Hello I have a Django project hosted on an Apache Ubuntu Google VM. I use git to both update the server code and backup the db files. To avoid having to ssh in and do the repetitive git tasks over and over I am trying to code some buttons on the admin page that will run the git scripts. The way git is setup I need to run git as a specific user to use the correct ssh keys. My thought was to allow www-data to sudo as tris (git user) on a very limited set of commands. I attempted to do this by modifying the sudoers file shown below.
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
I did as was asked and created a file in /etc/sudeors.d/ called git with the following contents and rebooted the vm:
www-data ALL=(tris) NOPASSWD: /usr/bin/git pull
www-data ALL=(tris) NOPASSWD: /usr/bin/git add db.sqlite3
www-data ALL=(tris) NOPASSWD: /usr/bin/git commit -m "server sync"
www-data ALL=(tris) NOPASSWD: /usr/bin/git push
The test python script that is trying to run these commands is shown below:
commands = [
'cd /home/tris/DjangoSite/;',
'''sudo -i -u tris bash -c '/usr/bin/git add db.sqlite3; /usr/bin/git commit -m "server sync"; /usr/bin/git push;' '''
]
command = ' '.join(commands)
p = run(command,stdout=PIPE,stderr=PIPE,shell=True)
results = f"Push\nargs:\n{p.args}\nstdout:{p.stdout.decode('utf-8')}\nstderr:\n{p.stderr.decode('utf-8')}"
print(results)
and finally this is the error it generates:
[Sun May 02 21:11:48.190725 2021] [wsgi:error] [pid 1412:tid 140452225025600] [remote <IP>:62498] Push
[Sun May 02 21:11:48.190771 2021] [wsgi:error] [pid 1412:tid 140452225025600] [remote <IP>:62498] args:
[Sun May 02 21:11:48.190778 2021] [wsgi:error] [pid 1412:tid 140452225025600] [remote <IP>:62498] cd /home/tris/DjangoSite/; sudo -i -u tris bash -c '/usr/bin/git add db.sqlite3; /usr/bin/git commit -m "server sync"; /usr/bin/git push;'
[Sun May 02 21:11:48.190783 2021] [wsgi:error] [pid 1412:tid 140452225025600] [remote <IP>:62498] stdout:
[Sun May 02 21:11:48.190787 2021] [wsgi:error] [pid 1412:tid 140452225025600] [remote <IP>:62498] stderr:
[Sun May 02 21:11:48.190792 2021] [wsgi:error] [pid 1412:tid 140452225025600] [remote <IP>:62498] sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
[Sun May 02 21:11:48.190796 2021] [wsgi:error] [pid 1412:tid 140452225025600] [remote <IP>:62498] sudo: a password is required
Can someone please help identify which step I did incorrectly or missed? I have been banging my head against this for a while and any help would be appreciated, thanks!
Relevant group memberships:
tris#website:~/$ groups www-data
www-data : www-data
tris#website:~/$ groups tris
tris : tris adm dialout cdrom floppy audio dip video plugdev netdev lxd ubuntu google-sudoers
Requested ls -l /etc/sudoers.d
sudo ls -l /etc/sudoers.d
total 20
-r--r----- 1 root root 144 Apr 27 04:04 90-cloud-init-users
-r--r----- 1 root root 958 Feb 18 00:03 README
-rw-r--r-- 1 root root 295 Apr 30 06:33 git
-r--r----- 1 root root 34 Apr 27 06:42 google-oslogin
-r--r----- 1 root root 43 Apr 27 04:05 google_sudoers
Merging all the commands into a single script then adding the script the sudoers file worked.
I am trying to set up vsftpd on a Centos 7 server. We have a bunch of linux users with /usr/sbin/nologin shells just for the purpose of FTP. I also created a regular user testuser with a bash shell.
