Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Contributions to ELOG, Page 4 of 6  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Hide attachments  Show only new entries    57 Entries 
Goto page Previous  1, 2, 3, 4, 5, 6   Next  All
IDdown Date Author Author Email Category Subject Status Last Revision
  29   Thu Nov 27 11:43:32 2008 T. Ribbrockemgaron+elog@ribbrock.orgScript/etc/init.d/elog script for Debian-like distrosStable 

The attached script was used by the Debian package (which is no longer maintained) to start/stop elogd. I have changed it based on some comments in the forum (see script) to add some more functionality. As there is no mainatined elog package for Debian anymore, I'm placing it here in the hope that it might come in handy for users who want to run elog under Debian.

This script needs to be placed in /etc/init.d and expects elogd to be installed as /usr/sbin/elogd (can be changed, of course).

Attachment 1: elog 
#!/bin/sh
# Init script for ELOG.
# Copyright © 2003, 2005  Recai Oktaş <roktas@omu.edu.tr>
#
# Additional changes by Thomas Ribbrock <emgaron@ribbrock.org>
# - 2008-11-27: Added better reload functionality, based on suggestion and
#   code from Yoshio Imai as posted in elog forum
#
# Licensed under the GNU General Public License, version 2.
# See the file `http://www.gnu.org/copyleft/gpl.txt'.

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/elogd
NAME=elogd
DESC="ELOG daemon"

test -f $DAEMON || exit 0

set -e

# Admin should be able to lock some options.
if [ -f /etc/default/elog ]; then
	. /etc/default/elog
fi

# To be in the safe side, the followings should be always defined.
PIDFILE=${PIDFILE:-/var/run/$NAME.pid}
CONFFILE=${CONFFILE:-/etc/elog.conf}

# Add the options to argument list only if defined previously.  Since
# some options may also be present in the conffile, we couldn't preset
# those options which would otherwise overwrite the settings in the
# conffile.  Also note that, all have reasonable compiled-in defaults.
ARGS="${PIDFILE+"-f $PIDFILE"}         \
      ${CONFFILE+"-c $CONFFILE"}       \
      ${LOGBOOKDIR+"-d $LOGBOOKDIR"}   \
      ${RESOURCEDIR+"-s $RESOURCEDIR"} \
      ${PORT+"-p $PORT"}               \
      ${HOST+"-n $HOST"}               \
      ${VERBOSE+"-v"}"
      
# Always run as a daemon.
ARGS=`echo $ARGS -D`

case "$1" in
	start)
		echo -n "Starting $DESC: "
		start-stop-daemon --start --quiet --pidfile $PIDFILE \
			--exec $DAEMON -- $ARGS 2>&1
		sleep 1
		if [ -f "$PIDFILE" ] && ps h `cat "$PIDFILE"` >/dev/null; then
			echo "$NAME."
		else
			echo "$NAME failed to start; check syslog for diagnostics."
			exit 1
		fi
		;;
	stop)
		echo -n "Stopping $DESC: $NAME"
		start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
			--exec $DAEMON -- $ARGS 2>&1
		echo "."
		;;
	reload)
		# Send HUP signal to reload config file
		# (Only needed if config is edited manually and not via
		# webinterface)
		if [ -f $PIDFILE ]; then
			echo -n "$DESC to reread config file ... "
			kill -HUP `cat "$PIDFILE"`
			echo "done"
		else
			echo "No $PIDFILE found!"
		fi
		;;
	restart|force-reload)
		$0 stop
		sleep 1
		$0 start
		if [ "$?" != "0" ]; then
			exit 1
		fi
		;;
	*)
		N=/etc/init.d/$NAME
		echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
		exit 1
		;;
esac

exit 0

# vim:ai:sts=8:sw=8:
  28   Fri Mar 28 10:23:50 2008 svrmartysvrmarty@gmx.netOtherELOG V2.7.3-2080 debian amd64 packageStableFri Mar 28 10:23:55 2008 by svrmarty
Attachment 1: elog_2.7.3+r2080-1_amd64.deb
  27   Tue Jan 29 23:18:39 2008 Diogo Alvesdiogomiguelalves@gmail.comScriptMultiple file upload for FirefoxStableWed Jan 30 07:56:53 2008 by Stefan Ritt

