Duplicated uid’s causing quotas issues on Ensim

I’ve found some interesting error on some Ensim servers, some users having issues with their quotas and if you remove it and add it again you get the same quota issues. So, after a few minutes I noticed that the users UID’s with issues were duplicated on other sites and that’s a BIG problem.

Ensim uses a postgres database called “appldb” and a table inside “free_uids” (with fields ‘uid’, ‘site_id’) where it stores UID’s and their relation with site’s numbers, so when a user is deleted the field “site_id” is set to nothing and becomes available for the next user.

I did a small/dirty php script in 10 minutes, it’s very simple but effective. It checks if some UID is duplicated. Check the source:

* Create a file somewhere called “check_uids.php”
* Open it and paste the following code:

#!/usr/bin/php -q
<?
echo "Checking your system for duplicated id's...n";
$lines = explode("n",`/bin/cat /home/virtual/site*/fst/etc/passwd`);
if (!is_array($lines)) die("No duplicated UID's found!");
foreach($lines as $k =--> $v) {
        $parts = explode(":",$v);
        if ($parts[2] < 22000) continue;
        if ($uids[$parts[2]]) { $uids[$parts[2]] .= ",$parts[3]"; $winners[$parts[2]] = true; }
        else $uids[$parts[2]] = $parts[3];
}
if (!is_array($winners)) { echo "Your system has no duplicated entries :)n"; exit; }
foreach ($winners as $k => $v) echo "Duplicated UID : $k on GID's: ".$uids[$k]."n";
?>

* chmod +x check_uids.php
* execute it: ./check_uids.php

If you see a “Duplicated UID…..” then that means you have the same issue I had.

How can I solve that issue?
I’ve found a primitive way to do it, if you have a better one let me know πŸ™‚

* Case: UID 220001 is in group 503 (site1) and 504 (site2)
* BACKUP ALL YOUR INFORMATION!
* Go to site2 and remove the user with the UID (normally you can find the username at /home/virtual/site1/fst/etc/passwd)
* Browse your pgsql, appldb -> free_uids and search for the UID at the field “uid” (if you are not a pgsql geek get the latest webmin, install it and have fun)
* Edit the pgsql “site_id” field (which should be empty) and put the value “1” (which corresponds to the site1)
* Add the user from the site2 again
* Run the script again, if you are lucky you are out of danger πŸ˜‰

NOTE: In the worse scenario I’ve seen the same UID on 5 different groups… that’d need an extra coffee πŸ˜‰

Add/Remove multiple DNS zones for Ensim 4.x

I wrote this small script a few years ago (2005). This script allows you to add/delete 1 or more DNS zones and trust me, when you need to add 300 domains to your Ensim box you’ll come back to thank me πŸ˜›

Basicly, the script asks you for 2 options:

What do you want to do?
[1] Add zone(s)
[2] Delete zone(s)

Then, you’ll need to write the domain(s) separated by spaces and also the IP address and that’s all. By default it uses Ensim’s DNS zone template but you can change it to whatever you want.

File: mdns.php

#!/usr/bin/php -q
<?
// This settings should be OK!
// Add more if you need ;)
define('DEBUG',true); // make it 'false' if you want to see it work
define('DPATH','/usr/lib/opcenter/bind/');
define('ADD',DPATH.'add_zone');
define('REM',DPATH.'remove_zone');
define('AA',DPATH.'add_a');
define('AMX',DPATH.'add_mx');

main_menu();

function main_menu() {
?-->
What do you want to do?
[1] Add zone(s)
[2] Delete zone(s)
Option: \n");
		get_line();
		main_menu();
		return;
	}
	foreach ($domains as $k => $v) {
		print_out("\nAdding Zone $v ...\n");
		ecmd(ADD." -f ".$v);
		print_out("\nAdding A (www,ftp,mail) and MX records ...\n");
		ecmd(AA." -u $v $ip");
		ecmd(AA." -z $v www $ip");
		ecmd(AA." -z $v ftp $ip");
		ecmd(AA." -z $v mail $ip");
		ecmd(AMX." $v mail.".$v." 10");
	}
}

function rem_domains($domains=array()) {
	if (!$domains[0]) {
		print_out("\nThere are no domain(s), please start again \n");
		get_line();
		main_menu();
		return;
	}
	foreach ($domains as $k => $v) {
		print_out("\nRemoving Zone $v ...\n");
		ecmd(REM." ".$v);
	}
}

