New “unix Bash security hole”, deadlier than “Heartbleed”


images2A big unix bash hole (“Shellshock”) uncovered on 24thSep 2014, which can be used to take control of your unix based system.

Bash is the very powerful software to control unix based systems via command line. And if this powerful weapon reaches to an unwanted person, everything can be sacrificed.

The Department of Homeland Security’s United States Computer Emergency Readiness Team, or US-CERT, issued an alert saying the vulnerability affected Unix-based operating systems including Linux and Apple Inc’s Mac OS X.

Is your system vulnerable ?

As per an excellent write-up by RedHat, to check if your system is vulnerable, type below commands in bash.

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you see an output like

vulnerable
this is a test

You need a patch to fix it.

It is relatively easy to use this hole.

Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned the bug was rated a “10” for severity, meaning it has maximum impact, and rated “low” for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.

Fix it!

US-CERT advised computer users to obtain operating systems updates from software makers. It said that Linux providers including Red Hat Inc (RHT.N) had already prepared them, but it did not mention an update for OS X. Apple representatives could not be reached.

To update it a similar type of command can be run

yum update bash

After a patch, if you run above command, you will find a output similar to

env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

For MAC users:
http://security.stackexchange.com/questions/68202/how-to-patch-bash-on-osx-in-wake-of-shellshock
Unlike Heartbleed, Shellshock doesn’t appear to have any easy solutions for average users right now. In most cases, it will be up to system administrators and software companies to issue patches.

Know more:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

http://www.reuters.com/article/2014/09/24/us-cybersecurity-bash-idUSKCN0HJ2FQ20140924

Identify your slow Running QUERY?


We all know, it not good to keep queries which take long time to run and fetch result. But, one point also comes in mind what is the quick way to identify the Slow Running Query.

One of the good thing is MYSQL provide one way from which we can easily identify the slow running queries, and also store that slow running query in log.

“MYSQL doesn’t store SLOW running queries by default.”

images (2)
To Enable Log for Slow Queries:

Edit my.cnf (configuration file) of mysql and uncomment these line under [mysqld] block:

long_query_time         = 1  // in seconds
log_slow_queries       = /var/log/mysql/mysql-slow.log

The default long_query_time is 0, but we’ve set it to 1 here to make MySQL log all queries that take longer than 1 second to execute.

Feel free to change this value, as well as the location for the log file. You can then use the
mysqldumpslow command-line tool, included with MySQL, to get a summary of the slow-query-log file.

When you’re done, you need to restart the MySQL server for the changes in the my.cnf file to take effect

/etc/init.d/mysql restart
OR
sudo service mysql restart

And its done!

Enjoy Coding! 🙂

 

ApaChE Tips


We all know while development, sometimes we need to setup different projects in our system. For which we have to do settings (like virtual host, host setup,…) to run it in our local environment.

Here, I am sharing some tips for Apache that might be helpful for doing setup of different projects.

Setup a Virtual Domain

NameVirtualHost *
<VirtualHost *>
DocumentRoot /web/example.com/www
ServerName www.example.com
ServerAlias example.com CustomLog /web/example.com/logs/access.log combined ErrorLog /web/example.com/logs/error.log
</VirtualHost> 

Include another conf file

Include /etc/apache/virtual-hosts/*.conf

Hide Apache Version Info

ServerSignature Off
ServerTokens Prod

Only allow Access from a specific IP

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

Only allow access from your subnet

Order Deny,Allow
Deny from all
Allow from 176.16.0.0/16

Add a directory index

DirectoryIndex index.cfm index.cfm

Turn OFF directory browsing

Options -Indexes

Turn ON directory browsing

<Location /images>
  Options +Indexes
</Location>

Enjoy Coding! 🙂

Regain Speed of your MAC


Even if you are a mac user you will slowly realize sometime your mac is slowing down. This may lead to your system hang sometime. But its not the time to blame the operating system (OS).

One real limitation is its hardware. If you system has a single core processor, it can never provide you a performance of quad core processor. If you have 1 GB RAM, it can never give you performance of a 4 GB of RAM etc..

It is you who can keep your home clean and maintained to keep everything running smoothly.

There are many apps which help you to regain performance. But I will tell some basic non-app solutions.

Close your application properly:
(command + q)
Remember closing application window don’t close the application. If you close even your last window, the application is still running. Mainly Windows user has been seen to do this mistake (I also did the same mistake). Close your application properly.

Delete apps while you don’t use:
Go to “/Application” directory (click Application from finder window) Remove all the apps which you don’t use by moving it to trash. Unlike Windows, moving apps into trash = uninstalling the app.

Delete Files from Download directory which is not needed:
Download directory used to keep increasing with files. Remove unnecessary files.

Empty your Trash:
Unlike Windows or Ubuntu there are NO (shift + delete) option. So keep remember to periodically clean your trash.

Compress all the old and backup files:
Select all the backup files and folders, right click on it, click on “Compress .. items”.

Clean up system logs and temporary files:
Go to terminal.
Type “ sudo periodic daily weekly monthly ”, type sudo password. Done.

