Archive

Archives pour 04/2020

HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples

28/04/2020 Comments off

Managing log files effectively is an essential task for Linux sysadmin.

In this article, let us discuss how to perform following log file operations using UNIX logrotateutility.

  • Rotate the log file when file size reaches a specific size
  • Continue to write the log information to the newly created file after rotating the old log file
  • Compress the rotated log files
  • Specify compression option for the rotated log files
  • Rotate the old log files with the date in the filename
  • Execute custom shell scripts immediately after log rotation
  • Remove older rotated log files

1. Logrotate Configuration files

Following are the key files that you should be aware of for logrotate to work properly.

/usr/sbin/logrotate – The logrotate command itself.

/etc/cron.daily/logrotate – This shell script executes the logrotate command everyday.

$ cat /etc/cron.daily/logrotate
#!/bin/sh

/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

/etc/logrotate.conf – Log rotation configuration for all the log files are specified in this file.

 

$ cat /etc/logrotate.conf
weekly
rotate 4
create
include /etc/logrotate.d
/var/log/wtmp {
    monthly
    minsize 1M
    create 0664 root utmp
    rotate 1
}

/etc/logrotate.d – When individual packages are installed on the system, they drop the log rotation configuration information in this directory. For example, yum log rotate configuration information is shown below.

$ cat /etc/logrotate.d/yum
/var/log/yum.log {
    missingok
    notifempty
    size 30k
    yearly
    create 0600 root root
}

2. Logrotate size option: Rotate the log file when file size reaches a specific limit

If you want to rotate a log file (for example, /tmp/output.log) for every 1KB, create the logrotate.conf as shown below.

$ cat logrotate.conf
/tmp/output.log {
        size 1k
        create 700 bala bala
        rotate 4
}

This logrotate configuration has following three options:

  • size 1k – logrotate runs only if the filesize is equal to (or greater than) this size.
  • create – rotate the original file and create the new file with specified permission, user and group.
  • rotate – limits the number of log file rotation. So, this would keep only the recent 4 rotated log files.

Before the logrotation, following is the size of the output.log:

$ ls -l /tmp/output.log
-rw-r--r-- 1 bala bala 25868 2010-06-09 21:19 /tmp/output.log

Now, run the logrotate command as shown below. Option -s specifies the filename to write the logrotate status.

$ logrotate -s /var/log/logstatus logrotate.conf

Note : whenever you need of log rotation for some files, prepare the logrotate configuration and run the logroate command manually.
After the logrotation, following is the size of the output.log:

$ ls -l /tmp/output*
-rw-r--r--  1 bala bala 25868 2010-06-09 21:20 output.log.1
-rwx------ 1 bala bala        0 2010-06-09 21:20 output.log

Eventually this will keep following setup of rotated log files.

  • output.log.4.
  • output.log.3
  • output.log.2
  • output.log.1
  • output.log

Please remember that after the log rotation, the log file corresponds to the service would still point to rotated file (output.log.1) and keeps on writing in it. You can use the above method, if you want to rotate the apache access_log or error_log every 5 MB.

Ideally, you should modify the /etc/logrotate.conf to specify the logrotate information for a specific log file.

Also, if you are having huge log files, you can use: 10 Awesome Examples for Viewing Huge Log Files in Unix

3. Logrotate copytruncate option: Continue to write the log information in the newly created file after rotating the old log file.

$ cat logrotate.conf
/tmp/output.log {
         size 1k
         copytruncate
         rotate 4
}

copytruncate instruct logrotate to creates the copy of the original file (i.e rotate the original log file) and truncates the original file to zero byte size. This helps the respective service that belongs to that log file can write to the proper file.

While manipulating log files, you might find the sed substitutesed delete tips helpful.

4. Logrotate compress option: Compress the rotated log files

If you use the compress option as shown below, the rotated files will be compressed with gzip utility.

$ cat logrotate.conf
/tmp/output.log {
        size 1k
        copytruncate
        create 700 bala bala
        rotate 4
        compress
}

Output of compressed log file:

$ ls /tmp/output*
output.log.1.gz output.log

5. Logrotate dateext option: Rotate the old log file with date in the log filename

$ cat logrotate.conf
/tmp/output.log {
        size 1k
        copytruncate
        create 700 bala bala
        dateext
        rotate 4
        compress
}

After the above configuration, you’ll notice the date in the rotated log file as shown below.

$ ls -lrt /tmp/output*
-rw-r--r--  1 bala bala 8980 2010-06-09 22:10 output.log-20100609.gz
-rwxrwxrwx 1 bala bala     0 2010-06-09 22:11 output.log

This would work only once in a day. Because when it tries to rotate next time on the same day, earlier rotated file will be having the same filename. So, the logrotate wont be successful after the first run on the same day.

