When i am trying to start or stop apache with the command
/ebiz/apache/httpd/sbin/apachectl -k stop -f /ebiz/apache/httpd/conf/httpd.conf
Getting this error:-
/ebiz/apache/httpd/sbin/apachectl: line 122: ./httpd: No such file or directory
But when i am trying to execute same command from sbin location it is working fine. I am placing my apache in custom location and my apachectl is in "/ebiz/apache/httpd/sbin" location and httpd.conf is in "/ebiz/apache/httpd/conf/" location
If i look my apachectl file
#!/bin/sh
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Apache control script designed to allow an easy command line interface
# to controlling Apache. Written by Marc Slemko, 1997/08/23
#
# The exit codes returned are:
# XXX this doc is no longer correct now that the interesting
# XXX functions are handled by httpd
# 0 - operation completed successfully
# 1 -
# 2 - usage error
# 3 - httpd could not be started
# 4 - httpd could not be stopped
# 5 - httpd could not be started during a restart
# 6 - httpd could not be restarted during a restart
# 7 - httpd could not be restarted during a graceful restart
# 8 - configuration syntax error
#
# When multiple arguments are given, only the error from the _last_
# one is reported. Run "apachectl help" for usage info
#
ACMD="$1"
ARGV="$#"
#
# |||||||||||||||||||| START CONFIGURATION SECTION ||||||||||||||||||||
# -------------------- --------------------
#
# the path to your httpd binary, including options if necessary
HTTPD='./httpd'
#
#
# a command that outputs a formatted text version of the HTML at the
# url given on the command line. Designed for lynx, however other
# programs may work.
if [ -x "/usr/bin/links" ]; then
LYNX="/usr/bin/links -dump"
else
LYNX=none
fi
#
# the URL to your server's mod_status status page. If you do not
# have one, then status and fullstatus will not work.
STATUSURL="http://localhost:80/server-status"
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
# critical for configurations that use many file descriptors,
# such as mass vhosting, or a multithreaded server.
ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"
# -------------------- --------------------
# |||||||||||||||||||| END CONFIGURATION SECTION ||||||||||||||||||||
# Set the maximum number of file descriptors allowed per child process.
if [ "x$ULIMIT_MAX_FILES" != "x" ] ; then
$ULIMIT_MAX_FILES
fi
ERROR=0
if [ "x$ARGV" = "x" ] ; then
ARGV="-h"
fi
function checklynx() {
if [ "$LYNX" = "none" ]; then
echo "The 'links' package is required for this functionality."
exit 8
fi
}
function testconfig() {
# httpd is denied terminal access in SELinux, so run in the
# current context to get stdout from $HTTPD -t.
if test -x /usr/sbin/selinuxenabled && /usr/sbin/selinuxenabled; then
runcon -- `id -Z` $HTTPD $OPTIONS -t
else
$HTTPD $OPTIONS -t
fi
ERROR=$?
}
case $ACMD in
start|stop|restart|graceful|graceful-stop)
$HTTPD $OPTIONS -k $ARGV
ERROR=$?
;;
startssl|sslstart|start-SSL)
echo The startssl option is no longer supported.
echo Please edit httpd.conf to include the SSL configuration settings
echo and then use "apachectl start".
ERROR=2
;;
configtest)
testconfig
;;
status)
checklynx
$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
;;
fullstatus)
checklynx
$LYNX $STATUSURL
;;
*)
$HTTPD $OPTIONS "$#"
ERROR=$?
esac
exit $ERROR
On the line number 122 it is looking for this "$HTTPD $OPTIONS "$#"". How i can execute apache from anywhere
You can see that the path to httpd is hardcoded to the relative path ./httpd in apachectl:
# the path to your httpd binary, including options if necessary
HTTPD='./httpd'
which points to the wrong location if you're not in the right working directory.
It should be sufficient to change the path to the absolute path to the binary, i.e.