function ecmd($cmd="") {
	if (!$cmd) {
		echo "Nothing to execute!\n";
		return;
	}
	$cmd = escapeshellcmd($cmd);
	print_out("\t$cmd\n");
	if (!DEBUG) {
		$out = `$cmd 2>&1`;
	}
}

function option_domains() {
	print_out("\nEnter domain or domains separated by spaces or comas:\n");
	$line = get_line();
	$domains = preg_split('/\s+|,/',$line,-1,PREG_SPLIT_NO_EMPTY);
	if (!$domains[0]) {
		print_out("\nYou need to enter at least one domain name, press any key to continue...");
		get_line();
		main_menu();
	}
	print_out("\nCheck your information submitted: ");
	$i = 1;
	foreach ($domains as $k => $v) {
		echo "($i)$v ";
		$i++;
	}
	print_out("\n");
	return $domains;
}

function option_ip() {
	print_out("\nEnter the IP: ");
	$line = get_line();
	if (!$line) {
		print_out("\nYou need to enter an IP, press any key to continue...");
		get_line();
		main_menu();
	}
	print_out("\nCheck your information submitted: $line\n");
	return $line;
}

function option_confirm($info="") {
	print_out("\nIs this information correct?\n$info\n");
	print_out("Type 'return' to start over again, 'exit' to quit this application or any other key to continue...");
	$line = get_line();
	if (preg_match('/return/i',$line)) main_menu();
	elseif (preg_match('/exit|quit|bye/i',$line)) exit;
	else return;
}

function print_out($line="") {
	if (!$line) return;
	echo "$line";
}

function get_line() {
	$fh = fopen("php://stdin","r");
	$stdin = trim(fgets($fh));
	fclose($fh);
	return $stdin;
}
?>

Install Moodle on Ensim

This tutorial will cover Moodle’s 1.9.2 installation on a server running Ensim 4.x – 10.x / PHP5 / MySQL 4.1 – 5.2 (as root)

“Moodle is a course management system (CMS) – a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities.” For more info go to Moodle’s official website.

1. First check your server meets the specifications listed. You will need additional packages and can be found here.

2. wget http://download.moodle.org/stable19/moodle-1.9.2.tgz on /home/virtual/siteX/fst/var/www/html/

3. tar zxf moodle-1.9.2.tgz

4. chown -R adminX:adminX moodle

5. mkdir ../moodledata

6. chown -R apache:apache ../moodledata

7. Create a MySQL database for moodle. I.E. domain_com_moodle

8. Go to http://www.domain.com/moodle/install.php , select your language installation and ***WAIT***, check what it’s needed. Everything will look fine and you should only see 2 warnings about PHP low file uploads limit and PHP safe mode.

pico or vi /etc/php.ini and verify the following values are set like this:

safe_mode = Off
safe_mode_gid = Off
memory_limit = 24M  ; Let moodle suck some memory;)
upload_max_filesize = 16M  ; 8M is the default however is kinda small, set it to whatever you might need

* If you don’t want to mess with global values then edit the php.ini located at /home/virtual/siteX/fst/etc/php.ini

9. Restart HTTPD: service httpd restart

10. Refresh the page http://www.domain.com/moodle/install.php and check everything is fine. If you still see the Safe Mode warning then edit /etc/httpd/conf/httpd20_app.conf and find the line “php_admin_flag safe_mode on”, change it to “php_admin_flag safe_mode off” and restart HTTPD again.

11. Refresh the page http://www.domain.com/moodle/install.php and EVERYTHING now should be fine, if not please go back to http://docs.moodle.org/en/Installing_Moodle and dig more.

12. Now you can continue with the installation process. It should go smooth and it will ask you to copy the config file because the script has no access to write. Just copy the text, create a file “config.php” on the moodle directory and chown adminX:adminX config.php , continue with installation.

13. Once installation is done you can go to http://www.domain.com/moodle and login as admin with password admin, get inside ASAP and change the login and admin password πŸ™‚

Now your Moodle is up and running, have fun!

* For some users this mini-howto can be silly but still Ensim makes some applications hard to install because of it’s nature.
* If something goes wrong, don’t blame me, this is only an un-official guide.

Happy Moodlin’ πŸ™‚

Easy RRDtool Install (1.2.27)

As you should know RRDtool is the OpenSource industry standard, high performance data logging and graphing system for time series data. Use it to write your custom monitoring shell scripts or create whole applications using its Perl, Python, Ruby, TCL or PHP bindings.