Typically you might use tail -f to view the output of the log file in realtime. You can even combine multiple tail -f output and display it on single terminal.

6. Logrotate monthly, daily, weekly option: Rotate the log file weekly/daily/monthly

For doing the rotation monthly once,

$ cat logrotate.conf
/tmp/output.log {
        monthly
        copytruncate
        rotate 4
        compress
}

Add the weekly keyword as shown below for weekly log rotation.

$ cat logrotate.conf
/tmp/output.log {
        weekly
        copytruncate
        rotate 4
        compress
}

Add the daily keyword as shown below for every day log rotation. You can also rotate logs hourly.

$ cat logrotate.conf
/tmp/output.log {
        daily
        copytruncate
        rotate 4
        compress
}

7. Logrotate postrotate endscript option: Run custom shell scripts immediately after log rotation

Logrotate allows you to run your own custom shell scripts after it completes the log file rotation. The following configuration indicates that it will execute myscript.sh after the logrotation.

$ cat logrotate.conf
/tmp/output.log {
        size 1k
        copytruncate
        rotate 4
        compress
        postrotate
               /home/bala/myscript.sh
        endscript
}

8. Logrotate maxage option: Remove older rotated log files

Logrotate automatically removes the rotated files after a specific number of days.  The following example indicates that the rotated log files would be removed after 100 days.

$ cat logrotate.conf
/tmp/output.log {
        size 1k
        copytruncate
        rotate 4
        compress
        maxage 100
}

9. Logrotate missingok option: Dont return error if the log file is missing

You can ignore the error message when the actual file is not available by using this option as shown below.

$ cat logrotate.conf
/tmp/output.log {
        size 1k
        copytruncate
        rotate 4
        compress
        missingok
}

10. Logrotate compresscmd and compressext option: Sspecify compression command for the log file rotation

$ cat logrotate.conf
/tmp/output.log {
        size 1k
        copytruncate
        create
        compress
        compresscmd /bin/bzip2
        compressext .bz2
        rotate 4
}

Following compression options are specified above:

  • compress – Indicates that compression should be done.
  • compresscmd – Specify what type of compression command should be used. For example: /bin/bzip2
  • compressext – Specify the extension on the rotated log file. Without this option, the rotated file would have the default extension as .gz. So, if you use bzip2 compressioncmd, specify the extension as .bz2 as shown in the above example.
 
Categories: Système, Tutoriel Tags:

How can I find out if a specific program is installed?

27/04/2020 Comments off

there’s always apt-cache policy <package-name> (no sudo needed).

Not installed:

olivier@neews:/$ apt-cache policy gnuift
 gnuift:
   Installed: (none)
   Candidate: 0.1.14-11
   Version table:
      0.1.14-11 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric/universe amd64 Packages

Installed:

olivier@neews:/$ apt-cache policy firefox
 firefox:
   Installed: 8.0+build1-0ubuntu0.11.10.3
   Candidate: 8.0+build1-0ubuntu0.11.10.3
   Version table:
  *** 8.0+build1-0ubuntu0.11.10.3 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages
         500 http://archive.ubuntu.com/ubuntu/ oneiric-security/main amd64 Packages
         100 /var/lib/dpkg/status
      7.0.1+build1+nobinonly-0ubuntu2 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages

Or dpkg: dpkg -l | grep -E '^ii' | grep <package name>. When it’s not installed it won’t show output. When it is, it’ll show something like:

olivier@neews:~$ dpkg -l | grep -E '^ii' | grep firefox
 ii  firefox                                                     8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla
 ii  firefox-branding                                            8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla - transitional package
 ii  firefox-globalmenu                                          8.0+build1-0ubuntu0.11.10.3                            Unity appmenu integration for Firefox
 ii  firefox-gnome-support                                       8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla - GNOME support
 ii  firefox-locale-en                                           8.0+build1-0ubuntu0.11.10.3                            English language pack for Firefox
It's obviously a fuzzier search but handy if you're not sure which package you're looking for.
 
 For manually installed things...
 
 A bit harder but if they're on the current path, you could just run them. That's a bit of mission so I'd rather just run:
 
 oli@bert:/$ which chromium-browser
 /usr/bin/chromium-browser

And:

oli@bert:/$ which gnuift
# returns nothing

Which is better?

That depends on the sanity of user. There’s nothing to stop somebody installing something called chromium-browser that isn’t Chromium. They could even package it up incorrectly and install that. Neither method can be 100% certain.

But assuming the owner is sane – packages should be good enough for most people.

