Author: tadmin

Drupal7 error 403 forbidden after log in from plain HTTP /user/login form

~ tadmin

When I have set such settings in file sites/default/settings.php on one of my Drupal7 websites:

$base_url = 'https://shkodenko.com';  // NO trailing slash!
$conf['https'] = TRUE;

Users, after log in (if logged in from plain HTTP /user/login form) has started to see 403 forbidden error.
To fix it I have added such rules to main .htaccess file:

# Force SSL for user login
RewriteCond %{REQUEST_URI} ^/user/login
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]

This has fixed the issue.

Linux Plesk PHP error: open_basedir restriction in effect

~ tadmin

What is open_basedir ?

The open_basedir function defines the locations or paths from which PHP is allowed to access files using functions like fopen() , gzopen() , etc. If a file is outside of the paths defined by open_basdir setting, PHP will refuse to open it. You can’t use a symbolic link as a workaround, because the path that the symbolic link resolves to falls under the restrictions of the open_basedir function.

Note: The open_basedir restrictions can be turned off in the Apache configuration file e.g. httpd.conf, with the following lines:

<IfModule sapi_apache2.c>
php_admin_value open_basedir none
</IfModule>

If you have problems with Plesk control panel with virtual hosts on Linux servers if PHP error occured: open_basedir restriction in effect
you can create custom configuration file for virtual host to change default php_admin_value open_basedir value as shown in example below:

# more /var/www/vhosts/shkodenko.com/conf/vhost.conf

<Directory /var/www/vhosts/shkodenko.com/httpdocs>
<IfModule sapi_apache2.c>
# php_admin_value open_basedir none
php_admin_value open_basedir “/var/www/vhosts/shkodenko.com/application:/var/www/vhosts/shkodenko.com/cache:/var/www/vhosts/shkodenko.com/httpdocs:/var/www/vhosts/shkodenko.com/library:/var/www/vhosts/shkodenko.com/tests”
</IfModule>
<IfModule mod_php5.c>
# php_admin_value open_basedir none
php_admin_value open_basedir “/var/www/vhosts/shkodenko.com/application:/var/www/vhosts/shkodenko.com/cache:/var/www/vhosts/shkodenko.com/httpdocs:/var/www/vhosts/shkodenko.com/library:/var/www/vhosts/shkodenko.com/tests”
</IfModule>
</Directory>
#

To check web server Apache configuration run command:

# /sbin/service httpd configtest

To add your custom virtual host configuration file /var/www/vhosts/shkodenko.com/conf/vhost.conf run command:

# /usr/local/psa/admin/sbin/httpdmng --reconfigure-domain shkodenko.com

To check if web server Apache configuration is OK run:

# /sbin/service httpd configtest

To restart web server Apache run:

# /sbin/service httpd graceful

Useful alias to backup and edit configuration file automatically

~ tadmin

I’m using vim editor.

I have found useful alias to backup and edit configuration file automatically.
It can be added it to your ~/.bashrc

# User specific aliases and functions

conf() { [ "$1" != "" ] && cp -fvp "$1" "$1"-`date +%Y-%m-%d-%H-%M`.bak; vim "$1"; }

To apply newly created alias without restarting run:

# . ~/.bashrc

Usage example:

# conf /etc/httpd/conf/httpd.conf

It will create copy of /etc/httpd/conf/httpd.conf configuration file using pattern: /etc/httpd/conf/httpd.conf-YYYY-MM-DD.bak

To view your configuration changes you can run command:

# diff -Nau /etc/httpd/conf/httpd.conf-YYYY-MM-DD-HH-MM.bak /etc/httpd/conf/httpd.conf

Node Version Manager for Node.JS

~ tadmin

If you need to install particular version of Node.JS (for example 0.10.12) wonderful Node Version Manager package can be used.

Automatic installation

# curl https://raw.github.com/creationix/nvm/master/install.sh | sh
or
# wget -qO- https://raw.github.com/creationix/nvm/master/install.sh | sh

# nvm install v0.10.12
# nvm alias default 0.10.12
# node --version

Now, any Node.JS version can be installed and selected as default in system.

