LAB8.x

AlexeyBY

Hello,
I use CentOS 7.

1.
Where the directory new-cgi and the file foo.cgi must be created ?
I've created two times: /var/www/new-cgi/foo.cgi and /etc/httpd/new-cgi/foo.cgi
2.
As for /etc/httpd/conf.d/newscript.conf file, have you checked scripts directory ? Is it Ok ?
find / -name scripts
/etc/dhcp/scripts
/etc/vmware-tools/scripts
/usr/share/doc/nmap-ncat-6.40/examples/scripts
/usr/share/nmap/scripts
/usr/libexec/perf-core/scripts
/usr/src/kernels/3.10.0-1127.18.2.el7.x86_64.debug/arch/um/scripts
/usr/src/kernels/3.10.0-1127.18.2.el7.x86_64.debug/scripts
/usr/src/kernels/3.10.0-1127.18.2.el7.x86_64.debug/tools/perf/scripts
/usr/src/kernels/3.10.0-1127.18.2.el7.x86_64.debug/tools/scripts

3.
Step 2.What does "include" mean ? Should I correct anything ?

4.
After restarting httpd, I've got my error:

http://localhost/scripts/foo.cgi?bar
-bash: http://localhost/scripts/foo.cgi?bar: No such file or directory

w3m -dump http://10.83.23.220/scripts/foo.cgi?bar
Forbidden
You don't have permission to access /scripts/foo.cgi on this server.

w3m -dump http://127.0.0.1/index.html
This is my default file

[root@centos7-1 new-cgi]# w3m -dump http://127.0.0.1/scripts/foo.cgi?bar
Forbidden
You don't have permission to access /scripts/foo.cgi on this server.

Pls help me to understand my issue in such terrible labs.

Thank you

Regards,
Alexey

luisviveropena

Hi @AlexeyBY ,

I'll let Lee provide you an answer, I just want to ask if you are in the Cloud Engineer Bootcamp, because if so, you may join the Office Hours for LFS211, and I'll be happy to assist in anything I can.

BTW, I don't think the labs are terrible, in fact, for item 1:

Where the directory new-cgi and the file foo.cgi must be created ?
I've created two times: /var/www/new-cgi/foo.cgi and /etc/httpd/new-cgi/foo.cgi

It's pretty clear to me that it's in the root directory, I mean /new-cgi/ , as the initial text indicates:

"Exercise 8.1: Create a new cgi script-enabled directory /new-cgi/ served at the URI
/scripts/.
Create the script /new-cgi/foo.cgi with the following contents (you may have to create the directory /new-cgi/):"

So, it's under "/" ==> The directory should be created as /new-cgi/ and you need to create the file into that directory /new-cgi/foo.cgi .

i.- sudo mkdir /new-cgi
or do it as root.

ii.- sudo touch /new-cgi/foo.cgi

I hope that helps.
Regards,
Luis.

AlexeyBY

Hello,
"Terrible" means to performs step by step labs without asking to help somebody. It's impossible here.
As for the Cloud Engineer Bootcamp, i've bought several courses separately but it's the same like Cloud Engineer Bootcamp.

To keep speaking about the lab 8.1:
I've created /root/new-cgi/foo.cgi -- Done!
After restarting, my results have not been changed.

w3m -dump http://localhost/scripts/foo.cgi?bar or w3m -dump http://10.83.23.220/scripts/foo.cgi?bar
Forbidden
You don't have permission to access /scripts/foo.cgi on this server.

tail -f /var/log/httpd/access_log
10.83.23.220 - - [20/Oct/2020:18:47:18 +0300] "GET /scripts/foo.cgi?bar HTTP/1.0" 403 217 "-" "w3m/0.5.3+git20190105"
::1 - - [20/Oct/2020:18:47:21 +0300] "GET /scripts/foo.cgi?bar HTTP/1.0" 403 217 "-" "w3m/0.5.3+git20190105"

tail -f /var/log/httpd/error_log
[Tue Oct 20 18:47:18.852971 2020] [authz_core:error] [pid 1454] [client 10.83.23.220:39468] AH01630: client denied by server configuration: /new-cgi
[Tue Oct 20 18:47:21.298743 2020] [authz_core:error] [pid 1455] [client ::1:33452] AH01630: client denied by server configuration: /new-cgi

Thank you
Regards,
Alexey

AlexeyBY

Hello,
I've performed the lab. My above comment is for /root/new-cgi/foo.cgi. Probably I got wrong.
It's Ok for the /new-cgi/foo,cgi.

I'd like to ask you about this lab. We are performing the labs here for many topics. It means the best practice how to do it. Does LinuxFoudation recommend to use "/" to locate scripts for http server like Apache ? Let me know pls. it's good to read LFS201 Chapter 2.

Thank you

luisviveropena

Hi @AlexeyBY ,

I think you are confused:

To keep speaking about the lab 8.1:
I've created /root/new-cgi/foo.cgi -- Done!
After restarting, my results have not been changed.

/new-cgi/ and /new-cgi/foo.cgi are not the same than /root/new-cgi/ and /root/new-cgi/foo.cgi . So, the newscripts.conf configuration script won't work with your setup.

So, the /root directory is the home directory of the root account. It is also referred to as the root user's home directory, and not as the root directory. The root directory is "/".

I hope that helps,
Luis.

AlexeyBY

My last comment was deleted. WHY ?
I'll repeat here gain:
lab 8.2 is not working.

cat /etc/httpd/conf.d/namevhost.conf

DocumentRoot /var/www/html/
ServerName default
RewriteEngine on ------------------- ADDED
RewriteOptions inherit --------------ADDED


DocumentRoot /var/www/html/namevhost/
ServerName namevhost.example.com

Options Indexes FollowSymLinks
AllowOverride None
Require all granted

cat /etc/httpd/conf.d/rewrite.conf
RewriteEngine on
RewriteRule \^/foo/(.*) /scripts/foo.cgi?$1 [L,PT]

The result is:
w3m -dump http://127.0.0.1/scripts/foo/bar
Not Found
The requested URL /scripts/foo/bar was not found on this server.

[Tue Oct 20 19:44:30.751955 2020] [cgi:error] [pid 1731] [client 127.0.0.1:51732] script not found or unable to stat: /new-cgi/foo

thank you

fcioanca

We don't delete posts, but the system may automatically flag it as spam, especially if there are URLs in a post. Moderators check the spam folder periodically for posts that are not actually spam and unflag them.

AlexeyBY

thank you. It was deleted after editing my last post.

To keep speaking about the lab 8.2. I may get wrong to correct file namevhost.conf
According to the guide 8.2:
If you have done the virtualhost lab from the previous chapter you need to add these two lines to namevhost.conf in the default namevhost section

There are two sections which are called default and namevhost.example.com (ServerName). There is no default_namevhost.
I've corrected _default as I posted in the last comment but i don't know it's Ok or not

thank you

AlexeyBY

As for labs 8.3 and 8.4, i've done. I have an one question for you.
Lab 8.4 step 3, why must the file magic/index.html be executable ? the lab 8.4 works but i've not done this file executable.
Must this file be executable ?
thank you

lee42x

Hi,
Using the "/" directory would not be appropriate for a production server. The "/" is used in the labs to simplify the various exercises. As you have may noticed, the various distro's place files in different locations so there is not a single "correct" location for the various components.

Are you referencing the sample files in the SOLUTIONS directories?

As for the excictable bit on the magic/index.html , I will verify.

Lee

AlexeyBY

Hi,
I've already understood that all labs are to check the exercises. in general, the course cannot be used for real cases on production server. I will have to buy new courses which are out of LinuxFoundation to keep learning the linux world and know the best practices how to.

By the way, i cannot perform the lab 8.2 . Any new here ?

As for the lab 8.3., we check an access to a server for 127.0.0.1 and 10.22.34.0/18 (or own network). It's better to correct the step 4 to check access to the server from different IP src. Checking from 127.0.0.1 only is not idea for this lab. The idea is to check(permit/deny) access from different IPsrc.

As for the lab 8.4, i will be waiting for a reply about magic/index.html. I'm not sure but i think it's a security issue to set the excitable bit for *.html files.

Regards,
Alexey

lee42x

Exercise 8.2. and 8.4 are working as documented, with the exception of the rewrite.conf file, there is an extra \ at the beginning of the regular expression.
The executable bit on the html file is required for the xbitHack to function.

lee42x

Alexey , I will post my config files in a few minutes, they may help identify where the disconnect is.

lee42x

Alexey, compare your configuration files to these.

Lee

lee42x

The reference for the "XbitHack" is here: https://httpd.apache.org/docs/2.4/mod/mod_include.html#xbithack