Anonymous logins are disabled. When I try to login to the FTP server through Chrome I get a password prompt. When I submit the password prompt I just get another password prompt, over and over. However, the contents of vsftpd's log file are as followed:
Wed Aug 5 10:32:05 2020 [pid 30282] CONNECT: Client "my.ip.goes.here"
Wed Aug 5 10:32:05 2020 [pid 30282] FTP response: Client "my.ip.goes.here", "220 SUP GUY"
Wed Aug 5 10:32:05 2020 [pid 30282] FTP command: Client "my.ip.goes.here", "USER anonymous"
Wed Aug 5 10:32:05 2020 [pid 30282] [anonymous] FTP response: Client "my.ip.goes.here", "331 Please specify the password."
Wed Aug 5 10:32:05 2020 [pid 30282] [anonymous] FTP command: Client "my.ip.goes.here", "PASS <password>"
Wed Aug 5 10:32:07 2020 [pid 30281] [anonymous] FAIL LOGIN: Client "my.ip.goes.here"
Wed Aug 5 10:32:08 2020 [pid 30282] [anonymous] FTP response: Client "my.ip.goes.here", "530 Login incorrect."
Wed Aug 5 10:32:08 2020 [pid 30282] FTP command: Client "my.ip.goes.here", "QUIT"
Wed Aug 5 10:32:08 2020 [pid 30282] FTP response: Client "my.ip.goes.here", "221 Goodbye."
Wed Aug 5 10:32:08 2020 [pid 30285] CONNECT: Client "my.ip.goes.here"
Wed Aug 5 10:32:08 2020 [pid 30285] FTP response: Client "my.ip.goes.here", "220 SUP GUY"
Wed Aug 5 10:32:08 2020 [pid 30285] FTP command: Client "my.ip.goes.here", "USER testuser"
Wed Aug 5 10:32:08 2020 [pid 30285] [testuser] FTP response: Client "my.ip.goes.here", "331 Please specify the password."
Wed Aug 5 10:32:08 2020 [pid 30285] [testuser] FTP command: Client "my.ip.goes.here", "PASS <password>"
Wed Aug 5 10:32:08 2020 [pid 30284] [testuser] OK LOGIN: Client "my.ip.goes.here"
As you can see, the last line is OK LOGIN which is funny because the browser sure isn't acting like I logged in successfully.
Here's my vsftpd.conf:
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
listen_ipv6=NO
pam_service_name=vsftpd
tcp_wrappers=YES
ssl_enable=NO
pasv_enable=YES
pasv_address=my.server.ip.here
pasv_min_port=49152
pasv_max_port=65535
ftpd_banner=SUP GUY
chroot_local_user=YES
chroot_list_enable=NO
allow_writeable_chroot=NO
write_enable=NO
userlist_enable=NO
log_ftp_protocol=YES
dual_log_enable=YES
Here's my /etc/pam.d/vsftpd file:
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_nologin.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
My testuser account is not in that ftpusers file.
And here are the directory permissions of that testuser's home directory, in case that makes a difference:
total 16K
drwx------. 2 testuser testuser 91 Aug 5 10:27 .
drwxr-xr-x. 6 root root 65 Aug 4 10:42 ..
-rw-------. 1 testuser testuser 25 Aug 5 10:27 .bash_history
-rw-r--r--. 1 testuser testuser 18 Mar 31 21:17 .bash_logout
-rw-r--r--. 1 testuser testuser 193 Mar 31 21:17 .bash_profile
-rw-r--r--. 1 testuser testuser 231 Mar 31 21:17 .bashrc
-rw-rw-r--. 1 testuser testuser 0 Aug 5 10:27 hello```
Any idea what is going on here?
Turns out the culprit was SELinux. Everything was fine as far as vsftpd was concerned, but SELinux was blocking access to that home directory. My /var/log/audit/audit.log was full of entries like this:
type=AVC msg=audit(1596625942.966:385491): avc: denied { read } for pid=6778 comm="vsftpd" name="vsftpd"
dev="sda2" ino=2013664268 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0
In my case I do not need SELinux, so all I needed to do was set setenforce 0 and set SELINUX=disabled in my /etc/selinux/config.
