Month: August 2007

How to upgrade Perl on cPanel Server

How to upgrade Perl on cPanel Server

Introduction – cPanel server is fully implemented in Perl language. Upgrading Perl on cPanel server is risky process. So you should be extremely careful while do this….

** How to find the Perl version on Cpanel server-

root@arunbagul:~# perl -v

This is perl, v5.8.0 built for i386-linux-thread-multi

root@arunbagul:~#

** Download latest version of Perl from cPanel site –

http://layer1.cpanel.net

** Latest version of perl available here

root@arunbagul:~# cd /usr/local/src
root@arunbagul:~#

root@arunbagul:~# wget -c http://layer1.cpanel.net/perl588installer.tar.gz
……..

root@arunbagul:~#

*** Untar the source of Perl –

root@arunbagul:~# tar xvfz perl588installer.tar.gz
…..
……..
root@arunbagul:~#

** Go to perl Folder –

root@arunbagul:~# cd perl588installer
root@arunbagul:~#

** Just run “install“…

root@arunbagul:~# ./install

…..
root@arunbagul:~#

** After Upgrading Perl, Now check the Perl version

root@arunbagul:~# perl -v

This is perl, v5.8.8 built for i686-linux

root@arunbagul:~#

** How to check if all perl modules are properly installed ?

root@arunbagul:~# /scripts/checkperlmodules
…………

root@arunbagul:~#

** Now upgrade cPanel with upcp –

root@arunbagul:~# /scripts/upcp –force

….

root@arunbagul:~#

(wait for more than 30 min?)

That’s it!!

Arun Bagul

How to disabled/enabled access to crontab?

How to disabled/enabled access to crontab?

Introduction – Some one ask me, Is there any way disabled or enabled access to crontab? I replied with answer Yes, there is way to manage access to crontab!!. But Why we need to restrict some one from setting/accessing crontab? Any system/Linux/Unix Admin wants that, only Admin should have full access to System and they should restrict every other users from accessing the Systems fully!! Anyway Let’s see How to do it?

crontab can control/manage access to crontab by using “/etc/cron.allow” and “/etc/cron.deny” files. If /etc/cron.allow file exists, then USER must be listed in this file, in order to allowed to use this command. If the /etc/cron.allow file does not exist but the /etc/cron.deny file does exist, then USER must not be listed in the /etc/cron.deny file in order to use this command. If neither of these files exists then the access to crontab is depends on operating system. If both /etc/cron.allow and /etc/cron.deny files exist, then USER listed in /etc/cron.allow will be allowed to access crontab irrespective of entry in /etc/cron.deny and USER , who are listed in /etc/cron.deny file, will NOT be allowed to access crontab if that USER is not listed in /etc/cron.allow file!

NOTE – By default “/etc/cron.allow” and “/etc/cron.deny” files does not exist on the system. The System Admin can create these files for customizing the System!!

Step(1) Create these two files /etc/cron.allow and /etc/cron.deny on your system – remember you can create both file or any of these two files for managing the access to crontab. It’s depends upon your policy.

root@arunbagul:~# touch /etc/cron.allow /etc/cron.deny
root@arunbagul:~#

Step(2) Make sure that all system users are not allow to use crontab command. As they all are listed in “/etc/cron.deny” file.

root@arunbagul:~# cat /etc/cron.deny
daemon bin sys sync games man lp mail news uucp proxy
www-data backup list irc gnats nobody dhcp syslog klog messagebus hplip
avahi-autoipd avahi haldaemon gdm mysql Debian-exim proftpd ftp subversion
jabber sshd bind zabbix statd ntop
root@arunbagul:~#

Step(3) Check what is there in “/etc/cron.allow” file –

root@arunbagul:~# cat /etc/cron.allow

root@arunbagul:~#

Step(4) Who am I? and Do I have access to crontab ? –

I am logged in as normal user = ‘arun’

arun@arunbagul:/$ who am i
arun pts/1 2007-04-08 15:25 (:0.0)
arun@arunbagul:/$

arun@arunbagul:/$ crontab -l
You (arun) are not allowed to use this program (crontab)
See crontab(1) for more information
arun@arunbagul:/$

arun@arunbagul:/$ crontab -l -u arun
You (arun) are not allowed to use this program (crontab)
See crontab(1) for more information
arun@arunbagul:/$

arun@arunbagul:/$ crontab -e -u arun
You (arun) are not allowed to use this program (crontab)
See crontab(1) for more information
arun@arunbagul:/$

Ooh my god, I can’t use crontab command at all, even I can’t list my crontab. So no question of editing crontab….

Now let’s check whether ‘arun’ user is listed in /etc/cron.deny file or not?

arun@arunbagul:/$ cat /etc/cron.deny | grep “arun”
arun@arunbagul:/$

Oops, user ‘arun‘ is not listed in /etc/cron.deny. Now check whether ‘/etc/cron.allow‘ file exit or not?