Categories: Système Tags: , , ,

How do I replicate installed package selections from one Debian system to another? (Debian Wheezy)

27/04/2020 Comments off

To clone a Debian installation, use the apt-clone utility. It’s available (as a separate package, not part of the default installation) in Debian since wheezy and in Ubuntu since 12.04. On the existing machine, run

apt-clone clone foo

This creates a file foo.apt-clone.tar.gz. Copy it to the destination machine, and run

apt-get install apt-clone
apt-clone restore foo.apt-clone.tar.gz

If you’re working with an old system where apt-clone isn’t available, or if you just want to replicate the list of installed packages but not any configuration file, here are the manual steps.

  • On the source machine:
cat /etc/apt/sources.list /etc/apt/sources.list.d >sources.list
pkg --get-selections >selections.list
apt-mark auto >auto.list
  • On the target machine:
cp sources.list /etc/apt/
apt-get update
/usr/lib/dpkg/methods/apt/update /var/lib/dpkg/
dpkg --set-selections <selections.list
apt-get dselect-upgrade
xargs apt-mark auto <auto.list

I believe that you’re affected by an incompatible change in dpkg that first made it into wheezy. See bug #703092 for background.

The short story is that dpkg --set-selections now only accepts package names that are present in the file /var/lib/dpkg/status or /var/lib/dpkg/available. If you only use APT to manage packages, like most people, then /var/lib/dpkg/available is not kept up-to-date.

After running apt-get update and before running dpkg --set-selections and apt-get -u dselect-upgrade, run the following command:

apt-cache dumpavail >/tmp/apt.avail
dpkg --merge-avail /tmp/apt.avail

From jessie onwards, you can simplify this to

apt-cache dumpavail | dpkg --merge-avail

Alternatively, run

/usr/lib/dpkg/methods/apt/update /var/lib/dpkg/

or even simpler

apt-get install dctrl-tools
sync-available

Another simple method that doesn’t require installing an additional package but will download the package lists again is

dselect update

See the dpkg FAQ for more information. (This is mentioned in the dpkg man page, but more in a way that would remind you of the issue if you were already aware, not in a way that explains how to solve the problem!)

Note that cloning a package installation with dpkg --set-selections doesn’t restore the automatic/manual mark in APT. See Restoring all data and dependencies from dpkg –set-selections ‘*’ for more details. You can save the marks on the source system with

apt-mark showauto >auto.list

and restore them on the target system with

xargs apt-mark auto <auto.list
Categories: Système Tags: , ,

Faille de sécurité : MySQL peut donner les privilèges root à des hackers

26/04/2020 Comments off

Et il n’y a toujours pas de correctif

mysql hackMySQL fait partie des systèmes de gestion de bases de données les plus utilisés du monde, que ça soit par le grand public ou par les professionnels. De nombreuses entreprises comme Google, Facebook, Yahoo, YouTube, Adobe, l’utilisent encore pour gagner du temps et faire tourner leurs larges sites web, malgré l’émergence et la montée en puissance de nouvelles solutions, notamment les systèmes de gestion de bases de données NoSQL. MySQL est également plébiscité par les petites entreprises en raison de son prix d’implantation nettement inférieur, qui fait de ce système une solution simple et peu onéreuse à mettre en œuvre pour des applications non critiques.

Le chercheur de sécurité polonais Dawid Golunsku a dévoilé deux vulnérabilités dans MySQL, compromettant la sécurité des serveurs. Le chercheur a détaillé l’une des failles de sécurité et a décrit sa méthode d’exploitation. Oracle n’a toujours pas corrigé les deux vulnérabilités, malgré le fait qu’elles ont été signalées il y a plus de quarante jours.

La première vulnérabilité affecte « tous les serveurs MySQL en configuration par défaut dans toutes les versions de MySQL (5.7, 5.6 et 5.5), dont les dernières versions ». Les variantes liées à MySQL, MariaDB et PerconaDB, n’ont pas été épargnées par cette vulnérabilité, néanmoins, des correctifs leur ont été appliqués.

« Une exploitation réussie [de la vulnérabilité CVE-2016-6662] permettrait à un attaquant d’exécuter du code arbitraire avec les privilèges root, ce qui lui permettrait de compromettre entièrement le serveur », explique le chercheur. La faille CVE-2016-6662 peut être exploitée si un hacker a accès à une connexion authentifiée à une base de données MySQL (à travers une connexion réseau ou une interface web comme phpMyAdmin) ou une injection SQL, même avec les modules SELinux et AppArmor installés. Les attaquants peuvent injecter des réglages malicieux dans les fichiers de configuration MySQL, my.cnf, le but étant d’acquérir l’accès root et d’exécuter un code malicieux additionnel. Cette vulnérabilité fait surface 13 ans après qu’un correctif avait été déployé pour remédier à un problème similaire.

