything. The president can't even define his ministers, even though by law this is part of his jurisdiction.

Overfulfilment of budet in times of Putin govern allowed craetion of country Stabilization fund. Nowdays is collected huge golden-currency reserve and practically Russia doesn't have external debt.

War in Kavkaz is over, separatists were destroyed. All famous terrorist leaders were liquidated physically.
Even Zelimkhan_Yandarbiyev was killed in Qatar, Basaev and Umarov were also destoyed. Putin promised "to drawn them if necessary even in their own toilet dish" and he fulfilled his promise. Of course, separatism is not completely destroyed, such conflicts cannot be quickly solved, but nowadays situation in Kakvaz is the best possible. If Chechnya's elite feels the power of Moscow and benefits of being a surrender – then separatism will fade away. This is exactly what happens. The attempts of western spy centrals to supply terrorists are still leading to separate terr. acts but this is the maximum – there will be no war anymore.
 
For 10 years Putin increased political influence of Russia in world and lifted its image. Today Russia follows its own interests, and not Western ones.
It is not coincidence that Putin was recognized as the most influential world politic of 2013. He prevented Russia's devastation led country out of catastrophe caused by Gorbachov and Eltsin. That's the rason why Western Medias abhor him and compare him with devil.
Everyone interested in political life in Russia seems, that the battle against corruption took unforeseen measures.
At least 2-3 times weekly on TV are shown arrests  of clergy and policeman and news inform about sentences against government employees.
Lets not forget Crimea, here is how it was given to Ukraine.

In 1992 on signature of Treaty of Belovesh for dissolution of USSR Ukrainian representative Leonid Kravchuk noticed that Boris Eltsin is "in play with Vodka" and is delaying signature, he urged him with words: –

"Borya if you like take Crimea, please just  sign the contract!".

Drunk Eltsin nobly waved hand:

"What for I need Crimea? Here it is your present!"

And signed and by one scratch he "killed" efforts of Prince Grigory Potemkin, Catherina the Great, heros of Sevastopol in 1856, heroes defenders of Sevastopol in 1941 …

Few days ago Putin removed consequences of this "joke with history" – and people of Crimea sung and danced on squares, returning to their motherland.
 

Here is Why Russophobes hates Putin!

 

 

Source Materials from http://rublogers.ru
Translated by: Georgi Georgiev
This translation is copyrighted and copying can only be done with explicit allowance of author Author or link to original translation
http://rublogers.ru/

 

Configure GNOME 3 to support dual / multiple monitors / Fix broken workspaces

Sunday, September 22nd, 2013

gnome3 dual 2 monitors not showing right workspace display issue how to fix

If you're using some GNU / Linux distribution with GNOME 3 and you would like to show output of screen in two connected Monitors to the machine you will stumble upon really unusual behavior. For some unknown reason GNOME environment developers make second monitor to keep fixed on on First Workspace, so whether you try changing Desktops to second / third etc. Virtual Desktop you end up with your secondary monitor focused on Workspace 1. Logically the use of Dual monitor configuration is to show all GUI output identically on both monitors so this behavior is "wrong" ….

Fortunately there is setting that control this weird behavior in GNOME through gconf-editor and simply changing that switches monitors to show properly.

To fix it:

Start Run Command or Press Alt + F2 to invoke GNOME Run menu

Navigate to registry path Desktop -> Gnome -> Shell -> Windows and Uncheck selection on workspaces_only_on_primary 

gconf-editor-gnome3-fix-dual-monitor-improperly-showing-workspaces

To make new changes take effect its necessary to Log Off or Restart PC.

There is another easier way for command line oriented people to apply changes without using / having installed gconf-editor by issuing:

gsettings set org.gnome.shell.overrides workspaces-only-on-primary false 

PHP: Better Webhosting Security – Disable exec(), exec_shell(), system(), popen(), eval() … shell fork functions

Sunday, June 23rd, 2013

increase php security better php security by disabling fork shell system and eval functions

If you work as System Administrator of WebHosting company, you definitely know how often it is that some automated cracker scripts (working as worms) intrude through buggy old crappy custom coded sites or unupdated obsolete Joomla / WordPress etc. installs. and run themselves trying to harvest for other vulnerable hosts. By default PHP enables running commands via shell with PHP functions like exec();, shell_exec(); , system();. and those script kiddie scripts use mainly this functions to spawn shell via vulnerable PHP app. Then scripts use whether php curl support is installed (i.e. php5-curl) to download and replicate itself to next vulnerable hop.

With that said it is a must after installing new Linux based server for hosting to disable this functions, to save yourself from future hassles …
Earlier, I blogged how to disable PHP system system(); and exec(); functions to raise Apache security using suhosin however this method requires php suhosin being used.

Yesterday, I had to configure new web hosting server with Debian 7, so I tried installing suhosin to use it to protect PHP from having enabled dangerous system();, eval(); exec(); .
I remember disabling system(); using suhosin php extension was working fine on older Debian releases, however in Debian 6.0, php5-suhosin package was causing severe Apache crashes and probably that's why in latest Debian Wheezy 7.0, php suhosin extension is no longer available. Therefore using suhosin method to disable system();, exec(); and other fork functions is no longer possible in Debian.

Since, suhosin is no longer there, I decided to use conventional PHP method via php.ini.

Here is how to do it

Edit:

/etc/php5/apache2/php.ini

debian:~# vim /etc/php5/apache2/php.ini
And near end of file placed:

disable_functions =exec,passthru,shell_exec,system,proc_open,
popen,curl_exec, curl_multi_exec,parse_ini_file,show_source

allow_url_fopen Off
allow_url_include Off

It is good to explain few of above functions – shell_exec, proc_open, popen, allow_url_fopen,show_source  and allow_url_include.

Disabling shell_exec – disables from PHP scripts executing commands with bash slash ` `, i.e. `ls`. proc_open and popen allows reading files from file system.

show_source – makes possible also reading other PHP source files or can be used to display content of other files from fs.

To read newly placed config vars in php.ini usual apache restart is necessary:

debian:~# /etc/init.d/apache2 restart
[….] Restarting web server: apache2
. ok

Further on tо test whether system();, exec();, passthru(); … etc. are disabled. Make new PHP file with content:

<?php
error_reporting(E_ALL);
$disabled_functions = ini_get('disable_functions');
if ($disabled_functions!='')
{
    $arr = explode(',', $disabled_functions);
    sort($arr);
    echo 'Disabled Functions:
        ';
    for ($i=0; $i<count($arr); $i++)
    {
        echo $i.' - '.$arr[$i].'<br />';
    }
}
else
{
    echo 'No functions disabled';
}
?>

php show disabled functions screenshot improve php security by disabling shell spawn functions

Copy of above source code show_disabled_php_functions.php is here for download
. To test your Apache PHP configuration disabled functions download it with wget or curl and rename it to .php:

# cd /var/www # wget -q http://www.pc-freak.net/files/show_disabled_php_functions.php.txt
mv show_disabled_php_functions.php.txt show_disabled_php_functions.php

After disabling functions on those newly setup Debian hosting Apache webserver, I remembered, same functions were still active on another CentOS Linux server.

To disable it there as well, had to edit:

/etc/php.ini

[root@centos:~]# vim /etc/php.ini

And again place after last file line;

disable_functions =exec,passthru,shell_exec,system,proc_open,popen,
curl_exec, curl_multi_exec,parse_ini_file,show_source

allow_url_fopen Off
allow_url_include Off

Finally on CentOS host, had to restart Apache:

[root@centos:~]# /etc/init.d/httpd restart

For Security paranoids, there are plenty of other PHP functions to disable including, basic functions like ln, mv, mkdir, cp, cat etc.

Below is list of all functions to disable – only disable this whether you you're a PHP security freak and you're 100% some server hosted website will not use it:

disable_functions = "ln, cat, popen, pclose, posix_getpwuid, posix_getgrgid, posix_kill, parse_perms, system, dl, passthru, exec, shell_exec, popen, proc_close, proc_get_status, proc_nice, proc_open, escapeshellcmd, escapeshellarg, show_source, posix_mkfifo, mysql_list_dbs, get_current_user, getmyuid, pconnect, link, symlink, pcntl_exec, ini_alter, pfsockopen, leak, apache_child_terminate, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, stream_select, socket_select, socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, virtual, chmod, file_upload, delete, deleted, edit, fwrite, cmd, rename, unlink, mkdir, mv, touch, cp, cd, pico"

Linux: Delete empty lines from text file with sed, awk, grep and vim

Saturday, March 23rd, 2013

As a system administrator, sometimes is necessary to do basic plain text processing for various sysadmin tasks. One very common task I do to remove empty lines in file. There are plenty of ways to do it i.e. – with grep, sed, awk, bash, perl etc.

1. Deleting empty file lines with sed

The most standard way to do it is with sed, as sed was written to do in shell quick regexp. Here is how;

sed '/^\s*$/d' file_with_empty_lines.txt > output_no_empty_lines.txt

2. Deleting empty file lines with awk

It is less of writting with awk, but I always forget the syntax and thus I like more sed, anyways here is how with awk;

cat file_with_empty_lines.txt | awk 'NF' >
output_no_empty_lines.txt

3. Deleting empty lines with grep

Grep  regular expression can be used. Here is grep cmd to cut off empty lines from file;

grep -v '^\s*$' file_with_empty_lines.txt >
output_no_empty_lines.txt

4. Delete empty files with vi / vim text editor

Open vi / vim text editor

$ vim

Press Esc+: and if empty lines doesn't have empty space characters use command

g/^$/d

Whether, empty lines contain " " – space characters (which are not visible in most text editors), use vi cmd:
g/^ $/d

How to change hostname permanently on Debian and Ubuntu Linux

Thursday, March 14th, 2013

Change hostname on Debian and Ubuntu Linux terminal hostname screenshot

I had to configure a newly purchased dedicated server from UK2. New servers cames shipped with some random assigned node hostname  like server42803. This is pretty annoying, and has to be changed especially if your company has a naming server policy in some format like; company-s1#, company-s2#, company-sN#.

Changing hostname via hosts definition file /etc/hosts to assign the IP address of the host to the hostname is not enough for changing the hostname shown in shell via SSH user login.

To display full hostname on Debian and Ubuntu, had to type:

server42803:~# hostname
server42803.uk2net.com

To change permanently server host to lets say company-s5;

server42803:~# cat /etc/hostname | \
sed -e 's#server42803.uk2net.com#company-s5#' > /etc/hostname

To change for current logged in SSH session:

server42803:~# hostname company-s5
company-s5:~#

Finally because already old hostname is red by sshd, you have to also restart sshd for new hostname to be visible on user ssh:

company-s5:~# /etc/init.d/ssh restart
...

As well as run script:

company-s5:~# /etc/init.d/hostname.sh

Mission change host accomplished, Enjoy 🙂

How to move only database and tables structure from MySQL server to another – Dump only empty SQL Schema table structure

Thursday, January 17th, 2013

 

mysql sql dump empty database and tables re-create only SQL structure from one host to another Linux

For web development purposes it is necessery to copy MySQL SQL database schema structure without copying the filled in data. A typical case where a replicate of SQL server structure is needed to be installed on another server is on whether a client is bying a new website and it is planned his website Database Design is similar or same like another already working productive website.

Thanksfully, one doesn't have to script in perl or bash cause  mysqldump dump tool has already integrated option for that (–no-data).

Here what mysqldump man page says of  –no-data;

 

  –no-data, -d

           Do not write any table row information (that is, do not dump table contents). This is useful if you want to dump only the
           CREATE TABLE statement for the table (for example, to create an empty copy of the table by loading the dump file).

