Welcome to the Linux Foundation Forum!

LAB8.x

Hello,
I use CentOS 7.

1.
Where the directory new-cgi and the file foo.cgi must be created ?
I've created two times: /var/www/new-cgi/foo.cgi and /etc/httpd/new-cgi/foo.cgi
2.
As for /etc/httpd/conf.d/newscript.conf file, have you checked scripts directory ? Is it Ok ?
find / -name scripts
/etc/dhcp/scripts
/etc/vmware-tools/scripts
/usr/share/doc/nmap-ncat-6.40/examples/scripts
/usr/share/nmap/scripts
/usr/libexec/perf-core/scripts
/usr/src/kernels/3.10.0-1127.18.2.el7.x86_64.debug/arch/um/scripts
/usr/src/kernels/3.10.0-1127.18.2.el7.x86_64.debug/scripts
/usr/src/kernels/3.10.0-1127.18.2.el7.x86_64.debug/tools/perf/scripts
/usr/src/kernels/3.10.0-1127.18.2.el7.x86_64.debug/tools/scripts

3.
Step 2.What does "include" mean ? Should I correct anything ?

4.
After restarting httpd, I've got my error:

http://localhost/scripts/foo.cgi?bar
-bash: http://localhost/scripts/foo.cgi?bar: No such file or directory

w3m -dump http://10.83.23.220/scripts/foo.cgi?bar
Forbidden
You don't have permission to access /scripts/foo.cgi on this server.

w3m -dump http://127.0.0.1/index.html
This is my default file

[root@centos7-1 new-cgi]# w3m -dump http://127.0.0.1/scripts/foo.cgi?bar
Forbidden
You don't have permission to access /scripts/foo.cgi on this server.

Pls help me to understand my issue in such terrible labs.

Thank you

Regards,
Alexey

Comments

  • luisviveropena
    luisviveropena Posts: 1,142
    edited October 2020

    Hi @AlexeyBY ,

    I'll let Lee provide you an answer, I just want to ask if you are in the Cloud Engineer Bootcamp, because if so, you may join the Office Hours for LFS211, and I'll be happy to assist in anything I can.

    BTW, I don't think the labs are terrible, in fact, for item 1:

    Where the directory new-cgi and the file foo.cgi must be created ?
    I've created two times: /var/www/new-cgi/foo.cgi and /etc/httpd/new-cgi/foo.cgi

    It's pretty clear to me that it's in the root directory, I mean /new-cgi/ , as the initial text indicates:

    "Exercise 8.1: Create a new cgi script-enabled directory /new-cgi/ served at the URI
    /scripts/.
    Create the script /new-cgi/foo.cgi with the following contents (you may have to create the directory /new-cgi/):"

    So, it's under "/" ==> The directory should be created as /new-cgi/ and you need to create the file into that directory /new-cgi/foo.cgi .

    i.- sudo mkdir /new-cgi
    or do it as root.

    ii.- sudo touch /new-cgi/foo.cgi

    I hope that helps.
    Regards,
    Luis.

  • Hello,
    "Terrible" means to performs step by step labs without asking to help somebody. It's impossible here.
    As for the Cloud Engineer Bootcamp, i've bought several courses separately but it's the same like Cloud Engineer Bootcamp.

    To keep speaking about the lab 8.1:
    I've created /root/new-cgi/foo.cgi -- Done!
    After restarting, my results have not been changed.

    w3m -dump http://localhost/scripts/foo.cgi?bar or w3m -dump http://10.83.23.220/scripts/foo.cgi?bar
    Forbidden
    You don't have permission to access /scripts/foo.cgi on this server.

    tail -f /var/log/httpd/access_log
    10.83.23.220 - - [20/Oct/2020:18:47:18 +0300] "GET /scripts/foo.cgi?bar HTTP/1.0" 403 217 "-" "w3m/0.5.3+git20190105"
    ::1 - - [20/Oct/2020:18:47:21 +0300] "GET /scripts/foo.cgi?bar HTTP/1.0" 403 217 "-" "w3m/0.5.3+git20190105"

    tail -f /var/log/httpd/error_log
    [Tue Oct 20 18:47:18.852971 2020] [authz_core:error] [pid 1454] [client 10.83.23.220:39468] AH01630: client denied by server configuration: /new-cgi
    [Tue Oct 20 18:47:21.298743 2020] [authz_core:error] [pid 1455] [client ::1:33452] AH01630: client denied by server configuration: /new-cgi

    Thank you
    Regards,
    Alexey

  • Hello,
    I've performed the lab. My above comment is for /root/new-cgi/foo.cgi. Probably I got wrong.
    It's Ok for the /new-cgi/foo,cgi.