# the path to your httpd binary, including options if necessary
HTTPD=/ebiz/apache/httpd/sbin/httpd
Related
I tried to test OpenVSwitch using S2E. I wrote the OpenVSwitch installation script in bootstrap.sh. The image in the qemu virtual machine is the same as the image in the host machine, so the executable file compiled in the host machine should also be executed in the virtual machine. So after I installed OpenVSwitch and started ovsdb-server and ovs-vsctl, ovs-vswitchd should be able to execute successfully, but I got the following error:
18 [State 0] BaseInstructions: Killing state 0
18 [State 0] Terminating state: State was terminated by opcode
message: "bootstrap terminated"
status: 0x0
18 [State 0] TestCaseGenerator: generating test case at address 0x40717d
18 [State 0] TestCaseGenerator: All states were terminated
qemu-system-x86_64: terminating on signal 15 from pid 42128 (/home/lz/s2e/install/bin/qemu-system-x86_64)
s2e-block: dirty sectors on close:11104
Terminating node id 0 (instance slot 0)
bootstrap.sh and the installation script ovs-install.sh are as follows:
bootstrap.sh
#!/bin/bash
#
# This file was automatically generated by s2e-env at 2022-09-29 14:22:53.271106
#
# This bootstrap script is used to control the execution of the target program
# in an S2E guest VM.
#
# When you run launch-s2e.sh, the guest VM calls s2eget to fetch and execute
# this bootstrap script. This bootstrap script and the S2E config file
# determine how the target program is analyzed.
#
set -x
mkdir -p guest-tools32
TARGET_TOOLS32_ROOT=guest-tools32
mkdir -p guest-tools64
TARGET_TOOLS64_ROOT=guest-tools64
# 64-bit tools take priority on 64-bit architectures
TARGET_TOOLS_ROOT=${TARGET_TOOLS64_ROOT}
# To save the hassle of rebuilding guest images every time you update S2E's guest tools,
# the first thing that we do is get the latest versions of the guest tools.
function update_common_tools {
local OUR_S2ECMD
OUR_S2ECMD=${S2ECMD}
# First, download the common tools
for TOOL in ${COMMON_TOOLS}; do
${OUR_S2ECMD} get ${TARGET_TOOLS_ROOT}/${TOOL}
if [ ! -f ${TOOL} ]; then
${OUR_S2ECMD} kill 0 "Could not get ${TOOL} from the host. Make sure that guest tools are installed properly."
exit 1
fi
chmod +x ${TOOL}
done
}
function update_target_tools {
for TOOL in $(target_tools); do
${S2ECMD} get ${TOOL} ${TOOL}
chmod +x ${TOOL}
done
}
function prepare_target {
# Make sure that the target is executable
chmod +x "$1"
}
function get_ramdisk_root {
echo '/tmp/'
}
function copy_file {
SOURCE="$1"
DEST="$2"
cp ${SOURCE} ${DEST}
}
# This prepares the symbolic file inputs.
# This function takes as input a seed file name and makes its content symbolic according to the symranges file.
# It is up to the host to prepare all the required symbolic files. The bootstrap file does not make files
# symbolic on its own.
function download_symbolic_file {
SYMBOLIC_FILE="$1"
RAMDISK_ROOT="$(get_ramdisk_root)"
${S2ECMD} get "${SYMBOLIC_FILE}"
if [ ! -f "${SYMBOLIC_FILE}" ]; then
${S2ECMD} kill 1 "Could not fetch symbolic file ${SYMBOLIC_FILE} from host"
fi
copy_file "${SYMBOLIC_FILE}" "${RAMDISK_ROOT}"
SYMRANGES_FILE="${SYMBOLIC_FILE}.symranges"
${S2ECMD} get "${SYMRANGES_FILE}" > /dev/null
# Make the file symbolic
if [ -f "${SYMRANGES_FILE}" ]; then
export S2E_SYMFILE_RANGES="${SYMRANGES_FILE}"
fi
# The symbolic file will be split into symbolic variables of up to 4k bytes each.
${S2ECMD} symbfile 4096 "${RAMDISK_ROOT}${SYMBOLIC_FILE}" > /dev/null
}
function download_symbolic_files {
for f in "$#"; do
download_symbolic_file "${f}"
done
}
# This function executes the target program given in arguments.
#
# There are two versions of this function:
# - without seed support
# - with seed support (-s argument when creating projects with s2e_env)
function execute {
local TARGET
TARGET="$1"
shift
execute_target "${TARGET}" "$#"
