TEST-FAILED Webserver is permitting fetch of | Bugzilla testserver.pl Error Message

TEST-FAILED Webserver is permitting fetch of | Bugzilla testserver.pl Error Message

Error Message:
While running the testserver.pl in bugzilla root folder, following error message occurred.
 #./testserver.pl http://bugzillaserver
TEST-OK Webserver is running under group id in $webservergroup.
TEST-OK Got padlock picture.
TEST-OK Webserver is executing CGIs via mod_cgi.
TEST-FAILED Webserver is permitting fetch of http://bugzillaserver/localconfig.

Solution:
Add the following lines inside </VirtualHost> in your Apache Web Server config file(httpd.conf)

<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
  deny from all
</FilesMatch>

Sample Bugzilla Apache Config:
<VirtualHost server_ip:*>
DocumentRoot /var/www/html/bugzilla
ServerName bug.bugzilla.com
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
IndexOptions SuppressColumnSorting SuppressDescription SuppressHTMLPreamble SuppressLastModified SuppressSize SuppressIcon SuppressRules
Options +ExecCGI
<Directory "/var/www/html/bugzilla">
        AddHandler cgi-script .cgi
        Options -Indexes +ExecCGI
DirectoryIndex index.cgi
        AllowOverride Limit
</Directory>
<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
  deny from all
</FilesMatch>
<IfModule mod_expires.c>
<IfModule mod_headers.c>
<IfModule mod_env.c>
  <FilesMatch (\.js|\.css)$>
    ExpiresActive On
    ExpiresDefault "now plus 1 years"
    Header append Cache-Control "public"
  </FilesMatch>
  SetEnv BZ_CACHE_CONTROL 1
</IfModule>
</IfModule>
</IfModule>
</VirtualHost>

rsyslog Remote Login Configuration Guide with Example Config file | ip Tables

rsyslog Remote Login Configuration:

1. On the Client System:

# yum install rsyslog

Add the following lint (server ip, port) in the existing config file.
#vim /etc/rsyslog.conf

*.* @masterserverip:514     (Enables UDP forwarding)
*.* @@masterserverip:514     (Enables TCP forwarding, You can use any one protocol )

#service rsyslog restart

Example Client Server rsyslog.conf file:

$ModLoad imuxsock.so

$ModLoad imklog.so

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

*.* @masterserverip:514

*.info;mail.none;authpriv.none;cron.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/maillog

cron.* /var/log/cron

*.emerg *

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log

2. Rsyslog Master Log Server Configuration:

# yum install rsyslog  rsyslog-mysql

#vim /etc/rsyslog.conf

Example Log Server Config File:

# Add your Client server IP or IP Range

$AllowedSender UDP, 127.0.0.1, 10.5.0.0/16, 192.168.1.0/24

$AllowedSender TCP, 127.0.0.1, 10.5.0.0/16, 192.168.1.0/24

$ModLoad imuxsock.so

$ModLoad imklog.so

$ModLoad immark.so

# Provides UDP syslog reception

$ModLoad imudp.so

$UDPServerRun 514

# Provides TCP syslog reception

$ModLoad imtcp.so

$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

*.info;mail.none;authpriv.none;cron.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/maillog

cron.* /var/log/cron

*.emerg *

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log

Save the file and restart the service

#service rsyslog restart

3. If you want to use different template and log the different server logs in to different directory.
     you can add the following in the rsyslog.conf file

Example File 1(Dynamic Logfile):

# Add your Client server IP or IP Range

$AllowedSender UDP, 127.0.0.1, 10.5.0.0/16, 192.168.1.0/24

$AllowedSender TCP, 127.0.0.1, 10.5.0.0/16, 192.168.1.0/24

$ModLoad imuxsock.so

$ModLoad imklog.so

$ModLoad immark.so

# Provides UDP syslog reception

$ModLoad imudp.so

$UDPServerRun 514

# Provides TCP syslog reception

$ModLoad imtcp.so

$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$template DynFile,"/var/log/%HOSTNAME%/%programname%.log"
*.* ?DynFile

Example File 2 (Manual User Defined Log Files):

# Add your Client server IP or IP Range

$AllowedSender UDP, 127.0.0.1, 10.5.0.0/16, 192.168.1.0/24

$AllowedSender TCP, 127.0.0.1, 10.5.0.0/16, 192.168.1.0/24

$ModLoad imuxsock.so

$ModLoad imklog.so

$ModLoad immark.so

# Provides UDP syslog reception

$ModLoad imudp.so

$UDPServerRun 514

# Provides TCP syslog reception

$ModLoad imtcp.so

$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$template Auth, "/var/log/%HOSTNAME%/secure.log"

