I am trying to get running process on server using Apache.
I have tried on PHP, Perl and Bash script and used this commands :
exec('ps -u username -o pid,uname,cmd,pmem,pcpu,etime --sort=-pcpu > test.txt');
exec('ps -u username -o pid,uname,cmd,pmem,pcpu,etime --sort=-pcpu', $output);
exec('ps -A', $output);
etc...
I only get all / USR / SBIN / HTTPD -k restart processes.
But when I am trying this command on SSH (terminal), I am properly getting all processes.
I think problem is n Apache.
Anybody know how I can solve this problem and get all process using Apache.
Thanks advance
# chcon -t unconfined_exec_t /sbin/httpd
use the command ps x
will list all active process
Related
I'm running
nginx 1.17.4
php 7.4
arch linux 5.4.2
Trying to execute the following command to get my user MAC address from IP (this script will run on my lan server) and $_SERVER['REMOTE_ADDR'] does return a valid ip
shell_exec("sudo /usr/bin/nmap -n -sn ".$_SERVER['REMOTE_ADDR'])
But it returns null so I tried the following to get a more info
shell_exec("sudo /usr/bin/nmap -n -sn ".$_SERVER['REMOTE_ADDR'] ." 2>&1")
And got the following: sudo: effective uid is not 0, is sudo installed setuid root?
I don't understand why I get this error because I have added the following in my sudder file
http ALL=NOPASSWD: /usr/bin/nmap
I've modified my passwd to allow login from HTTP to try it in shell and it works but not when I run it in the browser.
Help please!
Thanks
since my server is arch linux I decide to go ask in that arch forum and found was able to fix my issue. so for anybody interested please view
https://bbs.archlinux.org/viewtopic.php?pid=1877560#p1877560
Basically for me it was changing the php-fpm service file to the following
/etc/systemd/system/multi-user.target.wants/php-fpm.service
Set NoNewPrivileges=false
comment CapabilityBoundingSet
I want to run a script on my ubuntu server with a variable from php in it.
Here are some of the things i've tried to pass a variable to ubuntu...
shell_exec('vpsName=HI3');
vpsName=`mysql -D jake_db -h 127.0.0.1 -u jake -pXXXXXXX -se "SELECT vpsName FROM reinstalls WHERE status = 'pending'"`;
The final way in which i thought I could fix it was to avoid running the script through ubuntu all together and run it from shell_exec(); but it fails on running the guestfish commands.
Here is my entire reinstalls.sh script.
sudo rm /var/lib/libvirt/images/"$vpsName".qcow2 && sudo wget -O /var/lib/libvi$
guestfish -a /var/lib/libvirt/images/"$vpsName".qcow2 <<'EOF'
run
mount /dev/ubuntu-vg/root /
rm /etc/network/interfaces
EOF
sudo fusermount -u /mnt && virsh start "$vpsName" && echo "IT WORKED!"
I am open to any way of getting this to work, as long as its secure,
Thanks in advance,
Jake
EDIT:
If I run the script with a VPS name instead of a variable, it works. I just can't find a way to pass the variables from the website to the ubuntu16.04 OS.
Well one way would be to run each command from PHP:
shell_exec("sudo rm /var/lib/libvirt/images/" . $vpsName . ".qcow2");
shell_exec("sudo wget -O /var/lib/libvi ... etc");
The other would be to invoke your shell script from PHP, passing the vps name as a parameter:
shell_exec("reinstalls.sh " . $vpsName)
But then you'd have to rewrite the shell script to pick up the command line parameter and apply it as necessary. In the case of bash, this explains how to go about that.
I'm trying to start a bash script later in PHP so I allowed it in visudo.
www-data ALL = (root) NOPASSWD: /sbin/iptables
www-data ALL = (root) NOPASSWD: /usr/bin/at
The script removeuserIP is just doing sudo iptables ... and is working:
#!/bin/bash
sudo iptables -t nat -D PREROUTING -s $1 -j ACCEPT;
sudo iptables -D FORWARD -s $1 -j ACCEPT;
and in the PHP code, I put this line:
$msg=exec("echo /var/www/scripts/removeuserIP $ipaddress | at now + 1 minutes");
but the issue is it's starting the script right now. I checked in /log/var/auth.log and indeed, it's starting the command right now.