Here's a firefox extension that works extremely well if one uses drag n'drop to upload several attachment files at once:

 

https://addons.mozilla.org/en-US/firefox/addon/219

 

  26   Mon Jul 16 16:43:07 2007 Peter Rienstrapeter.rienstra@gmail.comOtherRe: Compiling elogd.c on HP-UX 64 bitBetaThu Jul 12 09:38:47 2007 by Peter Rienstra

Stefan Ritt wrote:
Can you check revision 1888 (http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1888), compile it and see if you can run it at least under your non-root account.


I downloaded revision 1888. There were no problems compiling it. It's running on the HP-UX system now and everything seems to work fine. Smile
  25   Mon Jul 16 15:57:47 2007 Stefan Rittstefan.ritt@psi.chOtherRe: Compiling elogd.c on HP-UX 64 bitBetaThu Jul 12 09:38:47 2007 by Peter Rienstra

Peter Rienstra wrote:
HP-UX doesn't have the "seteuid" and "setegid" functions. But there are "setuid+setgid", "setreuid+setregid" and "setresuid+setresgid" functions available.


I had a look and found that setreuid/setregid is also available under Linux, so I use those functions instead, which should also work on HP-UX. Can you check revision 1888 (http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1888), compile it and see if you can run it at least under your non-root account.
  24   Mon Jul 16 15:27:08 2007 Peter Rienstrapeter.rienstra@gmail.comOtherRe: Compiling elogd.c on HP-UX 64 bitBetaThu Jul 12 09:38:47 2007 by Peter Rienstra
Stefan,

First I want to say I really like your program. We work in a small group of 5 database administrators, and this is exactly what we need to inform each other. Elog is simple but very functional, so thanks!


My problem is that I don't have root access to the HP-UX machines. We don't run elogd as root, so I wasn't really interested in the seteuid functionality, I just wanted to compile and run the program.

HP-UX doesn't have the "seteuid" and "setegid" functions. But there are "setuid+setgid", "setreuid+setregid" and "setresuid+setresgid" functions available. I'm not sure which one is the best to use. I uploaded the manpages as attachment. I hope this will help you.

If you want I can do a compile and run test on HP-UX with your altered source code. But I can't do a test with "root".




Stefan Ritt wrote:
I applied most of your patches to the elog source code, SVN revision 1885. The only missing piece has to do with seteuid/setuid. I definitively need seteuid for linux, because elogd might be started under root, then it falls back to an optional elog user. But when it stops, it has to restore the original root user in order to delete the PID file (/var/run/elogd.pid) which was created under root. If seteuid does not exist under HP-UX, you should add something like
#ifdef HP-UX
  setuid(...)
#else
  seteuid(...)
#endif

Probably the HP-UX has to be something else, but I cannot test this since I don't have such an OS here. Once you get this working I can put it into the standard distribution.
Attachment 1: man_setuid.txt 


 setuid(2)							   setuid(2)




 NAME
      setuid(), setgid() - set user and group IDs

 SYNOPSIS
      #include <unistd.h>

      int setuid(uid_t uid);

      int setgid(gid_t gid);

 DESCRIPTION
      setuid() sets the real-user-ID (ruid), effective-user-ID (euid),
      and/or saved-user-ID (suid) of the calling process.  If the Security
      Containment product is installed, these interfaces treat a process
      observing CHSUBJIDENT as a privileged process.  Otherwise, only
      processes with an euid of zero are treated as privileged processes.
      See privileges(5) for more information on Security Containment and
      fine-grained privileges.

      The following conditions govern setuid's behavior:

	   +  If the process is privileged, setuid() sets the ruid, euid,
	      and suid to uid.

	   +  If the process is not privileged and the argument uid is equal
	      to the ruid or the suid, setuid() sets the euid to uid; the
	      ruid and suid remain unchanged.  (If a set-user-ID program is
	      not running as superuser, it can change its euid to match its
	      ruid and reset itself to the previous euid value.)

