Part of any VirtualHost config involves making the right directories and you can make your job easier by using curly braces. I suppose you could call it regular expressions. I don’t actually know the technical terms for it. I know it works in bash which is what I use on a daily basis.

Learn how to create directories without having to issue multiple mkdir commands. This is a pretty simple one.

mkdir -p /path/to/some/vhost/docs

This is fairly straight forward. Make the parent directories if they don’t exist. So if /path/to/some/vhost/docs is what you want, and /path or any of it’s children don’t exist, then it will get created. It’s a fairly safe command because it intelligently checks before creating directories.

This example is a bit more complicated but it’s awesomeness will blow you away. I used this when I was making virtualhosts for multiple domains or even sub domains of the same parent.

mkdir -p {sub1,sub2,sub3}.domain.com/{docs,logs,cgi-bin}

or

mkdir -p www.{domain1,domain2,domain3}.com/{docs,logs,cgi-bin}

that command will create all your directories in the appropriate hierarchy so that you don’t need to issue multiple mkdir commands. It will create the parent directories for you as well. Here is what it does.

$ find .
.
./www.domain1.com
./www.domain1.com/cgi-bin
./www.domain1.com/docs
./www.domain1.com/logs
./www.domain2.com
./www.domain2.com/cgi-bin
./www.domain2.com/docs
./www.domain2.com/logs
./www.domain3.com
./www.domain3.com/cgi-bin
./www.domain3.com/docs
./www.domain3.com/logs

You can also do that with ls.

$ ls -d www.domain{1,2}*
www.domain1.com    www.domain2.com

Or even with rm

$ rm -vr www.domain{1,3}*
www.domain1.com/cgi-bin
www.domain1.com/docs
www.domain1.com/logs
www.domain1.com
www.domain3.com/cgi-bin
www.domain3.com/docs
www.domain3.com/logs
www.domain3.com

Enjoy!

You should know that I only recommend doing this on systems that you ABSOLUTELY trust. If you have any doubt what so ever, do NOT continue.

I never thought i’d actually need this but i ended up actually providing it as a solution for securing database accounts.

To get this working on CentOS 5, I had to do the following

# yum install xinetd authd

authd is an xinetd service and authd is the RFC 1413 identd service

Out of the box, authd comes a little more secure than I expected. It’s not bad but it’s definitely a hindrance for other systems when they don’t know what to send.

/etc/xinetd.d/auth will come by default with

server_args = -t60 --xerror --os -E


This tells inetd to expect the ‘uname’ instead of ‘UNIX’ as the OS name. It’s great that it offers this option but I don’t know if all identd clients need to know what OS it is. You can leave it in if you like. Lastly, it tells identd to encrypt the username and then send it. I’m not sure how many identd clients can handle that.

I changed it to


server_args = -t60 --xerror


start or restart xinetd and you should see 113 listening.

I’m a lazy guy so I can’t be bothered to open more than one connection to a server. You can open two if you prefer.

I login and start tcpdump


tcpdump -i lo -nn "port 113" &
telnet localhost 113


It should show you distinctly what port two ports are involved in the connection you just made.

IP 127.0.0.1.SOURCE_PORT_NUM > 127.0.0.1.113

Next type in “SOURCE_PORT_NUM,113″ and hit Enter. Note that “SOURCE_PORT” here is a NUMBER not actually “SOURCE_PORT”

Amidst all the messy tcpdump output, you should see a line

SOURCE_PORT_NUM , 113 : USERID : UNIX :root

That shows you that identd is working properly. At least locally.

So if you ever find any of this useless knowledge helpful, let me know.

Unix/Linux admins are taught to hate identd because it’s pretty much the least secure protocol but I have to believe that it has a place in an environment that is completely trusted. You don’t have random users logging in or random accounts being created.

I think the overall advantage here is that you can use this to provide an additional layer of security across your trusted enterprise.

There is no other way to put it. It’s such a fantastic tool and once you get used to it, you almost never use the sub par “locate” utility to find files.

Some of my favorite find switches and one liners are listed below. Explanations too.

Find all directories in the current directory only without going any deeper that start with “20″. Note that I have included ‘-mindepth 1′ and there is a reason for that. Try excluding it and you’ll see exactly what I mean.

find ./ -maxdepth 1 -mindepth 1 -type d -name "20*"


Find all files named config.php in this directory and all sub directories. Print the name of the file and run ‘ls -al’ on the file. run a grep command for “string1″ (case insensitive) against the files. I find this command very useful in doing a single replacement across many files. It helps me determine what will change if I run a mass replacement. The “{}” at the end is the name of the file that is replaced in the command. Without that, you will get an error.

find ./ -name "config.php" -ls -print -exec grep -i string1 {} \;


Now I can find those same files and then run a sed command that will replace all occurrences of string1 with string2. The “-i” in this case tells sed to make the change to the file in place without creating a new file. This way you have less to clean up but be careful because there is no backup. If you want to backup the file, use “-i” where is the extension you want the backup file to have. E.g. -i.bak

find ./ -name "config.php" -exec sed -i "s/string1/string2/g" {} \;

Another use of exec where you sub {} for the file name allows you to do cool things like back up many different files with the same condition. In this case, anything that is “config.*” will be “config.*.bak”.

find ./-name "config.*" - exec cp {} {}.bak \;

Find any directories that have a no permissions for group and others. This is important if you want to find directories that don’t have permissions that are needed for users to enter a directory. After this, you can use -exec chmod 755 {} \; to change the permissions appropriately.

find ./ -type d -perm 0700


Find any files that are owned by a particular user. You can also specify “-group” to find files by user and group names. I use this to find files owned by “root” in home directories and then chown them to the appropriate user.

find ./ -user "username"


The -exec feature in find is perhaps the most valuable aspect of “find”. I use it several times a day in combination with sed and awk to do all sorts of one liners that would normally need a script.

Don’t forget that you can do all sorts of really neat things with find, sed, awk if you use regular expressions.

This script would rotate all logs into a tarball and move it somewhere for archival purposes.

The problem was that I couldn’t just rotate today’s logs because it would be incomplete. I had to intelligently find a way to rotate the previous days logs (which would be complete) and then tar them up.

It turns out that you can do this with the “date” command in linux.


YESTERDAY=$(date -d "yesterday" '+%Y-%m-%d')
echo $YESTERDAY


This little snippet came in very handy and so I thought would share it.

The whole script is very small actually. Here it is. All you want to do is direct the output to a log file so you can review it later if need be. It’s chatty but you want chatty when you’re backing up and deleting log files.


#!/bin/bash
if [ $# -lt 3 ]; then
echo "USAGE: backup_logs.sh ORIGINAL FILE-PREFIX- DESTINATION"
exit
fi
# get command line variables
FILE=$2
ORIG=$1
DEST=$3
# get current time for log files.
NOW=$(date)
# get yesterdays date
YESTERDAY=$(date -d "yesterday" '+%Y-%m-%d')
# beginning entry in the log file
echo "$NOW Backing up $FILE from $ORIG for $YESTERDAY to $DEST/$FILE-$YESTERDAY.tgz"
echo "$NOW Command is /bin/tar -zcvf $DEST/$FILE$YESTERDAY.tgz $ORIG/$FILE$YESTERDAY*"
/bin/tar -zcvf $DEST/$FILE$YESTERDAY.tgz $ORIG/$FILE$YESTERDAY*
echo $NOW Done backing up logfiles to $DEST/$FILE-$YESTERDAY.tgz
echo "$NOW removing files that were backed up."
/bin/rm -vf $ORIG/$FILE$YESTERDAY*
echo "$NOW done removing backuped up files."