I tried it in a terminal directly and there was no issue, it is starting later (with an argument of course):
echo /var/www/scripts/removeuserIP $ipaddress | at now + 1 minutes
I also tried to do it like this in a terminal but this one is not working too because it doesn't understand there is an argument for the file:
sudo at now +1 minutes -f /var/www/scripts/removeuserIP 172.24.1.115
I really don't understand why it is starting right now even if it should start 1 minute later and not now.
Would it be acceptable to put a time delay in removeuserIP script?
#!/bin/bash
sleep 1m
sudo iptables -t nat -D PREROUTING -s $1 -j ACCEPT;
sudo iptables -D FORWARD -s $1 -j ACCEPT;
Solution: Finally, after checking /var/log/apache2/error.log, I saw that it doesn't have the permission to use at.
In fact you have to go /etc/at.deny and remove the line www-date with at. There is probably a security reason for why it's forbidden by default and a better way to do this, but at least it's working.
I have a nodejs script named script.js.
var util = require('util');
var net = require("net");
process.on("uncaughtException", function(e) {
console.log(e);
});
var proxyPort = "40000";
var serviceHost = "1.2.3.4";
var servicePort = "50000";
net.createServer(function (proxySocket) {
var connected = false;
var buffers = new Array();
var serviceSocket = new net.Socket();
serviceSocket.connect(parseInt(servicePort), serviceHost);
serviceSocket.pipe(proxySocket).pipe(serviceSocket);
proxySocket.on("error", function (e) {
serviceSocket.end();
});
serviceSocket.on("error", function (e) {
console.log("Could not connect to service at host "
+ serviceHost + ', port ' + servicePort);
proxySocket.end();
});
proxySocket.on("close", function(had_error) {
serviceSocket.end();
});
serviceSocket.on("close", function(had_error) {
proxySocket.end();
});
}).listen(proxyPort);
I am runing it normally like nodejs script.js, but now i want to include forever or pm2 functionalities as well. When i am root everything works smootly:
chmod -R 777 /home/nodejs/forever/;
-- give rights
watch -n 0.1 'ps ax | grep forever | grep -v grep'
-- watch forwarders (where i see if a forever is opened)
/usr/local/bin/forever -d -v --pidFile "/home/nodejs/forever/file.pid" --uid 'file' -p '/home/nodejs/forever/' -l '/home/nodejs/forever/file.log' -o '/home/nodejs/forever/file.log' -e '/home/nodejs/forever/file.log' -a start /etc/dynamic_ip/nodejs/proxy.js 41789 1.2.3.4:44481 414 file
-- open with forever
forever list
-- it is there, i can see it
forever stopall
-- kill them all
The problem is when i want to run the script from a PHP script with the system or exec functions :
sudo -u www-data /usr/local/bin/forever -d -v --pidFile "/home/nodejs/forever/file.pid" --uid 'file' -p '/home/nodejs/forever/' -l '/home/nodejs/forever/file.log' -o '/home/nodejs/forever/file.log' -e '/home/nodejs/forever/file.log' -a start /etc/dynamic_ip/nodejs/proxy.js 41789 1.2.3.4:44481 414 file
-- open as www-data (or i can do this just by accessing `http://1.2.3.4/test.php`, it is the same thing)
forever list
-- see if it is there, and it is not (i see it in watch)
forever stopall
-- says no forever is opened
kill PID_ID
-- the only way is to kill it by pid ... and on another server all of this works very well, can create and kill forevers from a php script when accessing it from web ... not know why
-- everything is in /etc/sudoers including /usr/local/bin/forever
Why is that? How can i solve this?
I also made some trick, created a user 'forever2', i created a script.sh with this content :
sudo su forever2 user123; /usr/local/bin/forever -d -v --pidFile "/home/nodejs/forever/file.pid" --uid 'file' -p '/home/nodejs/forever/' -l '/home/nodejs/forever/file.log' -o '/home/nodejs/forever/file.log' -e '/home/nodejs/forever/file.log' -a start /etc/dynamic_ip/nodejs/proxy.js 41789 1.2.3.4:44481 414 file;
where user123 is not existent, is just a trick to exit the shell after execution. The script works, runs forever, i can close all forevers with the command forever stopall from root. When i try the same thing running the http://1.2.3.4/test.php or as www-data user i cannot close it from root or www-data, so not even this works.