}
###############################################################################
# This section contains target-specific code
function make_seeds_symbolic {
echo 1
}
# This function executes the target program.
# You can customize it if your program needs special invocation,
# custom symbolic arguments, etc.
function execute_target {
local TARGET
TARGET="$1"
shift
#wo tian jia de
sudo ./install_ovs.sh
S2E_SO="${TARGET_TOOLS64_ROOT}/s2e.so"
# ovs-vswitchd is dynamically linked, so s2e.so has been preloaded to
# provide symbolic arguments to the target if required. You can do so by
# using the ``S2E_SYM_ARGS`` environment variable as required
S2E_SYM_ARGS="" LD_PRELOAD="${S2E_SO}" "${TARGET}" "$#" > /dev/null 2> /dev/null
}
# Nothing more to initialize on Linux
function target_init {
# Start the LinuxMonitor kernel module
sudo modprobe s2e
}
# Returns Linux-specific tools
function target_tools {
echo "${TARGET_TOOLS32_ROOT}/s2e.so" "${TARGET_TOOLS64_ROOT}/s2e.so"
}
S2ECMD=./s2ecmd
COMMON_TOOLS="s2ecmd"
###############################################################################
update_common_tools
update_target_tools
# Don't print crashes in the syslog. This prevents unnecessary forking in the
# kernel
sudo sysctl -w debug.exception-trace=0
# Prevent core dumps from being created. This prevents unnecessary forking in
# the kernel
ulimit -c 0
# Ensure that /tmp is mounted in memory (if you built the image using s2e-env
# then this should already be the case. But better to be safe than sorry!)
if ! mount | grep "/tmp type tmpfs"; then
sudo mount -t tmpfs -osize=10m tmpfs /tmp
fi
# Need to disable swap, otherwise there will be forced concretization if the
# system swaps out symbolic data to disk.
sudo swapoff -a
target_init
# Download the target file to analyze
${S2ECMD} get "ovs-vswitchd"
#wo tian jia de
#${S2ECMD} get "ovsdb-server"
#${S2ECMD} get "ovs-vsctl"
${S2ECMD} get "openvswitch-3.0.0.tar.gz"
${S2ECMD} get "install_ovs.sh"
download_symbolic_files
# Run the analysis
TARGET_PATH='./ovs-vswitchd'
prepare_target "${TARGET_PATH}"
#wo tian jia de
#prepare_target "./ovsdb-server"
#prepare_target "./ovs-vsctl"
prepare_target "openvswitch-3.0.0.tar.gz"
prepare_target "install_ovs.sh"
execute "${TARGET_PATH}" --pidfile --detach --log-file
ovs-install.sh
#!/bin/bash
tar zxvf openvswitch-3.0.0.tar.gz
cd openvswitch-3.0.0
./configure
make -j4
sudo make install
export PATH=$PATH:/usr/local/share/openvswitch/scripts
sudo mkdir -p /usr/local/etc/openvswitch
sudo ovsdb-tool create /usr/local/etc/openvswitch/conf.db vswitchd/vswitch.ovsschema
#/usr/local/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd start
sudo ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --pidfile --detach
sudo ovs-vsctl --no-wait init
#sudo ovs-vswitchd --pidfile --detach
Does anybody can tell me how to fix this? Or is OpenVSwitch simply not testable by S2E?
I have some problem with ssh autocompletion.
I would like for my zsh to autcomplete on my .ssh/config file but until now it is only doing it with the /etc/hosts files.
I've found how to not use the hosts file by adding this configuration
zstyle ':completion:*:ssh:*' hosts off
But I cannot succeed in making zsh look into the .ssh/config files
I've tried this with little hope, but it didn't work
zstyle ':completion:*:ssh:*' config on
Here is my .zshrc file
# If you come from bash you might have to change your $PATH.
#export PATH=$HOME/bin:/usr/local/bin:/usr/local/sbin:~/Documents/workspace/flutter/bin:$PATH