This post will guide you to setup RRDtool 1.2.27 on your Linux server without pain πŸ˜‰ I have tested this configuration on CentOS 4,5, RHEL 3,4

Before you start make sure you install the following apps:

  • libart_lgpl-2.3.16-3
  • libart_lgpl-devel-2.3.16-3
  • zlib-1.2.1.2-1.2
  • zlib-devel-1.2.1.2-1.2
  • freetype-2.1.9-6.el4
  • freetype-devel-2.1.9-6.el4
  • libpng-1.2.7-3.el4_5.1
  • libpng-devel-1.2.7-3.el4_5.1

Use the power of yum to get them on your system… if you ran into trouble then you shouldn’t continue unless you get someone to fix your mess πŸ˜›

Now, you need to download and install RRDtool

cd /usr/local/src
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.2.27.tar.gz
tar -zxf rrdtool-1.2.27.tar.gz
cd rrdtool-1.2.27
./configure --disable-tcl
# if you get an error while configuring make sure you read
# what caused that, and try to fix it
make
make install
ln -s /usr/local/rrdtool-1.2.27/bin/rrdtool /usr/bin/rrdtool
ln -s /usr/local/rrdtool-1.2.27/bin/rrdupdate /usr/bin/rrdupdate
ln -s /usr/local/rrdtool-1.2.27/bin/rrdcgi /usr/bin/rrdcgi

Was that hard? I don’t think so, actually it was pretty easy and now you can start coding your own graphs πŸ˜€

You need to start diggin’ the Tutorials, Documentation and Wiki provided by Tobias Oetiker in order to start with your own cool graphs, and remember, RRDtool is FREE and if it helps you and saves you time/money you should really consider make Tobi happy πŸ˜‰

I’ll be posting later some basic examples for RRDtool graphs and other scripts, be patient πŸ™‚

mod_security 2 for Ensim X CentOs 4.6

ModSecurity is a great application which will help you to prevent attacks (including injections) to your webserver. On this article I’ll cover the installation of ModSecurity 2.5.1 on CentOS 4.6 with Apache2 running Ensim X.

First you need to meet the requirements:

  • libxml2
  • libxml2-devel
  • httpd-devel
  • apr-devel
  • apr-util-devel
  • pcre-devel

You can use yum in order to install/upgrade the mentioned packages.

Once you met the requirements you can go and download mod_security from here.

wget http://www.modsecurity.org/download/modsecurity-apache_2.5.1.tar.gz
tar -zxvf modsecurity-apache_2.5.1.tar.gz
cd modsecurity-apache_2.5.1/apache2
./configure
make
make install

By now mod_security should be installed on your system and we are just 1 step away from glory. You need to modify your apache config’s file /etc/httpd/conf/httpd.conf (backup your config first!!!).

Edit your /etc/httpd/conf/httpd.conf file and locate the LoadModule’s section (DSO) and at the following lines:

# load libxml2.so before any other module
LoadFile /usr/lib/libxml2.so
# here goes the rest of the default modules, I'm only pasting a few as an example
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so .........
# and at the end add the lines needed for mod_security
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf

We are almost done, we have mod_security installed and Apache configured to load mod_security. If you noticed, the last line we added (Include conf/modsecurity/*.conf) makes reference to the default rules mod_security includes in another file modsecurity-core-rules_2.5-1.6.0.tar.gz

cd /usr/local/src
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.0.tar.gz
mkdir /etc/httpd/conf/modsecurity
cd /etc/httpd/conf/modsecurity
tar -zxvf /usr/local/src/modsecurity-core-rules_2.5-1.6.0.tar.gz
service httpd restart

If you didn’t get any error/warning check your logs just to make sure apache restarted without issues. If no errors then that means you’ve succesfully installed mod_security on your server hurray! πŸ™‚

Take note that mod_security 2 has it’s default rules which are completely different than mod_security 1, you are free to go to /etc/httpd/conf/modsecurity and change/add rules according to your needs, and I highly recommend you to read ModSecurity documentation before doing that.

I took the best of the following sites to bring you this small HOWTO:

http://www.eth0.us/mod_security
http://carrero.es/instalar-modsecurity-2-en-plesk/1374

That’s all for today, I’m outta here πŸ˜‰