    I'd like to ask you about this lab. We are performing the labs here for many topics. It means the best practice how to do it. Does LinuxFoudation recommend to use "/" to locate scripts for http server like Apache ? Let me know pls. it's good to read LFS201 Chapter 2.

    Thank you

  • Hi @AlexeyBY ,

    I think you are confused:

    To keep speaking about the lab 8.1:
    I've created /root/new-cgi/foo.cgi -- Done!
    After restarting, my results have not been changed.

    /new-cgi/ and /new-cgi/foo.cgi are not the same than /root/new-cgi/ and /root/new-cgi/foo.cgi . So, the newscripts.conf configuration script won't work with your setup.

    So, the /root directory is the home directory of the root account. It is also referred to as the root user's home directory, and not as the root directory. The root directory is "/".

    I hope that helps,
    Luis.

  • My last comment was deleted. WHY ?
    I'll repeat here gain:
    lab 8.2 is not working.

    cat /etc/httpd/conf.d/namevhost.conf

    DocumentRoot /var/www/html/
    ServerName default
    RewriteEngine on ------------------- ADDED
    RewriteOptions inherit --------------ADDED


    DocumentRoot /var/www/html/namevhost/
    ServerName namevhost.example.com

    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted

    cat /etc/httpd/conf.d/rewrite.conf
    RewriteEngine on
    RewriteRule \^/foo/(.*) /scripts/foo.cgi?$1 [L,PT]

    The result is:
    w3m -dump http://127.0.0.1/scripts/foo/bar
    Not Found
    The requested URL /scripts/foo/bar was not found on this server.

    [Tue Oct 20 19:44:30.751955 2020] [cgi:error] [pid 1731] [client 127.0.0.1:51732] script not found or unable to stat: /new-cgi/foo

    thank you

  • fcioanca
    fcioanca Posts: 1,886

    We don't delete posts, but the system may automatically flag it as spam, especially if there are URLs in a post. Moderators check the spam folder periodically for posts that are not actually spam and unflag them.

  • AlexeyBY
    AlexeyBY Posts: 56
    edited October 2020

    thank you. It was deleted after editing my last post.

    To keep speaking about the lab 8.2. I may get wrong to correct file namevhost.conf
    According to the guide 8.2:
    If you have done the virtualhost lab from the previous chapter you need to add these two lines to namevhost.conf in the default namevhost section

    There are two sections which are called default and namevhost.example.com (ServerName). There is no default_namevhost.
    I've corrected _default
    as I posted in the last comment but i don't know it's Ok or not

    thank you

  • As for labs 8.3 and 8.4, i've done. I have an one question for you.
    Lab 8.4 step 3, why must the file magic/index.html be executable ? the lab 8.4 works but i've not done this file executable.
    Must this file be executable ?
    thank you

  • lee42x
    lee42x Posts: 380

    Hi,
    Using the "/" directory would not be appropriate for a production server. The "/" is used in the labs to simplify the various exercises. As you have may noticed, the various distro's place files in different locations so there is not a single "correct" location for the various components.

    Are you referencing the sample files in the SOLUTIONS directories?

    As for the excictable bit on the magic/index.html , I will verify.

    Lee

  • Hi,
    I've already understood that all labs are to check the exercises. in general, the course cannot be used for real cases on production server. I will have to buy new courses which are out of LinuxFoundation to keep learning the linux world and know the best practices how to.

    By the way, i cannot perform the lab 8.2 . Any new here ?

    As for the lab 8.3., we check an access to a server for 127.0.0.1 and 10.22.34.0/18 (or own network). It's better to correct the step 4 to check access to the server from different IP src. Checking from 127.0.0.1 only is not idea for this lab. The idea is to check(permit/deny) access from different IPsrc.

    As for the lab 8.4, i will be waiting for a reply about magic/index.html. I'm not sure but i think it's a security issue to set the excitable bit for *.html files.

    Regards,
    Alexey

  • lee42x
    lee42x Posts: 380

    Exercise 8.2. and 8.4 are working as documented, with the exception of the rewrite.conf file, there is an extra \ at the beginning of the regular expression.
    The executable bit on the html file is required for the xbitHack to function.

  • lee42x
    lee42x Posts: 380

    Alexey , I will post my config files in a few minutes, they may help identify where the disconnect is.

  • lee42x
    lee42x Posts: 380

    Alexey, compare your configuration files to these.

    Lee

  • lee42x
    lee42x Posts: 380

    The reference for the "XbitHack" is here: https://httpd.apache.org/docs/2.4/mod/mod_include.html#xbithack

Categories

Upcoming Training