I've just setup a home server (Ubuntu Server 14) and have configured DNS and DHCP. It all works fine except DDNS. /var/logs/syslog is reporting the following when a new DHCPREQUEST is made:
Jul 25 23:20:14 ns.lan dhcpd: DHCPREQUEST for 192.168.1.73 from <mac> (<hostname>) via eth0
Jul 25 23:20:14 ns.lan dhcpd: DHCPACK on 192.168.1.73 to <mac> (<hostname>) via eth0
Jul 25 23:20:14 ns.lan dhcpd: Unable to add forward map from <hostname>.lan to 192.168.1.73: SERVFAIL
The zone file is set to root:bind and 664.
-rw-r--r-- 1 root root 2389 Jun 29 20:54 bind.keys
-rw-r--r-- 1 root root 237 Jun 29 20:54 db.0
-rw-r--r-- 1 root root 271 Jun 29 20:54 db.127
-rw-r--r-- 1 root bind 313 Jul 25 21:02 db.192
-rw-r--r-- 1 root root 237 Jun 29 20:54 db.255
-rw-r--r-- 1 root root 353 Jun 29 20:54 db.empty
-rw-rw-r-- 1 root bind 387 Jul 25 17:57 db.lan
-rw-r--r-- 1 bind bind 0 Jul 25 20:04 db.lan.jnl
-rw-r--r-- 1 root root 270 Jun 29 20:54 db.local
-rw-r--r-- 1 root root 3048 Jun 29 20:54 db.root
-rw-r--r-- 1 root bind 463 Jun 29 20:54 named.conf
-rw-r--r-- 1 root bind 490 Jun 29 20:54 named.conf.default-zones
-rw-r--r-- 1 root bind 398 Jul 25 17:14 named.conf.local
-rw-r--r-- 1 root bind 998 Jul 25 02:10 named.conf.options
-rw-r----- 1 bind bind 77 Jul 18 01:39 rndc.key
-rw-r--r-- 1 root root 1317 Jun 29 20:54 zones.rfc1918
And I've added the dhcpd user to the bind group:
$ groups dhcpd
dhcpd : dhcpd bind
I've also configured AppArmor (/etc/apparmor.d/usr.sbin.dhcpd) to allow the access:
# Allow access to bind zone file so that it
# can be updated as new hosts are allocated
/etc/bind/db.lan rw,
The zone file looks like this:
;
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA ns.lan. hostmaster.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS ns
# IN A 127.0.0.1
# IN AAAA ::1
ns IN A 192.168.1.1
server IN A 192.168.1.2
media IN A 192.168.1.3
web IN A 192.168.1.4
dsldevice IN A 192.168.1.254
Any ideas on the "Unable to add forward map" SERVFAIL error or even how I can diagnose the problem?
I ended up re-jigging the file structure a little and something I've done has made it work. I guess that points at a permissions issue, probably apparmor related at a guess.
As #Richard Payne said, it's an issue with apparmor.
Running tail -f /var/log/messages should show messages like this:
kernel: [ss.sss]: audit: type=1400: apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/db.<zone>.jnl" ....
So, to solve this, add the following to /etc/apparmord.d/local/usr.sbin.named:
# Allow dynDNS entries to be written, along with journal ant temporary files
/etc/bind/db.* rw,
/etc/bind/tmp-* rw,
Also, make sure that the file /etc/apparmord.d/usr.sbin.named contains an #include directive for the file with our changes. It is generally at the end, and looks like this:
# Site-specific additions and overrides
#include <local/usr.sbin.named>
Then, restart apparmor and bind
sudo systemctl restart apparmor
sudo systemctl restart bind9
I have a production LAMP server on Gentoo that's been running a personal intranet website. Since yesterday afternoon, it's hanging shortly after any connection; the relatively small login page loads fine, but upon logging in which involves a lot of MySQL queries and data, it hangs indefinitely.