	   +  If the process is not privileged, the argument uid is equal to
	      the euid, and the calling process has the PRIV_SETRUGID
	      privilege, setuid() sets the ruid to uid; the euid and suid
	      remain unchanged.

      setgid() sets the real-group-ID (rgid), effective-group-ID (egid),
      and/or saved-group-ID (sgid) of the calling process.  The following
      conditions govern setgid()'s behavior:

	   +  If the process is privileged, setgid() sets the rgid and egid
	      to gid.

	   +  If the process is not privileged and the argument gid is equal
	      to the rgid or the sgid, setgid() sets the egid to gid; the
	      rgid and sgid remain unchanged.

	   +  If the process is not privileged, the argument gid is equal to
	      the egid, and the calling process has the PRIV_SETRUGID
	      privilege, setgid() sets the rgid to gid; the egid and sgid
	      remain unchanged.




 Hewlett-Packard Company	    - 1 -      HP-UX 11i Version 2: May 2006






 setuid(2)							   setuid(2)




    Security Restrictions
      Some or all of the actions associated with this system call require
      the CHSUBJIDENT privilege.  Processes owned by the superuser have this
      privilege.  Processes owned by other users may have this privilege,
      depending on system configuration.

      See privileges(5) for more information about privileged access on
      systems that support fine-grained privileges.

 RETURN VALUE
      Upon successful completion, setuid() and setgid() return 0; otherwise,
      they return -1 and set errno to indicate the error.

 ERRORS
      setuid() and setgid() fail and return -1 if any of the following
      conditions are encountered:

	   [EPERM]	  None of the conditions above are met.

	   [EINVAL]	  uid (gid) is not a valid user (group) ID.

 WARNINGS
      It is recommended that the PRIV_SETRUGID capability be avoided, as it
      is provided for backward compatibility.  This feature may be modified
      or dropped from future HP-UX releases.  When changing the real user ID
      and real group ID, use of setresuid() and setresgid() (see
      setresuid(2)) is recommended instead.

 AUTHOR
      setuid() was developed by AT&T, the University of California,
      Berkeley, and HP.

      setgid() was developed by AT&T.

 SEE ALSO
      exec(2), getuid(2), setresuid(2), privileges(5).

 STANDARDS CONFORMANCE
      setuid(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1

      setgid(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1













 Hewlett-Packard Company	    - 2 -      HP-UX 11i Version 2: May 2006
Attachment 2: man_setreuid.txt 


 setreuid(2)							 setreuid(2)




 NAME
      setreuid - set real and effective user IDs

 SYNOPSIS
      #include <unistd.h>

      int setreuid(uid_t ruid, uid_t euid);

 DESCRIPTION
      The setreuid() function sets the real and effective user IDs of the
      current process to the values specified by the ruid and euid
      arguments. If ruid or euid is -1, the corresponding effective or real
      user ID of the current process is left unchanged.

      A process with appropriate privileges can set either ID to any value.
      An unprivileged process can only set the effective user ID if the euid
      argument is equal to either the real, effective, or saved user ID of
      the process.

      It is unspecified whether a process without appropriate privileges is
      permitted to change the real user ID to match the current real,
      effective or saved user ID of the process.

 RETURN VALUE
      Upon successful completion, 0 is returned. Otherwise, -1 is returned
      and errno is set to indicate the error.

 ERRORS
      The setreuid() function will fail if:

	   [EINVAL]		    The value of the ruid or euid argument
				    is invalid or out-of-range.

	   [EPERM]		    The current process does not have
				    appropriate privileges, and either an
				    attempt was made to change the effective
				    user ID to a value other than the real
				    user ID or the saved set-user-ID or an
				    attempt was made to change the real user
				    ID to a value not permitted by the
				    implementation.

 SEE ALSO
      getuid(2), setuid(2), <unistd.h>.

 CHANGE HISTORY
      First released in Issue 4, Version 2.