NOTE – ‘root’ user has full access crontab command, irrespective of entry in any of /etc/cron.allow and /etc/cron.deny files.

root@arunbagul:~# crontab -l
# m h dom mon dow command
* * * * * /root/update.sh
* * * * 7 /root/weekly.update
root@arunbagul:~#

arun@arunbagul:/$ cat /etc/cron.allow

arun@arunbagul:/$

It’s there? – I have no way to request my System/Linux Admin to add my name in /etc/cron.allow file to access the crontab? In this case I am the Admin!! so I will add ‘arun’ user in /etc/cron.allow file. done!!

root@arunbagul:~# cat /etc/cron.allow
arun
ravi
nishit
root@arunbagul:~#

* I have added few users in /etc/cron.allow file. So that they can access crontab command. so user ‘arun‘ can access crontab command.. check Now!

arun@arunbagul:/$ crontab -l
# m h dom mon dow command
*/3 * * * * /home/arun/download_mail.sh
* 0 * * * /home/arun/update.sh
arun@arunbagul:/$

arun@arunbagul:/$ crontab -l -u arun
# m h dom mon dow command
*/3 * * * * /home/arun/download_mail.sh
* 0 * * * /home/arun/update.sh
arun@arunbagul:/$

I can EDIT my crontab –

arun@arunbagul:/$ crontab -e -u arun
crontab: installing new crontab
arun@arunbagul:/$

arun@arunbagul:/$ crontab -l -u arun
# m h dom mon dow command
*/3 * * * * /home/arun/download_mail.sh
* 0 * * * /home/arun/update.sh
* * * * 7 /home/arun/weekly_update.sh
arun@arunbagul:/$

Thank you,
Arun Bagul

How to installed Internet Explore(IE) on Linux/Unix !!

How to installed Internet Explore(IE) on Linux/Unix !!

Introduction – Why we have to install Internet Explore (IE) on Linux/Unix? Those who are working in web development, they need IE for checking web site compatibility with IE. For checking the site on IE they don’t have separate machine, Infact they don’t need separate PC. Even they want to use Linux only as they can’t migrate to other OS!

Let’s try to install IE –

Step(1) Add repository to download packages and dependency to install IE

root@arunbagul:~# vi /etc/apt/sources.list
root@arunbagul:~#

Add or uncomment (if they exist) following lines in /etc/apt/sources.list file –

 deb http://us.archive.ubuntu.com/ubuntu edgy universe
 deb http://wine.budgetdedicated.com/apt edgy main

root@arunbagul:~# tail /etc/apt/sources.list

………..

## for IE
deb http://us.archive.ubuntu.com/ubuntu edgy universe
deb http://wine.budgetdedicated.com/apt edgy main

root@arunbagul:~#

Note – If you using Ubuntu Dapper, replace edgy with dapper and Ubuntu Feisty users, replace edgy with feisty , while adding repository in /etc/apt/sources.list file.

Step(2) Now update your Debian/Ubuntu system and install Wine package –


root@arunbagul:~# apt-get  update
......
...........
root@arunbagul:~#

root@arunbagul:~# apt-get install wine cabextract
Reading package lists... Done
Building dependency tree
Reading state information... Done
After unpacking 106MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
.........
root@arunbagul:~#

NOTE- Cabextract is a program which unpacks Microsoft windows cabinet (.cab) files. This cabinet files are used by Microsoft windows for archiving software packages.

What is Wine ? – Wine is the open source software, which provides “Windows compatibility layer for Linux“. Wine does not require MS Windows, but it can use native system dll files in place of its own if they are available. This package includes a program loader, which allows unmodified Windows binaries to run under compatible hardware. This package also includes the library that implements the Wine project’s free version of the Windows API, allowing successful running of programs ported directly from Windows.

Step(3) Download IE4 for Linux and install –

root@arunbagul:~# wget http://www.tatanka.com.br/ies4linux/downloads/ies4linux-latest.tar.gz
......
root@arunbagul:~#
root@arunbagul:~#tar zxvf ies4linux-latest.tar.gz
.....
root@arunbagul:~#
root@arunbagul:~# cd ies4linux-2.99.0.1/
root@arunbagul:~#
root@arunbagul:~#sh ies4linux
.......
root@arunbagul:~#

Cheers!! enjoy IE4 on Linux…

Thank you,

Arun Bagul

GreenSQL – Open Source Database Firewall

GreenSQL – Open Source Database Firewall

What is GreenSQL?

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works in a proxy mode and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.

How it works?

The GreenSQL database firewall provides database protection using a number of methods:

  • Blocking administrative and sensitive SQL commands.
  • Calculating risk of each query and blocking queries with high risk.

1) Blocking specific SQL commands

GreenSQL uses a pattern matching engine to find commands that are considered “illegal“. For example GreenSQL blocks database administrative commands. The GreenSQL administrator can decide which commands to block using the GreenSQL web management console. The administrator can also approve a blocked query by adding them to a whitelist.
Risk Calculation

For each query GreenSQL calculates its risk. After the risk is calculated GreenSQL can block the query or just create a warning message. There are a number of factors that are taken into account when calculating risk. For example:

* Access to sensitive tables increases risk query (users, accounts, credit information)
* Comments inside SQL commands increases query risk
* Usage of an empty password string
* Found ‘or’ token inside query
* Found SQL expression that always return true
* Comparison of constant values

How commands are blocked?

When GreenSQL determines that a query should be blocked it will generate an empty result set to send back to the front end so that the application can continue gracefully.
How Whitelist works?

Each time GreenSQL considers a SQL query as a security risk – it is blocked. You can alter this behavior for a specific query by explicitly allowing its pattern.
What is a GreenSQL Listener?

A GreenSQL Listener object is the heart of the GreenSQL Databae Firewall. A Listener is a proxy object used to connect queries from the frontend to a specific backend server. Before passing the query to the backend it is checked by the Listener to determine if it is malicious and if so how it should be handled (block, alert, pass).


GreenSQL

Thank you,
Arun Bagul