Clean up Junk files and invalid registry entries:
Go to terminal
Type “ sudo tmutil disablelocal

Remove iOS old backups:
Go to your mobile sync backup directory. Locate older backups and delete those.
cd /Users/[user name]/Library/Application Support/MobileSync/Backup
sudo rm -rf [directory name]

Above few points are for maintaining to bring a smile on your face. 🙂

 

References:
http://www.wikihow.com/Clean-Up/Speed-up-Your-Mac

How to create CRON in zend


It is seen many times that People are struggling to create a Cron.
Creating a cron is not a difficult job. Developer used to struggle about how to set it up.

Cron is nothing but a script which will run on terminal (command prompt)

We will talk about creating a cron using zend framework in php language.

First question arrives in framework:
Generally frameworks have a structure, as zend has its own MVC structure. Now if we want to create a cron for the project which is built in zend, can we use the benefits of a framework? i.e., controller, model, library, helper etc.

The answer is:
Yes, and it is fairly easy in zend.

Lets check how:
Lets assume we already created our module, controller and model and other necessary things to implement certain functionality and already tested using browser.

Now if we directly run the controller from terminal,  it will not work. Because there are no proper bootstrapping done, hence zend will not be able to identify the controller as controller etc.

So, we will create a public php file which will be run in terminal and will bootstrap the zend and call that particular controller.

Lets create cron.php in the public directory of our project,  add put all the necessary constants required to bootstrap. Like-

// Define path to application directory
defined('APP_PATH') || define('APP_PATH', realpath(dirname(__FILE__) . '/../app'));

// Define path to library directory
defined('APP_LIB') || define('APP_LIB', realpath(dirname(__FILE__) . '/../lib'));

// Set application ini path
defined('APP_INI_PATH') || define('APP_INI_PATH', APP_LIB . '/Config/app.ini');

// Ensure library/ is on include_path
 set_include_path(implode(PATH_SEPARATOR, array(
     realpath(APP_PATH . '/../lib'),
     get_include_path()
 )));

// Define application APP_ENV
 defined('APP_ENV') || define('APP_ENV', 'cron-name');

/** Zend_Application */
 require_once 'Zend/Application.php';

// Create application, bootstrap, and run
 $application = new Zend_Application(
 APP_ENV,
 APP_LIB . '/Config/app.ini'
 );
 $application->bootstrap()->run();

Note highlighted APP_ENV, this will be used to call controller.

following code will be in “Config/app.ini” file

['cron-name]
 resources.db.adapter = "pdo_mysql"
 resources.db.params.host = "localhost"
 resources.db.params.username = "root"
 resources.db.params.password = ""
 resources.db.params.dbname = "dbname" 

 resources.frontController.params.prefixDefaultModule = "1"
 resources.frontController.defaultModule         = "yourModuleName"
 resources.frontController.defaultControllerName = "yourControllerName"
 resources.frontController.defaultAction         = "index"

All done. Just type “php cron.php” in your terminal and it will work as usual.

Important notes about cron:

  • Cron should NOT be session protected.
  • browser access of cron file should be restricted. We can achieve this by
        if (PHP_SAPI !== 'cli') {
                echo 'Access Restricted';
                exit;
         }

Hope this will help you building cron while using zend framework. 🙂

Background processes ( How dangerous it could be)


As a software developer we face some situation when user response time is very high. For example sometime we need to send 10,000 mails at a time or converting 1000 files to some other formats at a time.

In such cases users need to wait a long time to get response. To avoid this we usually run the task as a background process and show user a message like “Your request is being processed”.

In my case also there was similar situation and I was handling in this way-

for ($i=0;$i<10000;$i++){
  exec("php convertFileAndMail.php $i >/dev/null 2>&1 & echo $!",, &$output);
}

And the server went into inoperable state and and once even my database server which was running in same system crashed.

Finding the reason:

To find the reason I created 2 files

1) loop.php
2) sleep.php

Codes of sleep.php: (sleep for 5 sec and log 2nd argument passed)

<?php
  sleep(5);
  file_put_contents('log.txt',$argv[1]."\n", FILE_APPEND);
?>

Codes of loop.php: (loop and execute sleep.php)

<?php
  $c=100000;
  for($i=0;$i<$c;$i++) {
     exec("php sleep.php $i >/dev/null 2>&1 & echo $!",, &$output);
  }
?>

And then in terminal if you run following command –

[php loop.php]

Within a few seconds this will hang a normal system. 😦

Reason:

If we look into the files there are almost 0 processing power needed to execute the sleep.php because the file only sleeps for 5 sec and write a number to a file.

Then what is wrong?

The file loop.php adding tasks as background processes and sleep.php takes 5 sec to complete due to sleep. Within this 5 sec loop.php adding millions of background processes.

So in the certain time number of simultaneous processes is huge and it takes lots of memory. Which may even cause system breakdown.

Way out and suggestions:

From above example it is very clear that we have to keep number of simultaneous processes less.

There are a few ways to reach it according to your need-

  • Avoid creating background processes.
  • But sometime we need background processes as mentioned above, in that case try to create less number of background processes. May be in one background process you can do all you need.
  • There are some scenario where we will be needing multiple background processes. Here we have few tools like GEARMAN (http://gearman.org) to handle simultaneous background processes. (I will come up with Gearman concept in another blog later).

Hope this will help you to avoid a pothole in your way. 🙂