 Hewlett-Packard Company	    - 1 -   HP-UX 11i Version 2: August 2003
Attachment 3: man_setresuid.txt 


 setresuid(2)							setresuid(2)




 NAME
      setresuid, setresgid - set real, effective, and saved user and group
      IDs

 SYNOPSIS
      #include <unistd.h>

      int setresuid(uid_t ruid, uid_t euid, uid_t suid);

      int setresgid(gid_t rgid, gid_t egid, gid_t sgid);

 DESCRIPTION
      setresuid() sets the real, effective and/or saved user ID of the
      calling process.

      If the current real, effective or saved user ID is equal to that of a
      user having appropriate privileges, setresuid() sets the real,
      effective and saved user IDs to ruid, euid, and suid, respectively.
      Otherwise, setresuid() only sets the real, effective, and saved user
      IDs if ruid, euid, and suid each match at least one of the current
      real, effective, or saved user IDs.

      If ruid, euid, or suid is -1, setresuid() leaves the current real,
      effective or saved user ID unchanged.

      setresgid() sets the real, effective and/or saved group ID of the
      calling process.

      If the current real, effective or saved user ID is equal to that of a
      user having appropriate privileges, setresgid() sets the real,
      effective, and saved group ID to rgid, egid, and sgid, respectively.
      Otherwise, setresgid() only sets the real, effective and saved group
      ID if rgid, egid, and sgid each match at least one of the current
      real, effective or saved group ID.

      If rgid, egid, or sgid is -1, setresgid() leaves the current real,
      effective or saved group ID unchanged.

    Security Restrictions
      Some or all of the actions associated with this system call require
      the PRIV_CHSUBJIDENT privilege (CHSUBJIDENT).  Processes owned by the
      superuser will have this privilege.  Processes owned by other users
      may have this privilege, depending on system configuration.  See
      privileges(5) for more information about privileged access on systems
      that support fine-grained privileges.

 RETURN VALUE
      Upon successful completion, setresuid() and setresgid() return 0;
      otherwise, they return -1 and set errno to indicate the error.





 Hewlett-Packard Company	    - 1 -      HP-UX 11i Version 2: May 2005






 setresuid(2)							setresuid(2)




 ERRORS
      setresuid() and setresgid() fail if any of the following conditions
      are encountered:

	   [EINVAL]	  ruid, euid, or suid (rgid, egid, or sgid) is not a
			  valid user (group) ID.

	   [EPERM]	  None of the conditions above are met.

 AUTHOR
      setresuid() and setresgid() were developed by HP.

 SEE ALSO
      exec(2), getuid(2), setuid(2).








































 Hewlett-Packard Company	    - 2 -      HP-UX 11i Version 2: May 2005
  23   Fri Jul 13 12:36:45 2007 Stefan Rittstefan.ritt@psi.chOtherRe: Compiling elogd.c on HP-UX 64 bitBetaThu Jul 12 09:38:47 2007 by Peter Rienstra
I applied most of your patches to the elog source code, SVN revision 1885. The only missing piece has to do with seteuid/setuid. I definitively need seteuid for linux, because elogd might be started under root, then it falls back to an optional elog user. But when it stops, it has to restore the original root user in order to delete the PID file (/var/run/elogd.pid) which was created under root. If seteuid does not exist under HP-UX, you should add something like
#ifdef HP-UX
  setuid(...)
#else
  seteuid(...)
#endif

Probably the HP-UX has to be something else, but I cannot test this since I don't have such an OS here. Once you get this working I can put it into the standard distribution.
  22   Wed Jul 11 11:13:16 2007 Peter Rienstrapeter.rienstra@gmail.comOtherCompiling elogd.c on HP-UX 64 bitBetaThu Jul 12 09:38:47 2007 by Peter Rienstra
We succeeded in compiling and running elogd (elog-2.6.5) on HP-UX 64 bit Itanium platform (HP-UX B.11.23 U ia64).

The main problem was we got a core dump after starting elogd. The cause was that the memory has be allocated with a 4 byte boundary. This could be the case on other 64 bit platforms as well. A colleague of mine (Sander Notting) found the solution.