Le chercheur a révélé également l’existence d’une seconde faille, néanmoins il n’est pas entré en détail sur la méthode de son exploitation. « Il est à noter que des attaquants peuvent utiliser l’une des autres failles découvertes par l’auteur de ce bulletin, auquel a été assigné l’identifiant CVE CVE-2016-6663 et est en attente de publication. Cette faille facilite la création d’un fichier /var/lib/mysql/my.cnf au contenu arbitraire, sans besoin du privilège FILE ».

Oracle n’a toujours pas adressé officiellement ces vulnérabilités, même si un correctif de sécurité a été publié il y a quelques jours, afin de limiter le risque. Il parait qu’Oracle a secrètement corrigé quelques bogues révélés par Golunski, en limitant les emplacements valides pour charger une bibliothèque au démarrage du service incriminé et en empêchant la génération des fichiers de configuration .ini ou .cnf par la base de données. Même avec ce correctif (MySQL 5.6.33, 5.7.15 et 5.5.52 ?) , le risque reste élevé, surtout avec la persistance d’une deuxième faille non encore détaillée. Si Golunski a révélé l’existence de la vulnérabilité après un mois et demi, avec un prototype limité, c’est pour mettre en garde les utilisateurs afin qu’ils puissent se protéger.

Il faut rappeler que des forks de MySQL, comme par exemple MariaDB et PerconaDB, ont été aussi notifiés de l’existence de la vulnérabilité, et ont déjà pu déployer des correctifs pour corriger les deux failles.

Source : Legalhackers

What To Do When You Are Locked Out of WordPress Admin (wp-admin)

26/04/2020 Comments off

Locked-Out-of-WordPress-AdminThis past weekend, we had a user who was locked out of WordPress Admin panel of their site. While we had written numerous articles covering each specific issue, we realized that we should combine all of them at one place to make it easier for others. In this article, we will show you what to do when you are locked out of WordPress Admin (wp-admin), so you can regain access to your site.

There are few reasons why you could be locked out of WordPress admin, so let’s take a look at each of them one by one. Hopefully through this process of elimination, you will be able to figure out the solution for your problem.

Error Establishing Database Connection

Are you seeing this error on your entire site? The reason why you get this error is because WordPress is unable to establish a database connection. This could happen for various reasons. It could happen if your database got corrupted for some reason. It could happen if your web hosting server is having some issues. If this is your issue, then please refer to our guide on how to fix the error establishing database connection in WordPress.

White Screen of Death

Are you seeing a white screen on your WordPress admin? This issue is often referred to as the WordPress white screen of death. It usually happen because you exhausted the memory limit. It could be caused by a poorly coded plugin or theme. It could also be caused by unreliable web hosting. If you are seeing this error, then please refer to our guide on how to Fix the WordPress white screen of death.

Incorrect Password Issue

Sometimes, even when you are typing the correct username and password combination, you won’t be able to login. When you try to reset your password, you never receive the email. This can happen if you were a victim of a hack. We would recommend that you reset your WordPress password from phpMyAdmin.

This method can be a bit overwhelming for new users, but this is your best bet.

Lost Admin Privileges

Sometimes, you may be able to login to your WordPress admin, but you don’t see any of the admin functionality. For example, no plugins, no themes etc. This could happen if your user permissions were modified. Often this happen due to a hack. Hackers would infect your site, and then delete your admin privileges. In this case, you should add an admin user to the WordPress database via MySQL (phpMyAdmin).

PHP Errors (i.e Syntax error, unexpected function etc)

These PHP errors usually happen when you are pasting the code from a website. Often beginners use the built-in WordPress editor from their dashboard. While that feature is pretty handy, but if you don’t know what you are doing, then it can be a disaster. If you pasted a code from a website which locked you out of your WordPress admin, then the first thing you need to do is take a deep breath. Now the only way to fix this issue is using a FTP program (How to use FTP). Once you have installed the FTP program, login to your site. Go to the theme file that you modified. Most likely it was the functions.php file. Now get rid of the code that you added in there. Re-upload the file, and you should be good to go.

Before you go on the site and comment “this code broke my website”, please refer to our beginner’s guide to pasting snippets from the web into WordPress. This is just to prevent you from looking like a fool on the web. Often its hard to admit that the mistake might be yours, so make sure of that first before you point the finger at someone else.

Hopefully after going through all of these possible scenario’s, you have already fixed your site. If one of these solutions helped fix your issue, then please let us know in the comments. If you have a solution that is not mentioned in this article, then please share it in the comments as well.

 

Source: wpbeginner.com

Categories: Logiciel Tags: