IT Dribble

Well actually it’s not in the foreground but to a log file, but if you tail / follow the logfile you could pretend it was the foreground :-)

mysqld_safe --log-error=/var/log/mysql.err

And perhaps you have imported a database for forensic investigation and you don’t know the database password, you can just skip the authentication:

mysqld_safe --skip-grant-tables --log-error=/var/log/mysql.err

Using Splunk is great! It makes my IT life so much easier but occasionaly there is a use case to only run something once a week. While Splunk will allow this, it won’t allow you to ‘distribute’ running of the script across 7 days. For example you manage over 1000 servers and you require that the script is run by approx 1/7th of the servers each day, how do you do this easily without creating different server classes or whatever…

The solution is my python header script. Basically what is does is assign each server a number between 0 and 99, then splits up each day of the week into multiples of 14, eg Monday is 0-13 (inclusive), then checks if it’s own ‘number’ matches today’s numbers and runs the script if true.

#!/bin/env python
## Needed for weekday selection
import zlib
import datetime
import socket

## Weekday selection 
now = datetime.datetime.now()
today = now.weekday()
weekdayChooser = [0,14,28,42,56,70,84,100]

hostname = socket.gethostname()
hash = str(zlib.crc32(hostname))
# grab it from the back because sometimes negative values are given
dayToRun = int(hash[-2:])

## And finally check if its our day to run and runCode if it is...
if dayToRun in range(weekdayChooser[today],weekdayChooser[today +1]):
    runCode()

Seems that Firefox v31 and later has decided to remove access to sites encrypted with self signed certificates by default!

Anyway to resume some form of normality modify your “about:config” in the firefox address bar
Search for “security.use_mozillapkix_verification” and set it to “false”

That should do it.

Are you a paranoid nerd, who’s business requirements are very strict about IT security? No, well you may as well stop reading here.

Perhaps you have a business requirement to perform some random function on a server that only allows SSH access, but the rest of the business requires simple press button access to perform those functions?

Well with SSH force command wrappers, SSH keys and PHP you too can have simple click button access for the rest of the business!

Basically with a Linux apache server with PHP use the following code:
[Read More…]

This works on all versions of Apache webserver greater than 2.2.10.
I’ll presume you have a current working version of Apache serving files from /var/www/

mkdir -p /chroot/var/ 

Required for PHP5 compatibility:

mkdir -p /chroot/var/lib/php5
chown root:www-data /chroot/var/lib/php5
chmod 770 /chroot/var/lib/php5
cp /etc/localtime /chroot/etc/localtime
cp -R /usr/share/zoneinfo /chroot/usr/share/zoneinfo
cp -R /usr/share/apache2 /chroot/usr/share/apache2 

mv /var/www /chroot/var/ 

To help with compatibility and user / sysadmin expectations

ln -s /chroot/var/www /var/www 

Enable Apache’s in-built chroot (Debian)

echo "ChrootDir /chroot" > /etc/apache2/conf.d/chroot 

Enable Apache’s in-built chroot (Redhat/CentOS/Fedora)

echo "ChrootDir /chroot" >> /etc/httpd/conf/httpd.conf 
semanage fcontext -a -t httpd_sys_content_t “/chroot/var/www(/.*)?”

service apache2 restart 

Now test your damn website! Logfiles are your friend for troubleshooting any bugs :-)