Unzip and untar the zip file (elog-latest.tar.gz)
Go to the src directory (elog-2.6.5/src)

Edit elogd.c

Replace all:

show_selection_page(NULL); => show_selection_page();
seteuid => setuid
setegid => setgid

On line 564:
void *buffer => char *buffer


Line 645, add the text in bold:

void *xmalloc(size_t bytes)
{
char *temp;

/* Align buffer on 4 byte boundery for HP UX and other 64 bit systems to prevent Bus error(core dump)*/
if (bytes & 3)
bytes += 4 - (bytes & 3);

temp = (char *) malloc(bytes + 12);


After that compile:

cc -w -c -o regex.o regex.c
cc -w -c -o mxml.o ../../mxml/mxml.c
cc -w -c -o strlcpy.o ../../mxml/strlcpy.c
cc -I../../mxml -o elogd elogd.c regex.o mxml.o strlcpy.o

We didn't try to run elogd under root yet.
Attachment 1: elogdhpux64.c.gz
  21   Tue Feb 20 18:20:40 2007 Val Schmidtvschmidt@ldeo.columbia.eduDocumentationSecure elog with SSL under Apache2 on UbuntuStable 
The steps for configuration under Apache2 are a bit different. Below I've included a quick list of instructions for Ubuntu. One nice thing about this method, is that only https requests to https://your.url/elog are redirected (not all https connections to your url) so you can have other services running under ssl:

My Setup:
Ubuntu 6.10 (Edgy):
Linux tide1 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux

Packages:
ii  apache2                                    2.0.55-4ubuntu4                      next generation, scalable, extendable web se
ii  apache2-common                             2.0.55-4ubuntu4                      next generation, scalable, extendable web se
ii  apache2-mpm-worker                         2.0.55-4ubuntu4                      high speed threaded model for Apache2
ii  apache2-utils                              2.0.55-4ubuntu4                      utility programs for webservers 
ii  elog                                       2.6.1+r1642-1                        Logbook system to manage notes through a Web
---

To setup ssl in apache2 for elog I started here:
This min-howto was kindly provided in a forum. I reproduced it here without permission.
A Mini-Howto for apache2: 

apt-get install apache2
apache2-ssl-certificate
(and answer the questions)

Now, enable ssl:
a2enmod ssl

configure ssl:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl 
"/etc/apache2/sites-enabled/ssl" should look like this:

NameVirtualHost *:443
<VirtualHost *:443>
(... configure the directories too...)
and "/etc/apache2/sites-enabled/default" should look like this:

NameVirtualHost *:80
<VirtualHost *:80>
(... configure the directories too...)
In /etc/apache2/ports.conf, add Listen 443

In the middle of /etc/apache2/sites-available/ssl file, insert this two lines:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

Hope it helps :)

This method, without configuraiton of any of the <Directory> directives in /etc/apache2/sites-available/ssl, makes everything in /var/www https accessible. This may not be desirable. Configure the directives as you see fit.

To get SSL forwarding going for elog, in /etc/apache2/sites-available/ssl, I added the following:

 
ServerName tide1.unh.edu

        ProxyRequests Off
        ProxyPreserveHost On

        <Location /elog/>
                Order allow,deny
                allow from all

                ProxyPass  http://tide1.unh.edu:8080/
                ProxyPassReverse  http://tide1.unh.edu:8080/
                SSLRequireSSL
        </Location>

Once this is in place one must restart apache with
sudo /etc/init.d/apache2 force-reload

In /etc/elog.conf I added:
URL=https://tide1.unh.edu/elog

and restarted elog as above.

Finally, I removed the firewall entry that allowed connections to port 8080 for non-secure elog.

Items of note:
The "apache2-ssl-certificate" created a certificate that seems to expire in 30 days. This obviously not ideal. More details about how to create certificates can be found at HERE. At some point in the future, we'll have to figure this out and create a more appropriate certificate.
  20   Wed Jan 10 23:08:27 2007 Exaos LeeExaos.Lee@gmail.comScriptScript for running ELOGD on Ubuntu LinuxStable 
I prepared one init script for ELOGD running on Ubuntu Linux.
Please see the attachment.
Attachment 1: elogd_ubuntu.tgz
Goto page Previous  1, 2, 3, 4, 5, 6   Next  All
ELOG V3.1.5-3fb85fa6