Re: pen RPM Red Hat packages for RH62, RH73, RH80 and RH9

From: Ulric Eriksson (ulric@siag.nu)
Date: Wed Sep 24 2003 - 00:30:40 CEST

Previous message: Michiel van Es: "RE: Pen webserver with multiple domains"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 23 Sep 2003, Dag Wieers wrote:

> Hi Ulric,
>
> I'm packaging pen for different Red Hat flavors. You can find these
> packages at:
>
> http://dag.wieers.com/packages/pen/

I've added a link to those packages on the web page.

I have also added your spec file to the stuff that gets distributed with
the pen source. Seems To Work (tm) on my own RH9 system.

> I also added the necessary stuff so people can set up penctl.cgi easily.
> I'd also like to add a sysv-script and default config-files so people have
> a simple guideline to test a basic setup and can configure it so it works
> after a reboot. (Standard places and default settings are always
> important). And also default log-file and logrotate.

Ideally, pen should be run as a separate user in a chrooted directory.

If penctl.cgi is used, it is very important to control access to it.
Otherwise a malicious remote user can use pen to proxy into almost any
service inside the network.

A basic sysv-ish start script would look something like:

8<---
#!/bin/sh

PENHOME=/home/pen

case "$1" in
start )
        /usr/local/bin/pen -u pen -j $PENHOME \
                -w /penstats.html -p /pen.pid \
                -C localhost:10000 -l alphabob:10000 \
                siag:www -F /pen.cfg
        ;;
stop )
        test -f $PENHOME/pen.pid && kill `cat $PENHOME/pen.pid`
        ;;
restart )
        $0 stop
        $0 start
        ;;
* )
        echo "Usage: $0 start | stop | restart"
        ;;
esac
8<---

This is the start script I use. For public consumption, I would leave out
the control interface which can be a security problem with untrusted local
users.

A basic pen.cfg:

8<---
no acl 1
acl 1 permit 127.0.0.1
control_acl 1
server 0 address siag-eth0-0 port 80
server 1 address alphabob port 80
8<---

Penlogd needs a start script of its own. Here's the one from alphabob:

8<---
#!/bin/sh

PENHOME=/home/ulric/webalizer

case "$1" in
start )
        /usr/local/bin/penlogd -j $PENHOME -u ulric \
                -l /access_log -p /penlogd.pid 10000
        ;;
stop )
        test -f $PENHOME/penlogd.pid && kill `cat $PENHOME/penlogd.pid`
        test -f $PENHOME/penlogd.pid && kill -9 `cat $PENHOME/penlogd.pid`
        ;;
restart )
        $0 stop
        $0 start
        ;;
* )
        echo "Usage: $0 start | stop | restart"
        ;;
esac
8<---

Finally, a script which is run from root's crontab on alphabob:

8<---
#!/bin/sh

PATH="/usr/local/bin:$PATH"; export PATH

A=access_log
D="$A.`date +%Y-%m-%d`"
R="$A.resolved"

cd /home/ulric/webalizer
mv "$A" "$D"
/etc/rc.d/penlogd restart
splitwr $D > access_log.resolved
webalizer access_log.resolved
8<---

Previous message: Michiel van Es: "RE: Pen webserver with multiple domains"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Wed Sep 24 2003 - 00:31:18 CEST