# Path to your oh-my-zsh installation.
export ZSH=/Users/thoma/.oh-my-zsh
# Set name of the theme to load. Optionally, if you set this to "random"
# it'll load a random theme each time that oh-my-zsh is loaded.
# See https://github.com/robbyrussell/oh-my-zsh/wiki/Themes
ZSH_THEME="agnoster"
# Set list of themes to load
# Setting this variable when ZSH_THEME=random
# cause zsh load theme from this variable instead of
# looking in ~/.oh-my-zsh/themes/
# An empty array have no effect
# ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" )
# Uncomment the following line to use case-sensitive completion.
# CASE_SENSITIVE="true"
# Uncomment the following line to use hyphen-insensitive completion. Case
# sensitive completion must be off. _ and - will be interchangeable.
# HYPHEN_INSENSITIVE="true"
# Uncomment the following line to disable bi-weekly auto-update checks.
# DISABLE_AUTO_UPDATE="true"
# Uncomment the following line to change how often to auto-update (in days).
# export UPDATE_ZSH_DAYS=13
# Uncomment the following line to disable colors in ls.
# DISABLE_LS_COLORS="true"
# Uncomment the following line to disable auto-setting terminal title.
# DISABLE_AUTO_TITLE="true"
# Uncomment the following line to enable command auto-correction.
# ENABLE_CORRECTION="true"
# Uncomment the following line to display red dots whilst waiting for completion.
# COMPLETION_WAITING_DOTS="true"
# Uncomment the following line if you want to disable marking untracked files
# under VCS as dirty. This makes repository status check for large repositories
# much, much faster.
# DISABLE_UNTRACKED_FILES_DIRTY="true"
# Uncomment the following line if you want to change the command execution time
# stamp shown in the history command output.
# The optional three formats: "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
# HIST_STAMPS="mm/dd/yyyy"
# Would you like to use another custom folder than $ZSH/custom?
# ZSH_CUSTOM=/path/to/new-custom-folder
# Which plugins would you like to load? (plugins can be found in ~/.oh-my-zsh/plugins/*)
# Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/
# Example format: plugins=(rails git textmate ruby lighthouse)
# Add wisely, as too many plugins slow down shell startup.
plugins=(
git,
zsh-autosuggestions
)
# support bash autocompletion
# https://stackoverflow.com/questions/3249432/i-have-a-bash-tab-completion-script-is-t
#autoload bashcompinit
#bashcompinit
source ~/.bash_profile
if [[ -f /usr/share/bash-completion/completions/lpass ]]; then
source /usr/share/bash-completion/completions/lpass
fi
source $ZSH/oh-my-zsh.sh
# User configuration
# export MANPATH="/usr/local/man:$MANPATH"
# You may need to manually set your language environment
# export LANG=en_US.UTF-8
# Preferred editor for local and remote sessions
# if [[ -n $SSH_CONNECTION ]]; then
# export EDITOR='vim'
# else
# export EDITOR='mvim'
# fi
# Compilation flags
# export ARCHFLAGS="-arch x86_64"
# ssh
# export SSH_KEY_PATH="~/.ssh/rsa_id"
# Set personal aliases, overriding those provided by oh-my-zsh libs,
# plugins, and themes. Aliases can be placed here, though oh-my-zsh
# users are encouraged to define aliases within the ZSH_CUSTOM folder.
# For a full list of active aliases, run `alias`.
#
# Example aliases
# alias zshconfig="mate ~/.zshrc"
# alias ohmyzsh="mate ~/.oh-my-zsh"
export PATH="/usr/local/opt/thrift#0.9/bin:$PATH"
zstyle ':completion:*:ssh:*' hosts off
zstyle ':completion:*:ssh:*' config on
If someone can help me on this ! I would gladly appreciate.
Thanks
Here's the script from the related question.