# Log anything (except mail and cron) of level info or higher.

$template MSG, "/var/log/%HOSTNAME%/messages"

# Log all the mail messages in one place.

$template mail, "/var/log/%HOSTNAME%/maillog"

# Log cron stuff

$template cron, "/var/log/%HOSTNAME%/cron"

# Save news errors of level crit and higher in a special file.

$template spool, "/var/log/%HOSTNAME%/spooler"

# Save boot messages also to boot.log

$template boot, "/var/log/%HOSTNAME%/boot.log"

# Save kern messages also to console

$template kern, "/var/log/%HOSTNAME%/kernal"

# Everybody gets emergency messages

$template emerg, "/var/log/%HOSTNAME%/emerg"

#Save doemon message in daemon.log

$template daemon, "/var/log/%HOSTNAME%/daemon.log"

#Save news message in news.log

$template news, "/var/log/%HOSTNAME%/news.log"

#Save User log messages

$template user, "/var/log/%HOSTNAME%/user.log"

#Save Wrapper messages

$template local, "/var/log/%HOSTNAME%/tcpwrapper.log"

#Save dmesg message

$template all, "/var/log/%HOSTNAME%/all"

authpriv.* ?Auth

*.info,mail.none,authpriv.none,cron.none ?MSG

mail.* ?mail

cron.* ?cron

news.crit ?spool

local7.* ?boot

kern.* ?kern

*.emerg ?emerg

user.* ?user

daemon.*,daemon,daemon.notice,daemon.err ?daemon

news.* ?news

*.* ?all

4. If you want to save the log file in to cacti syslog mysql database

Add the following lined at the end of rsyslog.conf

$ModLoad ommysql

$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL

*.*     >dbserverip,db_name,db_username,db_password;cacti_syslog

5. IP Tables Config:
add the following port in the /etc/sysconfig/iptables file ( This is only required in the syslog server)

-A INPUT -p udp -m udp --dport 514 -j ACCEPT

Or for TCP

-A INPUT -p tcp -m tcp --dport 514 -j ACCEPT

Error | bash: mount.cifs: command not found | Fedora 16

bash: mount.cifs: command not found

Error:
While mounting the Windows Network Share, following error occurred.

# mount.cifs  //192.168.1.1/share  /mnt/windows -o user=testuser,pass=mypassword

bash: mount.cifs: command not found

Solution:
Install the cifs-utils package

#yum install cifs-utils

======================================================= Package                                            Arch                                           Version                                               Repository                                       Size
========================================================
Installing:
 cifs-utils                                         x86_64                                         5.4-1.fc16                                            updates                                          64 k
Installing for dependencies:
 keyutils                                           x86_64                                         1.5.2-1.fc16                                          fedora                                           47 k

Transaction Summary
======================================================
Installed:
  cifs-utils.x86_64 0:5.4-1.fc16

Dependency Installed:
  keyutils.x86_64 0:1.5.2-1.fc16

Complete!

How to Set the default runlevel | In fedora 16 Ubuntu

How to Set the default runlevel?

1) To set the default run level, you have to delete the existing symbolic link and create a new one. This will be permanent after rebooting also.

#rm /etc/systemd/system/default.target

Default Text mode ( runlevel 3)
#ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

Default Graphic Mode ( Runlevel 5)
#ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target

2) To switch form one run level to other immediately you have to run the following comment.

Switch to Text Mode (Runlevel 3)
#systemctl isolate multi-user.target
or
#systemctl isolate runlevel3.target

Switch to Graphical Mode (Runlevel 5)
#systemctl isolate graphical.target
or
#systemctl isolate runlevel5.target

Bugzilla | Internal Server Error 500 | After Upgradation | Apache Config File Example for Bugzilla:

Bugzilla | Internal Server Error 500
 
After Upgrading the Bugzilla form 3.xx to 4.xx, following error occurred while browsing.

Error Message:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@datapatterns.co.in and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

I have checked the httpd error log. If it shows as shown below
#tail -f  /var/log/httpd/error_log

/usr/share/bugzilla/.htaccess: ExpiresActive not allowed here

Then I checked the Bugzilla setup for errors.
Go to Bugzilla installation directory
#cd /usr/share/bugzilla
./checksetup.pl
No error found.