Install Node.JS with packages on CentOS, Fedora or any Redhat distros

~ tadmin

I have started to develop using Node.JS on one of my projects.
To prepare Linux development server (on Fedora release 18 (Spherical Cow) as example) the following system packages has been installed (for my development purposes).
As root user:

 
# yum -y install 1:v8-3.14.5.10-2.fc18.x86_64 http-parser-2.0-3.20121128gitcd01361.fc18.x86_64 1:libuv-0.10.18-1.fc18.x86_64 nodejs-0.10.21-1.fc18.x86_64 nodejs-packaging-4-1.fc18.noarch 1:libuv-devel-0.10.18-1.fc18.x86_64 http-parser-devel-2.0-3.20121128gitcd01361.fc18.x86_64 1:v8-devel-3.14.5.10-2.fc18.x86_64 c-ares-devel-1.9.1-2.fc18.x86_64 nodejs-devel-0.10.21-1.fc18.x86_64 nodejs-inherits-2.0.0-4.fc18.noarch nodejs-hoek-0.9.1-1.fc18.noarch nodejs-boom-0.4.2-2.fc18.noarch nodejs-mkdirp-0.3.5-3.fc18.noarch nodejs-mime-1.2.11-1.fc18.noarch nodejs-graceful-fs-2.0.0-2.fc18.noarch nodejs-rimraf-2.2.2-1.fc18.noarch nodejs-fstream-0.1.24-1.fc18.noarch nodejs-cryptiles-0.2.2-1.fc18.noarch nodejs-sntp-0.2.4-1.fc18.noarch nodejs-hawk-1.0.0-1.fc18.noarch nodejs-block-stream-0.0.7-1.fc18.noarch nodejs-tar-0.1.18-1.fc18.noarch nodejs-aws-sign-0.3.0-1.fc18.noarch nodejs-qs-0.6.5-3.fc18.noarch nodejs-asn1-0.1.11-3.fc18.noarch nodejs-abbrev-1.0.4-6.fc18.noarch nodejs-nopt-2.1.2-1.fc18.noarch nodejs-tunnel-agent-0.3.0-1.fc18.noarch nodejs-semver-2.1.0-1.fc18.noarch 1:nodejs-cookie-jar-0.3.0-1.fc18.noarch nodejs-assert-plus-0.1.4-1.fc18.noarch nodejs-sigmund-1.0.0-5.fc18.noarch nodejs-osenv-0.0.3-5.fc18.noarch nodejs-which-1.0.5-8.fc18.noarch nodejs-node-uuid-1.4.1-1.fc18.noarch nodejs-lru-cache-2.3.0-3.fc18.noarch nodejs-minimatch-0.2.12-2.fc18.noarch nodejs-glob-3.2.6-1.fc18.noarch nodejs-ctype-0.5.3-3.fc18.noarch nodejs-http-signature-0.10.0-3.fc18.noarch nodejs-json-stringify-safe-5.0.0-1.fc18.noarch nodejs-oauth-sign-0.3.0-1.fc18.noarch nodejs-forever-agent-0.5.0-1.fc18.noarch gyp-0.1-0.10.1617svn.fc18.noarch nodejs-async-0.2.9-2.fc18.noarch nodejs-ansi-0.2.1-1.fc18.noarch nodejs-npmlog-0.0.4-1.fc18.noarch nodejs-delayed-stream-0.0.5-5.fc18.noarch nodejs-combined-stream-0.0.4-3.fc18.noarch nodejs-form-data-0.1.1-1.fc18.noarch nodejs-request-2.25.0-3.fc18.noarch node-gyp-0.10.6-2.fc18.noarch nodejs-proto-list-1.2.2-5.fc18.noarch nodejs-ini-1.1.0-3.fc18.noarch nodejs-config-chain-1.1.7-1.fc18.noarch nodejs-couch-login-0.1.18-1.fc18.noarch nodejs-archy-0.0.2-8.fc18.noarch nodejs-chownr-0.0.1-9.fc18.noarch nodejs-chmodr-0.1.0-4.fc18.noarch nodejs-inherits1-1.0.0-11.fc18.noarch nodejs-slide-1.1.5-1.fc18.noarch nodejs-fstream-ignore-0.0.7-1.fc18.noarch nodejs-once-1.1.1-5.fc18.noarch nodejs-mute-stream-0.0.4-1.fc18.noarch nodejs-read-1.0.5-1.fc18.noarch nodejs-promzard-0.2.0-6.fc18.noarch nodejs-github-url-from-git-1.1.1-2.fc18.noarch nodejs-normalize-package-data-0.2.1-1.fc18.noarch nodejs-read-package-json-1.1.3-1.fc18.noarch nodejs-retry-0.6.0-5.fc18.noarch nodejs-npm-registry-client-0.2.28-1.fc18.noarch nodejs-read-installed-0.2.4-1.fc18.noarch nodejs-init-package-json-0.0.10-1.fc18.noarch nodejs-npmconf-0.1.2-1.fc18.noarch nodejs-fstream-npm-0.1.5-1.fc18.noarch nodejs-uid-number-0.0.3-7.fc18.noarch nodejs-opener-1.3.0-7.fc18.noarch nodejs-lockfile-0.4.2-1.fc18.noarch nodejs-npm-user-validate-0.0.3-1.fc18.noarch nodejs-child-process-close-0.1.1-2.fc18.noarch nodejs-editor-0.0.4-2.fc18.noarch nodejs-sha-1.2.1-1.fc18.noarch nodejs-cmd-shim-1.1.0-3.fc18.noarch npm-1.3.6-4.fc18.noarch libicu-devel-49.1.1-12.fc18.x86_64