h=()
if [[ -r ~/.ssh/config ]]; then
h=($h ${${${(#M)${(f)"$(cat ~/.ssh/config)"}:#Host *}#Host }:#*[*?]*})
fi
if [[ -r ~/.ssh/known_hosts ]]; then
h=($h ${${${(f)"$(cat ~/.ssh/known_hosts{,2} || true)"}%%\ *}%%,*}) 2>/dev/null
fi
if [[ $#h -gt 0 ]]; then
zstyle ':completion:*:ssh:*' hosts $h
zstyle ':completion:*:slogin:*' hosts $h
fi
Just in case you are looking for an autocompletion both for ssh and other ssh commands like scp, the following lines do the job:
# Highlight the current autocomplete option
zstyle ':completion:*' list-colors "${(s.:.)LS_COLORS}"
# Better SSH/Rsync/SCP Autocomplete
zstyle ':completion:*:(scp|rsync):*' tag-order ' hosts:-ipaddr:ip\ address hosts:-host:host files'
zstyle ':completion:*:(ssh|scp|rsync):*:hosts-host' ignored-patterns '*(.|:)*' loopback ip6-loopback localhost ip6-localhost broadcasthost
zstyle ':completion:*:(ssh|scp|rsync):*:hosts-ipaddr' ignored-patterns '^(<->.<->.<->.<->|(|::)([[:xdigit:].]##:(#c,2))##(|%*))' '127.0.0.<->' '255.255.255.255' '::1' 'fe80::*'
# Allow for autocomplete to be case insensitive
zstyle ':completion:*' matcher-list '' 'm:{[:lower:][:upper:]}={[:upper:][:lower:]}' \
'+l:|?=** r:|?=**'
# Initialize the autocompletion
autoload -Uz compinit && compinit -i
This is not from me, but from a blog post here: https://codyhiar.com/blog/zsh-autocomplete-with-ssh-config-file/
I have a library that is not famous and there is no package available for this library https://github.com/dailab/libsml normally I install this library on my device by doing make install
How can I add this library as a package in my distribution of Linux. Just like i can add python or any other recipe in my local.conf
My local.conf looks like this
MACHINE ?= "phyboard-regor-am335x-1"
DISTRO ?= "yogurt"
# The following line disables the autostart of the phytec-qtdemo by
# default, but you can start the demo anytime using
# $ systemctl start phytec-qtdemo.service
#SYSTEMD_AUTO_ENABLE_pn-phytec-qtdemo = "disable"
# That are the default values of bitbake. Adapt these to your workspace and
# host preferences.
#DL_DIR = "${TOPDIR}/downloads"
#SSTATE_DIR = "${TOPDIR}/sstate-cache"
# License Handling
# - Uncomment for i.MX6 proprietary GPU libraries
#LICENSE_FLAGS_WHITELIST += "license-nxp_v14-june-2016_imx-gpu-viv"
# - Uncomment for Freescale i.MX6 legacy VPU firmware blobs
#LICENSE_FLAGS_WHITELIST += "license-freescale_v6-february-2015_firmware-imx"
# You can disable and enable FSTYPES as you wish. e.g. 'ext4'.
# This is ordering dependend. IMAGE_FSTYPES += "tar.gz" IMAGE_FSTYPES_append_mx6 = " sdcard ubifs" IMAGE_FSTYPES_append_ti33x
= " sdcard ubifs" IMAGE_FSTYPES_append_rk3288 = " sdcard"
#IMAGE_FSTYPES_append_ti33x = " emmc" DEPLOY_DIR = "${TOPDIR}/deploy"
# Select configuration UI for linux and barebox recipe. The openembedded
# default is 'menuconfig', 'nconfig' has more features.
#KCONFIG_CONFIG_COMMAND = "menuconfig" KCONFIG_CONFIG_COMMAND = "nconfig"
# Turn on debugging options of the kernel
# This is currently only supported for the TI kernel v4.4 DEBUG_BUILD_pn-linux-ti = "1"
# The default package class of the distro yogurt is 'package_ipk'. The first
# value is used as the package manager to build the image and sdk. To build
# also tar packages use
#PACKAGE_CLASSES = "package_ipk package_tar"
# Variable IMAGE_ROOTFS_EXTRA_SPACE from poky/meta/conf/documentation.conf:
# Defines additional free disk space created in the image in Kbytes. By
# default, this variable is set to '0'.
# This example line adds an additional 512 MiB of free space to the root
# filesystem:
#IMAGE_ROOTFS_EXTRA_SPACE = "524288"
# See http://www.yoctoproject.org/docs/1.8/ref-manual/ref-manual.html#ref-features-image
# "Through these variables, you can add several different predefined
# packages such as development utilities or packages with debug information
# needed to investigate application problems or profile applications EXTRA_IMAGE_FEATURES = ""
# - "Makes an image suitable for development (e.g. allows root logins without
# passwords and enables post-installation logging)" EXTRA_IMAGE_FEATURES += "debug-tweaks"
# - "Installs debug symbol packages for all packages installed in a given
# image."
#EXTRA_IMAGE_FEATURES += "dbg-pkgs"
# - "Installs debugging tools such as strace and gdb."
#EXTRA_IMAGE_FEATURES += "tools-debug"
#python-netserver for python cgi IMAGE_INSTALL_append = "mc nano openvpn apache2 dhcp-server lora-gateway lora-pkt-fwd spitools python avro-c python-kafka ntp python-netserver iptables"
#SDKMACHINE ?= "x86_64"
OE_TERMINAL = "auto" PATCHRESOLVE = "noop" BB_DISKMON_DIRS = "\
STOPTASKS,${TMPDIR},1G,100K \
STOPTASKS,${DL_DIR},1G,100K \
STOPTASKS,${SSTATE_DIR},1G,100K \
ABORT,${TMPDIR},100M,1K \
ABORT,${DL_DIR},100M,1K \
ABORT,${SSTATE_DIR},100M,1K"
CONF_VERSION = "1"
And my bblayers.conf looks like this:
# POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf
# changes incompatibly
POKY_BBLAYERS_CONF_VERSION = "2"
BBPATH = "${TOPDIR}"
BBFILES ?= ""
OEROOT := "/home/enilyser/sources/poky"
BBLAYERS ?= " \
${OEROOT}/meta \
${OEROOT}/meta-poky \
${OEROOT}/../meta-phytec \
${OEROOT}/../meta-yogurt \
${OEROOT}/../meta-cloud-services-master/meta-openstack \
${OEROOT}/../meta-openembedded/meta-oe \
${OEROOT}/../meta-openembedded/meta-networking \
${OEROOT}/../meta-openembedded/meta-python \
${OEROOT}/../meta-openembedded/meta-multimedia \
${OEROOT}/../meta-qt5 \
${OEROOT}/../meta-openembedded/meta-ruby \
${OEROOT}/../meta-openembedded/meta-webserver \
${OEROOT}/../meta-lora-net-master \
${OEROOT}/../meta-lorawan-master \
"
You can use devtool to add the recipe if you are no 2.4+ version of yocto release
devtool add libsml https://github.com/dailab/libsml
it will create a recipe template
workspace/recipes/libsml/libsml_git.bb
this is nearly what you need but sometimes you have to tweak it a bit to ensure cross compiling.
in this case it builds and runs the tests, obviously when cross building we can build the tests but we can run them on build machine, so you have to disable that. you can do so in recipe or via a patch. e.g. via recipe you will change do_configure function to something like this
do_configure () {
# Specify any needed configure commands here
sed -i -e "s##./test##g" ${S}/test/Makefile
}
may be change do_install as well so it can install the files you need on target
do_install () {
install -d ${D}${libdir} ${D}${includedir}
install -m 0644 ${B}/sml/lib/libsml.* ${D}${libdir}
rm -rf ${D}${libdir}/libsml.o
cp -R --no-dereference --preserve=mode,links ${S}/sml/include/* ${D}${includedir}
install -D -m 0644 sml.pc ${D}${libdir}/pkgconfig/sml.pc
}
to build and see if all is ok
devtool build libsml
if all builds you can then apply the recipe to a layer of your choice ( say meta-oe )
devtool finish libsml meta-oe -f
Thats it, now you should see the recipe in meta-oe layer, you can try to build it
bitbake libsml
I am creating a restricted user without shell for port forwarding only and I need to execute a script on login via pubkey, even if the user is connected via ssh -N user#host which doesn't asks SSH server for a shell.
The script should warn admin on connections authenticated with pubkey, so the user connecting shouldn't be able to skip the execution of the script (e.g., by connecting with ssh -N).
I have tried to no avail:
Setting the command at /etc/ssh/sshrc.
Using command="COMMAND" in .ssh/authorized_keys (man authorized_keys)
Setting up a script with the command as user's shell. (chsh -s /sbin/myscript.sh USERNAME)
Matching user in /etc/ssh/sshd_config like:
Match User MYUSERNAME
ForceCommand "/sbin/myscript.sh"
All work when user asks for shell, but if logged only for port forwarding and no shell (ssh -N) it doesn't work.
The ForceCommand option runs without a PTY unless the client requests one. As a result, you don't actually have a shell to execute scripts the way you might expect. In addition, the OpenSSH SSHD_CONFIG(5) man page clearly says:
The command is invoked by using the user's login shell with the -c option.
That means that if you've disabled the user's login shell, or set it to something like /bin/false, then ForceCommand can't work. Assuming that:
the user has a sensible shell defined,
that your target script is executable, and
that your script has an appropriate shebang line
then the following should work in your global sshd_config file once properly modified with the proper username and fully-qualified pathname to your custom script:
Match User foo
ForceCommand /path/to/script.sh
If you only need to run a script you can rely on pam_exec.
Basically you reference the script you need to run in the /etc/pam.d/sshd configuration:
session optional pam_exec.so seteuid /path/to/script.sh
After some testing you may want to change optional to required.
Please refer to this answer "bash - How do I set up an email alert when a ssh login is successful? - Ask Ubuntu" for a similar request.
Indeed in the script only a limited subset on the environment variables is available:
LANGUAGE=en_US.UTF-8
PAM_USER=bitnami
PAM_RHOST=192.168.1.17
PAM_TYPE=open_session
PAM_SERVICE=sshd
PAM_TTY=ssh
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8
PWD=/
If you want to get the user info from authorized_keys this script could be helpful:
#!/bin/bash
# Get user from authorized_keys
# pam_exec_login.sh
# * [ssh - What is the SHA256 that comes on the sshd entry in auth.log? - Server Fault](https://serverfault.com/questions/888281/what-is-the-sha256-that-comes-on-the-sshd-entry-in-auth-log)
# * [bash - How to get all fingerprints for .ssh/authorized_keys(2) file - Server Fault](https://serverfault.com/questions/413231/how-to-get-all-fingerprints-for-ssh-authorized-keys2-file)
# Setup log
b=$(basename $0| cut -d. -f1)
log="/tmp/${b}.log"
function timeStamp () {
echo "$(date '+%b %d %H:%M:%S') ${HOSTNAME} $b[$$]:"
}
# Check if opening a remote session with sshd
if [ "${PAM_TYPE}" != "open_session" ] || [ $PAM_SERVICE != "sshd" ] || [ $PAM_RHOST == "::1" ]; then
exit $PAM_SUCCESS
fi
# Get info from auth.log
authLogLine=$(journalctl -u ssh.service |tail -100 |grep "sshd\[${PPID}\]" |grep "${PAM_RHOST}")
echo ${authLogLine} >> ${log}
PAM_USER_PORT=$(echo ${authLogLine}| sed -r 's/.*port (.*) ssh2.*/\1/')
PAM_USER_SHA256=$(echo ${authLogLine}| sed -r 's/.*SHA256:(.*)/\1/')
# Get details from .ssh/authorized_keys
authFile="/home/${PAM_USER}/.ssh/authorized_keys"
PAM_USER_authorized_keys=""
while read l; do
if [[ -n "$l" && "${l###}" = "$l" ]]; then
authFileSHA256=$(ssh-keygen -l -f <(echo "$l"))
if [[ "${authFileSHA256}" == *"${PAM_USER_SHA256}"* ]]; then
PAM_USER_authorized_keys=$(echo ${authFileSHA256}| cut -d" " -f3)
break
fi
fi
done < ${authFile}
if [[ -n ${PAM_USER_authorized_keys} ]]
then
echo "$(timeStamp) Local user: ${PAM_USER}, authorized_keys user: ${PAM_USER_authorized_keys}" >> ${log}
else
echo "$(timeStamp) WARNING: no matching user in authorized_keys" >> ${log}
fi
I am the author of the OP; I came to the conclusion that what I need to achieve is not possible using SSH only to the date (OpenSSH_6.9p1 Ubuntu-2, OpenSSL 1.0.2d 9 Jul 2015), but I found a great piece of software that uses encrypted SPAuthentication to open SSH port and it's new version (to the date of this post, it's GitHub master branch) has a feature to execute a command always that a user authorizates successfully.
FWKNOP - Encrypted Single Packet Authorization
FWKNOP set iptables rules that allow access to given ports upon a single packet encrypted which is sent via UDP. Then after authorization it allow access for the authorized user for a given time, for example 30 seconds, closing the port after this, leaving the connection open.