 

1. Moving SQL data scheme for all databases in MySQL Server

 On host with SQL containing productive data, to dump only the structure of databases / tables and table type, fields rows etc.:

host1# mysqldump -d -h localhost -u root -p'your_password' >sql-all-dbs-tables-empty-structure.sql

Then on the secondary MySQL server, where empty SQL structure (without any filled in info) is needed run:

host2# mysql -u root -p'your_password' < sql-all-dbs-tables-empty-structure.sql

 

2. Moving SQL data structure for only concrete database

On Linux host1 shell issue;

host1# mysqldump -d -h localhost -u root -p'your_password'  database_name>sql-database-empty-structure.sql

On host2 server type;
host2# mysql -u root -p'your_password' < sql-database-empty-structure.sql

3. Moving SQL data structure for few databases

Lets say you have a user (new_user), who has privileges over a number of databases and you want to dump a dump copy of those empty databases;
Same like with one table, just include names of all databases scheme to dump;

host1# mysqldump -d -h localhost -u new_user -p'your_password'  database_name atabase_name2 database_whatever >sql-only-some-databases-structure.sql
 

Then to import on host2 again;

host2# mysql -u new_user -p'your_password' < sql-only-some-databases-structure.sql

4. Dumping and copying only database names from one MySQL to another

Though the case might be rary you might need to dump and copy only list of all databases existing without recreating table database sub-structure. This is doable like so:

On SQL node host1 run;

host1# for i in $(echo "show databases;" | mysql -u root -p|grep -v -E 'Database$' |grep -v information_schema); do echo $i >> structure.txt; done

host2# for i in $(cat structure.txt); do echo "create database $i;" | mysql -u root -p; done

Though I've tested all this and it is safe to use, if you're re-creating SQL database / tables structure make sure you have a working copy of data from SQL.
Well that's it hope this little article helps someone 🙂

Install ShellInABox (web shell browser AJAX frontend) on Debian GNU / Linux

Sunday, September 23rd, 2012

ShellinAbox web ssh shell browser frontend for Debian, Ubuntu, Arch Linux, Redhat and other GNU / Linux distributions

ShellInABox is a tiny piece of soft which can enable you to access your server or desktop via ssh shell using the web command line shell through AJAX interface. Installing it is not a hard task. To install on any Linux just navigate to shellinabox.com and download compile and install using the source code from tar.gz.
Installing ShellinaBox on Debian or Ubuntu and derivative based Linux it is even easier as on the website there are pre-compiled deb binaries which can be straight installed with dpkg

For 32 bit Debian version, installation is as simple as;

1. Download the i386 deb binary from Shellinabox.com
Just go to the website and look up for correct link and download with links

As of time of writting this post to download with links text browser:


links "http://code.google.com/p/shellinabox/downloads/detail?name=shellinabox_2.9-1_i386.deb&can=2&q="

2. Install deb pack with dpkg


dpkg -i shellinabox_2.9-1_i386.deb

For 64 bit amd64 bit arch Debian, install a Pre-built Debian x86-64 package (requires Ubuntu Karmic). Though the binary is said to be for Ubuntu it also installs and starts the shellinabox service (daemon) without no problem. By default shellinabox is configured to work on port number 4200. Right after install to test it open your favourite browser and do request to localhost port 4200:


http://127.0.0.1:4200/

BTW, I’ve used a couple of others Java based web ssh frontends and I should say, ShellinAbox is much more responsive.
Well that’s all now enjoy connecting to remote system ssh using any AJAX supporting browser 🙂

