Archives for: December 2005, 02

12/02/05

Lately I've been working on the new webserver machine for VTK. Today I configured mod_security for Apache2, partially by using the rules one can find on gotroot.com.
On the site a little script is provided to update the rules automagicly (in a cronjob or something alike), but when I started using the script I didn't like it for several reasons.
So I decided to rewrite it to suit my needs. You can find my enhanced version here.

The machine now also runs PHP4 and PHP5 side by side thanks to this great documentation (and the Gentoo PHP herd developers, obviously). PHP4 as an Apache module (because this is the "default", so it must run as efficient as possible), PHP5 using the CGI interface for all .php5 files.
We can't make "the big switch" to a PHP5-only server due to our bloody PhpBB forum which is not PHP5 compatible. And as our forum is one of the biggest PHP consumers on the server, I don't want to run PHP4 as CGI and only run the forum this way.

[edit]
I enhanced the script a little more, here's a diff:

--- update_mod_security_rules.sh        2005-12-02 14:46:02.000000000 +0100
+++ update_rules_v2.sh  2005-12-04 14:34:33.000000000 +0100
@@ -15,6 +15,7 @@
 APACHESTART="/etc/init.d/apache2 restart"
 MODSECPATH="/etc/modsecurity"
 APACHEPID="/var/run/apache2.pid"
+APACHECTL="/usr/sbin/apache2ctl"

 #Modules
 #If you want the "exclude" rules, they should be the first entry in the list
@@ -59,10 +60,21 @@

 echo "Make sure you got \"Include ${MODSECPATH}/all.conf\" somewhere in your Apache config"

+${APACHECTL} configtest > /dev/null 2>&1
+if [ ! "x$?" = "x0" ]; then
+        echo
+        echo "There's something wrong in Apache's configuration:"
+        echo
+        ${APACHECTL} configtest
+        echo
+        echo "Exiting, not restarting Apache"
+        exit 1
+fi
+
 # try restart
 if [ "$UPDATED" -gt "0" ]; then
         echo -n "Restarting apache: "
-        /bin/kill -HUP ${PID} 2>/dev/null
+        ${APACHECTL} graceful
         # did it work?
         if `/bin/kill -CHLD ${PID} >/dev/null 2>&1`; then
                 echo "ok."

The script

Permalink . Ikke . 03:01:15 pm . 414 Words . Technology, Linux, Networks . . 818 views . 2 comments