Solution:
Modify the htaccess file as shown below.
(Hide other parameters)
vim /usr/share/bugzilla/.htaccess

<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
  deny from all
</FilesMatch>

If bugzilla web service is configured in httpd.conf you can remove the .htaccess file
#cd /usr/share/bugzilla
#mv .htaccess .htaccess.bk
reboot the Apache server
#service httpd restart

Now the error message is gone.

Apache Config File Example for Bugzilla:

<VirtualHost serverip:*>

DocumentRoot /usr/share/bugzilla

ServerName bugzilla.domain.com

RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

RewriteRule .* - [F]

IndexOptions SuppressColumnSorting SuppressDescription SuppressHTMLPreamble SuppressLastModified SuppressSize SuppressIcon SuppressRules

Options +ExecCGI

<Directory "/usr/share/bugzilla">

        AddHandler cgi-script .cgi

        Options -Indexes +ExecCGI

DirectoryIndex index.cgi

        AllowOverride Limit

</Directory>

<FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
  deny from all
</FilesMatch>

</VirtualHost>

Poller[0] ERROR: SQL Assoc Failed!, Error:'1017' | Cacti

ERROR: SQL Assoc Failed!


Error:
Cacti Graphs were not generated.
Then I checked the Cacti Log, and it shows the following error.
#tail -f /var/www/html/log/cacti.log


Error Log:
Poller[0] ERROR: SQL Assoc Failed!, Error:'1017', SQL:"select  poller_output.output,  poller_output.time,  poller_output.local_data_id,  poller_item.rrd_path,  poller_item.rrd_name,  poller_item.rrd_num  from (poller_output,poller_item)  where (poller_output.local_data_id=poller_item.local_data_id and poller_output.rrd_name=poller_item.rrd_name)  LIMIT 10000"


Then I found that the poller_output table was corrupted

Solution:
Then I tried to repair the corrupted table, but it was not repaired successfully. So I Truncated that particular table through phpmyadmin and rebuild the poller cache through Cache Admin->System Utilities.


TRUNCATE `poller_output` ;
Your SQL query has been executed successfully


Due to low disk space in the database server, the table poller_output was corrupted for me.







 

Squid configuration for cache Antivirus Updates | AVG | Kaspersky | Norton | Avira | Trend Micro | Microsoft updates

Squid configuration for cache Antivirus Updates

To cache the Antivirus update files in squid cache, you have to add the below refresh rules in squid config file.
So that squid will prevent the users downloading directly from net and it will allow users to download the updates from squid cache.

#vim /etc/squid/squid.conf

For AVG add the below lines:

refresh_pattern guru.avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims;

refresh_pattern bguru.avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims;

refresh_pattern af.avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims;

For other anit virus updates, you can replace the download URL with that particular url.

Microsoft updates:
 To cache Microsoft updates, add the below lines in the squid config file

refresh_pattern mbam-cdn.malwarebytes.org/.*\.(exe) 4320 100% 43200 reload-into-ims;

refresh_pattern data-cdn.mbamupdates.com/.*\.(ref) 4320 100% 43200 reload-into-ims;

-----------------------------------------------------------------------------------------------------------

SSHD | Server unexpectedly closed network connection | Putty

SSHD server unexpectedly closed network connection

Error log:
tail -f /var/log/audit/audit.log

type=USER_AUTH msg=audit(1292432614.589:14079): user pid=5965 uid=0 auid=0 ses=1 msg='op=PAM:authentication acct="user" exe="/usr/sbin/sshd" hostname=192.168.1.5 addr=192.168.1.5 terminal=ssh res=success'
type=USER_ACCT msg=audit(1292432614.598:14080): user pid=5965 uid=0 auid=0 ses=1 msg='op=PAM:accounting acct="user" exe="/usr/sbin/sshd" hostname=192.168.1.5 addr=192.168.1.5 terminal=ssh res=failed'
type=USER_LOGIN msg=audit(1292432614.600:14081): user pid=5965 uid=0 auid=0 ses=1 msg='op=login acct="user" exe="/usr/sbin/sshd" hostname=? addr=192.168.1.5 terminal=sshd res=failed'

Solution #1
Try
#touch /etc/environment
creates the file

Solution #2
I had the same issue...I found that the IP of host I was trying to connect from was in /etc/hosts.deny
Check host file

Solution #3

after modifying the pam.d it started working for me

#cd /etc/pam.d
#vim  system-auth-ac

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        sufficient    pam_smb_auth.so use_first_pass nolocal
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so


#vim sshd

auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke