SEO Class in Chicago, IL
Are you a Google Analytics enthusiast?
More SEO Content
Can't Make Http Request From The Server
Posted 18 September 2009 - 02:07 PM
The server is running Ubuntu (Intrepid Ibix), Apache, MySQL and PHP are all recent and up to date.
We have never been able to run a cron job on this server because all http requests fail. I can run cron from an external server, but not from our own server.
I can't run link checking scripts or other scripts that make an http call back to the server... unless I run them from an external server.
I suspect some sort of Linux firewall setting is causing the issue but am curious as to why it allows external requests but not self requests... I've checked the settings but don't see anything that could be causing the issue.
Any thoughts on where to look or what to edit?
Posted 19 September 2009 - 10:12 AM
A couple of things to check. Look to see if cron.allow exists. If it's there the user who owns the script should appear in there. If there is no cron.allow there at least needs to be a cron.deny, and this file cannot list the user in question. If neither file exists only root is going to have cron ability.
You might be able to get some hints as to what's really happening by having a look at /var/log/auth.log. If the user level crontab is set up correctly, and the user has permission to run cron jobs you should see sessions being opened for that user. If the user isn't authorized you'll see it fail.
As a general rule you won't want to use /etc/crontab for something like this. It's for system wide cron jobs. Instead you'll want a user level cron job. Which is crontab -u username -e where username is the owner of the script. If you need to see the output of a user's cron job you can use something like crontab -u username -l.
Posted 23 September 2009 - 08:35 AM
That gives me some new paths to follow up on; I really want to solve this issue but have not made any headway.
Posted 23 September 2009 - 03:26 PM
Well when you get your cron jobs sorted please come over and help me track down the latest little hacker who is trying to exploit a weakness in Apache and Bash in a (vain in my case) attempt to hack one of my servers. I've spent all day on it so far and still haven't figured out how they got in in the first place. Let alone how they're getting a file owned by a user that doesn't even exist on the server to run masking itself as root.
I tell ya though, the simplest things are still the best when it comes to security procedures. Cuz without having my bash set up to email me every time someone successfully SSH's in I'd have never known someone was attempting to exploit this server. Because I had this very simple thing set up I got an immediate notice at 3:53am this morning, so was able to immediately engage them in hand-to-hand combat.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users