SSH is still able to connect but oddly, that suddenly hangs too after a few pages' worth of characters are transmitted. Thus to get the below information, I have to keep logging back in. I tried /etc/init.d/apache2 restart and /etc/init.d/mysql restart, and then did a full reboot of the system; yet alas the problem persists. Details follow.
Top:
top - 12:23:52 up 1:34, 2 users, load average: 0.16, 0.09, 0.06 Tasks: 81 total, 1 running, 80 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si,
0.0%st Mem: 3920788k total, 123476k used, 3797312k free, 4676k buffers Swap: 1227772k total, 0k used, 1227772k free, 48524k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 447 root 20 0 0 0 0 S 0 0.0 0:00.16 khubd
1 root 20 0 2020 640 568 S 0 0.0 0:00.51 init
2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0
5 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/u:0
6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0
7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1
9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1
10 root 20 0 0 0 0 S 0 0.0 0:00.69 kworker/0:1
Apache logs show the usual hacking attempts:
# tail -50 /var/log/apache2/error_log
[Mon Mar 17 19:03:48 2014] [error] [client 116.58.240.169] File does not exist: /var/www/mysite/pma
[Mon Mar 17 19:03:48 2014] [error] [client 116.58.240.169] File does not exist: /var/www/mysite/myadmin
[Tue Mar 18 05:58:42 2014] [error] [client 202.53.8.82] File does not exist: /var/www/mysite/admin.cgi
[Tue Mar 18 07:19:42 2014] [error] [client 74.63.220.132] File does not exist: /var/www/mysite/phpTest
[Tue Mar 18 07:19:43 2014] [error] [client 74.63.220.132] File does not exist: /var/www/mysite/phpMyAdmin
[Tue Mar 18 07:19:43 2014] [error] [client 74.63.220.132] File does not exist: /var/www/mysite/pma
[Tue Mar 18 07:19:44 2014] [error] [client 74.63.220.132] File does not exist: /var/www/mysite/myadmin
[Tue Mar 18 08:24:16 2014] [error] [client 222.5.204.73] invalid request-URI \xcc\\\xa4/\x83\x8f\x90:\x84\x90\x0f\xc4\x8dfe\xecb\x94v\x1f[\xd7Z\x95$X\xaby\x13k\x88\xf2\xeb\xf7\x1b\xfc\xe8a\xff
[Tue Mar 18 08:29:49 2014] [error] [client 76.3.191.245] invalid request-URI
[Tue Mar 18 08:38:00 2014] [error] [client 35.2.240.149] invalid request-URI
[Tue Mar 18 08:50:52 2014] [error] [client 173.26.148.34] invalid request-URI
[Tue Mar 18 10:57:48 2014] [error] [client 110.175.79.216] invalid request-URI
[Tue Mar 18 10:57:53 2014] [error] [client 110.248.140.59] invalid request-URI D\xe8\x91a\xbc\xe5WZ\xd0C]\x9f~\xb5\x89\bd\x9e"[w,\xc6\xd9\xde\x8b]#JJ\xbf\x12
[Tue Mar 18 14:24:54 2014] [error] [client 108.14.2.113] invalid request-URI
[Tue Mar 18 14:40:08 2014] [error] [client 86.217.136.41] invalid request-URI \x94FI-\x02;4JVOV\x0f\xba\b
[Tue Mar 18 14:45:42 2014] [error] [client 98.119.127.76] invalid request-URI
[Tue Mar 18 15:25:11 2014] [error] [client 192.168.0.3] File does not exist: /var/www/mysite/apple-touch-icon-precomposed.png
[Tue Mar 18 15:25:11 2014] [error] [client 192.168.0.3] File does not exist: /var/www/mysite/apple-touch-icon.png
[Tue Mar 18 15:25:11 2014] [error] [client 192.168.0.3] File does not exist: /var/www/mysite/apple-touch-icon-120x120-precomposed.png
[Tue Mar 18 15:25:11 2014] [error] [client 192.168.0.3] File does not exist: /var/www/mysite/apple-touch-icon-120x120.png