1. To install on an Ubuntu linux:
The current version (2.6.0-2.1build1) on Ubuntu repositories to the date still doesn't allow command execution on successful SPA; (please use 2.6.8 from GitHub instead)
On client machine:
sudo apt-get install fwknop-client
On server side:
sudo apt-get install fwknop-server
Here is a tutorial on how to setup the client and server machines
https://help.ubuntu.com/community/SinglePacketAuthorization
Then, after it is set up, on server side:
Edit /etc/default/fwknop-server
Change the line START_DAEMON="no" to START_DAEMON="yes"
Then run:
sudo service fwknop-server stop
sudo service fwknop-server start
2. Warning admin on successful SPA (email, pushover script etc)
So, as stated above the current version present in Ubuntu repositories (2.6.0-2.1build1) cannot execute command on successful SPA. If you need this feature as of the OP, but it will be released at fwknop version (2.6.8), as can it is stated here:
https://github.com/mrash/fwknop/issues/172
So if you need to use it right now you can build from github branch master which have the CMD_CYCLE_OPEN option.
3. More resources on fwknop
https://help.ubuntu.com/community/SinglePacketAuthorization
https://github.com/mrash/fwknop/ (project on GitHub)
http://www.cipherdyne.org/fwknop/ (project site)
https://www.digitalocean.com/community/tutorials/how-to-use-fwknop-to-enable-single-packet-authentication-on-ubuntu-12-04 (tutorial on DO's community)
I am the author of the OP. Also, you can implement a simple logwatcher as the following written in python3, which keeps reading for a file and executes a command when line contains pattern.
logwatcher.python3
#!/usr/bin/env python3
# follow.py
#
# Follow a file like tail -f.
import sys
import os
import time
def follow(thefile):
thefile.seek(0,2)
while True:
line = thefile.readline()
if not line:
time.sleep(0.5)
continue
yield line
if __name__ == '__main__':
logfilename = sys.argv[1]
pattern_string = sys.argv[2]
command_to_execute = sys.argv[3]
print("Log filename is: {}".format(logfilename))
logfile = open(logfilename, "r")
loglines = follow(logfile)
for line in loglines:
if pattern_string in line:
os.system(command_to_execute)
Usage
Make the above script executable:
chmod +x logwatcher.python3
Add a cronjob to start it after reboot
crontab -e
Then write this line there and save it after this:
#reboot /home/YOURUSERNAME/logwatcher.python3 "/var/log/auth.log" "session opened for user" "/sbin/myscript.sh"
The first argument of this script is the log file to watch, and the second argument is the string for which to look in it. The third argument is the script to execute when the line is found in file.
It is best if you use something more reliable to start/restart the script in case it crashes.
#!/bin/bash
# Apache Process Monitor
# Restart Apache Web Server When It Goes Down
# -------------------------------------------------------------------------
# Copyright (c) 2003 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# RHEL / CentOS / Fedora Linux restart command
RESTART="/sbin/service httpd restart"
# uncomment if you are using Debian / Ubuntu Linux
#RESTART="/etc/init.d/apache2 restart"
#path to pgrep command
PGREP="pgrep"
# Httpd daemon name,
# Under RHEL/CentOS/Fedora it is httpd
# Under Debian 4.x it is apache2
HTTPD="httpd"
# find httpd pid
$PGREP ${HTTPD}
if [ $? -ne 0 ] # if apache not running
then
# restart apache
$RESTART
fi
exit
this is my script. when i run it i get
: command not foundin/apache_start.sh: line 12:
: command not foundin/apache_start.sh: line 22: pgrep
/usr/local/apache/bin/apache_start.sh: line 29: syntax error: unexpected end of file
what mistake i made. i would be very happy if anybody answer me.
dude, I ran your script and it works fine except the $PGREP ${HTTPD} part, if you want to get a pid why don't you use "pidof" command, and I think in your if statement you are testing the return value of grep, not httpd command(not sure). anyway did you edit this script in word document or in an editor, cause you know this may add some invisible characters to your code.
to debug it, I suggest that you comment out rest of your code where you get the first error and see figure out the solution to that specific error.