As web developer user:

 
# cd /var/www/vhosts/nodejs_app/
# npm install node-stringprep
# whereis node
node: /bin/node /usr/bin/node /usr/include/node /usr/share/node /usr/share/man/man1/node.1.gz

To run Node.JS application:

# /usr/bin/node www/app.js

How to find out Magento version if only files backup available

~ tadmin

If you wish to find out Magento version and only files backup available check file app/Mage.php function getVersionInfo()

    /**
     * Gets the detailed Magento version information
     * @link http://www.magentocommerce.com/blog/new-community-edition-release-process/
     *
     * @return array
     */
    public static function getVersionInfo()
    {
        return array(
            'major'     => '1',
            'minor'     => '4',
            'revision'  => '0',
            'patch'     => '1',
            'stability' => '',
            'number'    => '',
        );
    }

bind named error: zone NS has no address records A or AAAA

~ tadmin

Today I have found bind named error on one of my Linux servers in main server log file /var/log/messages

Aug 12 19:39:53 shkodenko named: zone shkodenko.com/IN: NS 'ns.shkodenko.com' has no address records (A or AAAA)
Aug 12 19:39:53 shkodenko named: zone shkodenko.com/IN: not loaded due to errors.
Aug 12 19:39:53 shkodenko named: _default/shkodenko.com/IN: bad zone

Command to start bind named service:

# /sbin/service named start

has failed with errors listed above.

To fix this error I have added NS and A records to zone file /var/named/chroot/var/shkodenko.com:

shkodenko.com.               IN NS   ns.shkodenko.com.
ns.shkodenko.com.            IN A    217.20.163.193

Also, I have changed zone serial number.
I have started bind named service using command:

# /sbin/service named start

Error messages has disappeared.

PHP Fatal error: Allowed memory size of M bytes exhausted (tried to allocate N bytes) in

~ tadmin

To fix PHP Fatal error: Allowed memory size of M bytes exhausted (tried to allocate N bytes) in /path/to/file.php PHP configuration parameter memory_limit should be changed respectively.

If PHP is runned as module (web server Apache). It can be done in .htaccess configuration file:

# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_value memory_limit 128M
</IfModule>

where 128M – is desired increased value.

Web server Apache should be restarted to apply new configuration parameter using command:

# /sbin/service httpd graceful

PHP values and flags can be customized in .htaccess only if no php_admin_flag or php_admin_value directives are set on virtual host configuration level.

If PHP is runned as CGI (FastCGI) php.ini configuration directive should be changed with desired value.

Fail2ban configuration for ProFTPd with Plesk on RHEL CentOS Fedora Redhat-based Linux

~ tadmin ~ 2 Comments

I am using the following fail2ban configuration for ProFTPd with Plesk on RHEL CentOS Fedora Redhat-based Linux (because default one is not working for me properly).

File /etc/fail2ban/jail.local or /etc/fail2ban/jail.conf if you have not installed fail2ban using yum package manager which will overwrite your custom configuration files each time you update the package.

[proftpd-iptables]

enabled  = true
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, dest=serveradmin@shkodenko.com]
logpath  = /var/log/secure
maxretry = 7

Filter configuration file: /etc/fail2ban/filter.d/proftpd.conf

# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision: 728 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
# failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
#             \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
#             \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
#             \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
#
# default failregex does not work @see http://www.howtoforge.com/forums/showthread.php?t=35089
#

failregex = ^(.)+proftpd(.)+\[<HOST>\](.)*no such user found from (.)* to (.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*USER(.)*Login failed(.)*Incorrect password(.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*SECURITY VIOLATION:(.)*login attempted(.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*Maximum login attempts(.)*exceeded(.)*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

To check new ban regex use command:

# /usr/bin/fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/proftpd.conf

Restarted fail2ban using command:

# /sbin/service fail2ban restart