How to convert OGG Vorbis .ogg to MP3 on GNU / Linux and FreeBSD

Friday, July 27th, 2012

I’ve used K3B just recently to RIP an Audio CD with music to MP3. K3b has done a great job ripping the tracks, the only problem was By default k3b RIPs songs in OGG Vorbis (.ogg) and not mp3. I personally prefer OGG Vorbis as it is a free freedom respecting audio format, however the problem was the .ogg-s cannot be read on many of the audio players and it could be a problem reading the RIPped oggs on Windows. I’ve done the RIP not for myself but for a Belarusian gfriend of mine and she is completely computer illiterate and if I pass her the songs in .OGG, there is no chance she succed in listening the oggs. I’ve seen later k3b has an option to choose to convert directly to MP3 Using linux mp3 lame library this however is time consuming and I have to wait another 10 minutes or so for the songs to be ripped to shorten the time I decided to directly convert the existing .ogg files to .mp3 on my (Debian Linux). There are probably many ways to convert .ogg to mp3 on linux and likely many GUI frontends (like SoundConverter) to use in graphic env.

SoundConverter Debian GNU Linux graphic GUI environment program for convertion of ogg to mp3 and mp3 to ogg, convert multiple sound formats on GNU / Linux.

I however am a console freak so I preferred doing it from terminal. I’ve done quick research on the net and figured out the good old ffmpeg is capable of converting .oggs to .mp3s. To convert all mp3s just ripped in the separate directory I had to run ffmpeg in a tiny bash loop.

A short bash shell script 1 liner combined with ffmpeg does it, e.g.;

for f in *.ogg; do ffmpeg -i "$f" "`basename "$f" .ogg`.mp3"; done.....

The loop example is in bash so in order to make the code work on FreeBSD it is necessery it is run in a bash shell and not in BSDs so common csh or tcsh.

Well, that’s all oggs are in mp3; Hip-hip Hooray 😉

Script to Automatically change current MySQL server in wp-config.php to another MySQL host to minimize WordPress and Joomla downtimes

Friday, July 20th, 2012

I'm running a two servers for a couple of home hosted websites. One of the servers is serving as Apache host1 and has configured MySQL running on it and the second is used just for database host2 – (has another MySQL configured on it).
The MySQL servers are not configured to run as a MySQL MASTER and MySQL SLAVE (no mysql replication), however periodically (daily), I have a tiny shell script that is actualizing the data from the active SQL host2 server to host1.

Sometimes due to electricity problems or CPU overheats the active MySQL host at host2 gets stoned and stops working causing the 2 WordPress based websites and One joomla site inaccessible.
Until I manually get to the machine and restart host2 the 3 sites are down from the net and as you can imagine this has a very negative impact on the existing website indexing (PageRank) in Google.

When I'm at home, this is not a problem as I have physical access to the servers and if somethings gets messy I fix it quickly. The problem comes, whether I'm travelling or in another city far from home and there is no-one at home to give the hanged host hard reboot ….

Lately the problems with hang-ups of host2 happaned 3 times or so for 2 weeks, as a result the websites were inaccessible for hours and since there is nobody to reboot the server for hours; the websites keep hanging until the DB host is restarted ;;;;

To work-around this I came with the idea to write a tiny shell script to check if host2 is ping-able in order to assure the Database host is not down and then if script determines host2 (mysql) host is down it changes wp-config.php (set to use host2) to a wp-config.php (which I have beforehand configured to use) host1.

Using the script is a temporary solution, since I have to actually find the real hang-up causing troubles, but at least it saves me long downtimes. Here is a download link to the script I called change_blog_db.sh .
I've configured the script to be run on the Apache node (host1) via a crontab calling the script every 10 minutes, here is the crontab:
 

*/10 * * * * /usr/sbin/change_blog_db.sh > /dev/null 2>&1

The script is written in a way so if it determins host2 is reachable a copy of wp-config.php and Joomla's configuration.php tuned to use host2 is copied over the file config originals. In order to use the script one has to configured the head variables script section, e.g.:

host_to_ping='192.168.0.2';
blog_dir='/var/www/blog';
blog_dir2='/var/www/blog1';blog_dir3='/var/www/joomla';
notify_mail='hipo@pc-freak.net';
wp_config_orig='wp-config.php';
wp_config_localhost='wp-config-localhost.php';
wp_config_other_host='wp-config-192.168.0.2.php';
joomla_config_orig='configuration.php';
joomla_config_other_host='configuration-192.168.0.2.php';

You will have to manually prepare;;;

wp-config-localhost.php, wp-config-192.168.0.2.php ,configuration-192.168.0.2.php, wp-config-localhost.php to be existing files configured to with proper host1 and host2 IP addresses.
Hope the script will be useful to others, experiencing database downtimes with WordPress or Joomla installs.
 

