web notes - a blog

This isn't actually useful, it's here to remind me what I did ... if you use this, be sure to start with the github link. Also - I forgot about the installation. Install stuff.

Tools

• Bison - Bison is a general-purpose parser generator that converts an annotated context-free grammar into a deterministic LR or generalized LR (GLR) parser employing LALR(1) parser tables. (Generates C++)
• Flex - flex is a tool for generating scanners: programs which recognize lexical patterns in text. (Tokens).
• gcc - The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, and D, as well as libraries for these languages (libstdc++,...). GCC was originally written as the compiler for the GNU operating system. The GNU system was developed to be 100% free software, free in the sense that it respects the user's freedom.

First

Does everything you do work the first time? Probably not. Start with someone else's stuff.

https://github.com/meyerd/flex-bison-example 

$ bison -d calc.y
$ flex calc.l
$ gcc calc.tab.c lex.yy.c -o calc -lm
$ ./calc

Write a little bash script because you're going to have to run your stuff, over and over

#!/bin/bash
if [ $# != 1 ];
then
    echo -e "\nUsage $0 <filename>\n\tExample: $0 one\n";
    exit 1;
fi;
bison -d "$1.y"
flex -l -o "$1.c" "$1.l"
gcc -lm "$1.tab.c" "$1.c" -o "$1"
./$1

Files

The two files I created are attached, with .txt extensions.

The goal was to create a little assembler. In this case, the assembler supports three commands - LOAD, CLEAR and STORE. It's interactive, meaning it behaves as an interpreter, rather than creating 'machine' code.

It was a good exercise and I like the example.

  y.txt

  l.txt

One of the tools I am using to secure a server is Fail2ban. It was working well for SSH and I wanted to extend it to provide more protection for Apache.

I installed it and enabled it.

jail.d/apache-modsecurity.conf

[apache-modsecurity]
enabled = true
backend = auto
port = http,https
filter = apache-modsecurity
logpath = %(apache_error_log)s
bantime = 19200
maxretry = 2
findtime = 3600
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

filter.d/apache-modsecurity.conf 

# Fail2Ban apache-modsec filter
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# apache-common.local
before = apache-common.conf

[Definition]
failregex = ^%(_apache_error_client)s(?: \[client [\d\.:]+\])? ModSecurity:\s+(?:\[(?:\w+ \"[^\"]*\"|[^\]]*\]\s*)*Access denied with code [45]\d\d (?:.*)$
ignoreregex =

# https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats
# Author: Daniel Black
# Sergey G. Brester aka sebres (review, optimization)

Helpful commands

• firewall-cmd --permanent --zone=public --add-service=http - allow HTTP through (add https as well)
• fail2ban-client reload apache-modsecurity - reload the Apache ModSecurity configuration
• fail2ban-client status apache-modsecurity - check the status of Apache ModSecurity configuration
• fail2ban-client get apache-modsecurity failregex - get the regex which will cause fail2ban to ban entries (if maxretries)
• fail2ban-regex /var/log/httpd/error_log '^\[\]\s\[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client (?:\[?(?:(?:::f{4,6}:)?(?P(?:\d{1,3}\.){3}\d{1,3})|(?P(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)))\]?|(?P[\w\-.^_]*\w))(:\d{1,5})?\](?: \[client [\d\.:]+\])? ModSecurity:\s+(?:\[(?:\w+ \"[^\"]*\"|[^\]]*)\]\s*)*Access denied with code [45]\d\d (?:.*)$' - check the regex
• h-rules | grep http - list the current http (and https) - there's probably a better way to do this

This was fun to do, but I can't remember why I decided to do it

The screenshot (below) is different than the actual source code, but you get the idea.

  main.txt

Ref: https://en.wikipedia.org/wiki/Double-precision_floating-point_format

sudo find /var/lib/php/session -mmin +24 -type f -exec ls -l {} \;

Yes, that's the whole post

If you are using PHP-FPM with Apache and you would like to separate the error logging by user, directory or virtual host, you can use the ProxyFCGISetEnvIf directive

In a server level Apache .conf file

<Directory /home/user/public_html>
ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "error_log=/var/log/php-fpm/user/error.log"
</Directory>

In this case, the error log for user would be

/var/log/php-fpm/user/error.log


Set up the ACL (AMI 2 Linux)

setfacl -m u:user:x /var/log/php-fpm
setfacl -m u:user:rx /var/log/php-fpm/user
setfacl -d -m u:user:r /var/log/php-fpm/user

Test it with

sudo su user
more /var/log/php-fpm/user/error.log

Credit to:

Comment from PHP.net (documentation)

https://www.php.net/manual/en/install.fpm.configuration.php#123335