[Tue Mar 18 15:25:11 2014] [error] [client 192.168.0.3] File does not exist: /var/www/mysite/apple-touch-icon-precomposed.png
[Tue Mar 18 15:25:11 2014] [error] [client 192.168.0.3] File does not exist: /var/www/mysite/apple-touch-icon.png
[Tue Mar 18 16:20:45 2014] [error] [client 103.24.32.14] File does not exist: /var/www/mysite/phpTest
[Tue Mar 18 16:20:46 2014] [error] [client 103.24.32.14] File does not exist: /var/www/mysite/phpMyAdmin
[Tue Mar 18 16:20:46 2014] [error] [client 103.24.32.14] File does not exist: /var/www/mysite/pma
[Tue Mar 18 16:20:46 2014] [error] [client 103.24.32.14] File does not exist: /var/www/mysite/myadmin
[Tue Mar 18 16:40:58 2014] [error] [client 122.170.93.35] invalid request-URI
[Tue Mar 18 16:57:54 2014] [error] [client 124.107.151.190] invalid request-URI
[Tue Mar 18 17:36:17 2014] [error] [client 68.147.250.90] invalid request-URI \x1d\x1e;&\x9e\xd2\xa8\xc2GNQ\\
[Tue Mar 18 23:38:20 2014] [error] [client 92.240.68.153] request failed: error reading the headers
[Wed Mar 19 02:52:43 2014] [error] [client 162.213.24.36] File does not exist: /var/www/mysite/CFIDE
[Wed Mar 19 06:26:06 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 06:26:07 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 06:26:07 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 06:26:09 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 06:26:15 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 07:48:28 2014] [error] [client 201.161.37.93] File does not exist: /var/www/crownware/manager
[Wed Mar 19 09:27:08 2014] [error] [client 113.184.228.73] invalid request-URI \xad_X\xdf\x9aIM6x\x01ti\xf6Ko\xebi
[Wed Mar 19 09:36:06 2014] [error] [client 162.213.24.36] File does not exist: /var/www/crownware/CFIDE
[Wed Mar 19 10:28:15 2014] [notice] caught SIGTERM, shutting down
[Wed Mar 19 10:28:17 2014] [notice] Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0j PHP/5.4.6--pl0-gentoo configured -- resuming normal operations
[Wed Mar 19 10:43:31 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 10:43:31 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 10:43:35 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 10:43:35 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 10:43:36 2014] [error] [client 5.249.137.202] script not found or unable to stat: /var/www/mysite/cgi-bin
[Wed Mar 19 10:47:16 2014] [notice] caught SIGTERM, shutting down
[Wed Mar 19 10:49:32 2014] [notice] Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.0j PHP/5.4.6--pl0-gentoo configured -- resuming normal operations
[Wed Mar 19 10:53:45 2014] [error] [client 65.60.209.141] Invalid URI in request \x13\xe0\x94\xc4\xa4o\xd1\xd3*\xe0\xe7\x1a\xce\xd9\xe8\t\xca\xc3k\x9f\xb0\x06\x13\xbcE\x17\xbb\x02\x9c:\xffD\x8d\x1f\x85Wv\x14\xfd\x8f\xe3k\xc6\xfe\xf7\x1bu
[Wed Mar 19 12:20:07 2014] [error] [client 173.24.52.209] invalid request-URI
Last message of interest from /var/log/mysql/mysqld.err (5 days ago):
140314 9:56:02 InnoDB: ERROR: the age of the last checkpoint is 9448765,
InnoDB: which exceeds the log group capacity 9433498.
InnoDB: If you are using big BLOB or TEXT rows, you must set the
InnoDB: combined size of log files at least 10 times bigger than the
InnoDB: largest such row.