Disabling PHP system(); and exec(); functions to raise up Apache security on Debian GNU / Linux

Wednesday, July 18th, 2012

Disabling PHP system(); and exec(); functions to raise up Apache security on Debian Gnu / Linux

At security critical hosts running Apache + PHP based sites it is recommended functions like:

system();
exec();shell_exec();.....

to be disabled. The reason is to mainly harden against script kiddies who might exploit your site/s and upload some shitty SK tool like PHP WebShell, PHP Shell and the probably thousands of “hacker” variations that exist nowdays.

In latest Debian stable Squeeze, suhosinadvanced protection module for php5 is being installed and enabled in Apache (by default).
Simply disabling a number of functions using suhosin, could prevent multiple of future headaches and hours of pondering on who 0wn3d your server ….

Disabling the basic PHP system(); and other similar functions which allows shell spawn is not always possible, since some websites or CMS platforms depends on them for proper runnig, anyways whether it is possible disabling ’em is a must.
There are two ways to disable system(); functions; One is through using /etc/php5/apache2/conf.d/suhosin.ini and 2nd by adding a list of functions that has to be disabled directly in Website Virtualhost file or in apache2.conf (/etc/apache2/apache2.conf;
For people hosting multiple virtualhost websites on the same server using the custom domain Virtualhost method is probably better, since on a global scale the functions could be enabled if some of the websites hosted on the server requires exec(); to work OK. In any case using /etc/php5/apache2/conf.d/suhosin.ini to disable system(); functions in PHP is less messy …

1. Disabling PHP system(); fuctions through /etc/apache2/apache2.conf and custom site Vhosts

Place somewhere (I prefer near the end of config);;;


php_admin_flag safe_mode on
php_admin_value disable_functions "system, exec, shell_exec, passthru , ini_alter, dl, pfsockopen, openlog, syslog, readlink, symlink, link, leak, fsockopen, popen, escapeshellcmd, apache_child_terminate apache_get_modules, apache_get_version, apache_getenv, apache_note,apache_setenv,virtual"

Disabling it for custom virtualhost is done by simply adding above Apache directvies (before the closing tag in /etc/apache2/sites-enabled/custom-vhost.com

2. Disabling PHP system();, exec(); shell spawn with suhosin.ini

In /etc/php5/apache2/conf.d/suhosin.ini add;;

suhosin.executor.func.blacklist =system, exec, shell_exec, passthru, ini_alter, dl,
pfsockopen, openlog, syslog, readlink, symlink, link, leak, fsockopen, popen,
escapeshellcmd, apache_child_terminate apache_get_modules, apache_get_version,
apache_getenv, apache_note,apache_setenv,virtual

To do it directly via shell issue;;;

server: conf.d/# cd /etc/php5/apache2/conf.d/
server: conf.d# echo 'suhosin.executor.func.blacklist =system, exec, shell_exec, passthru, ini_alter, dl,' >> suhosin.ini
server: conf.d# echo 'pfsockopen, openlog, syslog, readlink, symlink, link, leak, fsockopen, popen,' >> suhosin.ini
server: conf.d# echo escapeshellcmd, apache_child_terminate apache_get_modules, apache_get_version,' >> suhosin.ini
server: conf.d# echo 'apache_getenv, apache_note,apache_setenv,virtual' >> suhosin.ini

Then to re-load the memory loaded Apache libphp library an Apache restart is necessary;

server: conf.d# /etc/init.d/apache2 restart
Restarting web server: apache2 ... waiting .
server: conf.d#

Tadam, this should be quite a good security against annoying automated script attacks. Cheers 😉