I tried from Ubuntu 14.04.3 LTS, Ubuntu 14.04 LTS , Debian GNU/Linux 8 ... still the same thing.
Any ideeas?
Thanks.
If you are starting the process from within Apache or the web-server you are already as the www-data user, so doing a sudo su to the user context you already have is likely not necessary.
When you start this forever task you may also be required to shut the terminals/inputs and directly send to background. Something like this:
// Assemble command
$cmd = '/usr/bin/forever';
$cmd.= ' -d -v --pidfile /tmp/my.pid'; // add other options
$cmd.= ' start';
$cmd.= ' /etc/dynamic_ip/nodejs/proxy.js';
// "magic" to get details
$cmd.= ' 2>&1 1>/tmp/output.log'; // Route STDERR to STDOUT; STDOUT to file
$cmd.= ' &'; // Send whole task to background.
system($cmd);
Now, there won't be any output here but you should have something in /tmp/output.log which could show why forever failed, or the script crashed.
If you've been running the script sometimes as root, then trying the same command as www-data you may also be running into a permissions on one or more files/directories created from the execution as root which now conflict when running as www-data.
This is part of PHP security you say you're running it from a php script and your not your running it from Apache via a php script.
PHP web scripts should not have root access as such they run under the same permissions as Apache user www-data.
There are ways to prevent php running as root but run a task as root but it's a little hacky and I'm not going to share the code but I will explain so you can look into it. here is where to start
http://php.net/manual/en/function.proc-open.php
With a Proccess like this you can then execute a proc. Like your script.js via nodeJS using SUDO and then read stdOut and stdErr wait for password request then provide it by writing to stdIn for that process.
Don't forget in doing this the user www-data has to have a password and be in the sudoers list
Per the OPs Comment
Due to the way SUDO works the PATH does not appear to contain the path to the node executables npm, node so your best of building a .sh (bash script) and using sudo to run that.
You still need to monitor this process as it will still ask for a password
#!/bin/bash
sudo -u ec2-user -i
# change this to the path you want to run from
cd ~
/usr/local/bin/pm2 -v
I'd need you precious help on a matter I am spending hours on.
Scope: Apache2 and PHP running on a raspberry pi;
Premise: my little knowledge of Linux environment!
The objective: launching a long-run php script, that opens sockets, from another php script running as webpage. In other terms, the application is a chat and I need to start the php server script form a web page, for my convenience.
The issue: if I run it from the the console, logged as "pi", with the following command
php -q /var/www/chatSocket.php > /var/www/tmp/socketProcessOutput.txt 2>&1 & echo $!
it works like a charm, but if it try to do so from a script, with the following (don't mind the concatenated strings and assignment of output to variables - it made no difference removing them):
$result .= "Result of pkill (killed process): " .shell_exec('sudo pkill -f SongWebSocket.php') ."\n";
$result .= "Launching new process: id returned:". shell_exec('php -q /var/www/chatSocket.php > /var/www/tmp/socketProcessOutput.txt 2>&1 & echo $!') ."\n";
$result .= "Checking running SongWebSocket.php process:" ."\n";
$result .= shell_exec('ps -A aux| grep -e SongWebSocket.php -e USER') ."\n";
.. it does not work (it seems like it launch the script but the sockets ar not open).
Any clue why this happens?
Also, and this can be for my little knowledge of Linux, why i get a dioffrent aoutput from the command
ps aux| grep -e SongWebSocket.php -e USER
if I launch it from the shell, as user pi, or from the sript, as www-data user.
I Look forward for your help. Thanks in advance!
Marco.
www-data user doesn't have the permisson I guess. why not add "sudo" for every shell_exec line? (sudo starts the programm with root permission). it's not pretty and not secure but it might work on you local home-network. sudo php ... sudo ps -A aux etc. In addition you should make sure that the php safe_mode is off. you can see that by adding phpinfo(); to you php code