Versions:
# uname -a
Linux myhost 3.3.8-gentoo #1 SMP Fri Sep 28 09:34:42 MYT 2012 i686 Intel(R) Xeon(R) CPU E31220 # 3.10GHz GenuineIntel GNU/Linux
# mysqld -V
140319 12:37:13 [Warning] '--default-character-set' is deprecated and will be removed in a future release. Please use '--character-set-server' instead.
140319 12:37:13 [Warning] '--default-collation' is deprecated and will be removed in a future release. Please use '--collation-server' instead.
mysqld Ver 5.1.62-log for pc-linux-gnu on i686 (Gentoo Linux mysql-5.1.62-r1)
# apache2 -V
Server version: Apache/2.2.23 (Unix)
Server built: Oct 27 2012 19:17:52
Server's Module Magic Number: 20051115:31
Server loaded: APR 1.4.5, APR-Util 1.3.12
Compiled using: APR 1.4.5, APR-Util 1.3.12
Architecture: 32-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/usr"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/var/run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
# php -v
PHP 5.4.6--pl0-gentoo (cli) (built: Oct 27 2012 18:42:24)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
Disk appears to have plenty of space still:
# df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 960125048 84604800 826748732 10% /
udev 10240 0 10240 0% /dev
/dev/sda3 960125048 84604800 826748732 10% /
tmpfs 1960392 220 1960172 1% /run
rc-svcdir 1024 64 960 7% /lib/rc/init.d
cgroup_root 10240 0 10240 0% /sys/fs/cgroup
shm 1960392 0 1960392 0% /dev/shm
Apache processes:
# ps -ef|grep -i apache
root 2060 1 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2062 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2066 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2067 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2068 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2069 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2070 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2123 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2124 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2125 2060 0 10:49 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2148 2060 0 10:50 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
apache 2149 2060 0 10:50 ? 00:00:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D PHP5 -d /usr/lib/apache2 -f /etc/apache2/httpd.conf -k start
Stracing the parent (root) process displays this repeatedly, not sure if it's normal:
# strace -p 2060
Process 2060 attached
select(0, NULL, NULL, NULL, {0, 669445}) = 0 (Timeout)
waitpid(-1, 0xbffb4b6c, WNOHANG|WSTOPPED) = 0
select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
waitpid(-1, 0xbffb4b6c, WNOHANG|WSTOPPED) = 0
select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
waitpid(-1, 0xbffb4b6c, WNOHANG|WSTOPPED) = 0
select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
The fact that SSH also hangs after a couple thousand bytes indicates that I should be looking wider than Apache. What's the next step to diagnose?
It is obvious from the Apache log that your site was the target of typical exploit scripts that just try to bombard the server with requests for known applications looking for vulnerabilities.
This may have led to a compromise - this part is difficult to tell because you haven't detailed what other scripts are running on your machine.
I would suggest running a rootkit analyzer or similar on your server.
Also, this kind of question is better suited for serverfault.com as its not related to programming (what stackoverflow is about) but rather system administration/server management.
To prevent such requests from hitting your server, a WAF (Web Application Firewall) or other proxy is recommended which will throttle and block such requests before they reach your machine.
naxsi is a module for nginx that provides an open source WAF.
I want to restart apache from a bash in linux (OpenSUSE).
I am trying to read the root password from a file (stdin). This is how I do it:
exec < /opt/otrsadm/stdin
read a1
sudo apache2ctl -k graceful
echo $a1
I get this in my log:
[Mon Sep 12 23:23:12 2011] [error] [client 192.168.1.101] Restarting apache
[Mon Sep 12 23:23:13 2011] [error] [client 192.168.1.101] sudo
[Mon Sep 12 23:23:13 2011] [error] [client 192.168.1.101] :
[Mon Sep 12 23:23:13 2011] [error] [client 192.168.1.101] no tty present and no askpass program specified
What's my problem and how do I fix it?
The sudo -S option reads the password from stdin.
The -S (stdin) option causes sudo to read the password from the
standard input instead of the terminal device.
echo "password" | sudo -S apache2ctl -l graceful