summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stewart <vericgar@gentoo.org>2006-02-15 05:40:02 +0000
committerMichael Stewart <vericgar@gentoo.org>2006-02-15 05:40:02 +0000
commitaf2ce3b002419009287115f67c56544b0b238f3b (patch)
treef2391664c6de1794143d2c67cec2033722497fe6 /2.2/scripts
parentNew patch for apache 1.3 that addresses CVE-2005-3352. Fixes bug 118875 (diff)
downloadapache-af2ce3b002419009287115f67c56544b0b238f3b.tar.gz
apache-af2ce3b002419009287115f67c56544b0b238f3b.tar.bz2
apache-af2ce3b002419009287115f67c56544b0b238f3b.zip
Create work area for apache-2.2
Diffstat (limited to '2.2/scripts')
-rw-r--r--2.2/scripts/apache2-logrotate11
-rw-r--r--2.2/scripts/apache2logserverstatus122
-rw-r--r--2.2/scripts/apache2splitlogfile122
-rwxr-xr-x2.2/scripts/gentestcrt.sh242
4 files changed, 497 insertions, 0 deletions
diff --git a/2.2/scripts/apache2-logrotate b/2.2/scripts/apache2-logrotate
new file mode 100644
index 0000000..9dd431c
--- /dev/null
+++ b/2.2/scripts/apache2-logrotate
@@ -0,0 +1,11 @@
+# Apache2 logrotate snipet for Gentoo Linux
+# Contributes by Chuck Short
+#
+/var/log/apache2/*log {
+ missingok
+ notifempty
+ sharedscripts
+ postrotate
+ /etc/init.d/apache2 reload > /dev/null 2>&1 || true
+ endscript
+}
diff --git a/2.2/scripts/apache2logserverstatus b/2.2/scripts/apache2logserverstatus
new file mode 100644
index 0000000..b270474
--- /dev/null
+++ b/2.2/scripts/apache2logserverstatus
@@ -0,0 +1,122 @@
+#!/usr/bin/perl
+
+## ====================================================================
+## The Apache Software License, Version 1.1
+##
+## Copyright (c) 2000 The Apache Software Foundation. All rights
+## reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions
+## are met:
+##
+## 1. Redistributions of source code must retain the above copyright
+## notice, this list of conditions and the following disclaimer.
+##
+## 2. Redistributions in binary form must reproduce the above copyright
+## notice, this list of conditions and the following disclaimer in
+## the documentation and/or other materials provided with the
+## distribution.
+##
+## 3. The end-user documentation included with the redistribution,
+## if any, must include the following acknowledgment:
+## "This product includes software developed by the
+## Apache Software Foundation (http://www.apache.org/)."
+## Alternately, this acknowledgment may appear in the software itself,
+## if and wherever such third-party acknowledgments normally appear.
+##
+## 4. The names "Apache" and "Apache Software Foundation" must
+## not be used to endorse or promote products derived from this
+## software without prior written permission. For written
+## permission, please contact apache@apache.org.
+##
+## 5. Products derived from this software may not be called "Apache",
+## nor may "Apache" appear in their name, without prior written
+## permission of the Apache Software Foundation.
+##
+## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+## DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+## SUCH DAMAGE.
+## ====================================================================
+##
+## This software consists of voluntary contributions made by many
+## individuals on behalf of the Apache Software Foundation. For more
+## information on the Apache Software Foundation, please see
+## <http://www.apache.org/>.
+##
+## Portions of this software are based upon public domain software
+## originally written at the National Center for Supercomputing Applications,
+## University of Illinois, Urbana-Champaign.
+##
+
+
+# Log Server Status
+# Mark J Cox, UK Web Ltd 1996, mark@ukweb.com
+#
+# This script is designed to be run at a frequent interval by something
+# like cron. It connects to the server and downloads the status
+# information. It reformats the information to a single line and logs
+# it to a file. Make sure the directory $wherelog is writable by the
+# user who runs this script.
+#
+require 'sys/socket.ph';
+
+# Logs will be like "/var/log/apache2/status/19960312"
+$wherelog = "/var/log/apache2/status/";
+$server = "localhost"; # Name of server, could be "www.foo.com"
+$port = "80"; # Port on server
+$request = "/status/?auto"; # Request to send
+
+sub tcp_connect
+{
+ local($host,$port) =@_;
+ $sockaddr='S n a4 x8';
+ chop($hostname=`hostname`);
+ $port=(getservbyname($port, 'tcp'))[2] unless $port =~ /^\d+$/;
+ $me=pack($sockaddr,&AF_INET,0,(gethostbyname($hostname))[4]);
+ $them=pack($sockaddr,&AF_INET,$port,(gethostbyname($host))[4]);
+ socket(S,&PF_INET,&SOCK_STREAM,(getprotobyname('tcp'))[2]) ||
+ die "socket: $!";
+ bind(S,$me) || return "bind: $!";
+ connect(S,$them) || return "connect: $!";
+ select(S);
+ $| = 1;
+ select(stdout);
+ return "";
+}
+
+### Main
+
+{
+ $year=`date +%y`;
+ chomp($year);
+ $year += ($year < 70) ? 2000 : 1900;
+ $date = $year . `date +%m%d:%H%M%S`;
+ chomp($date);
+ ($day,$time)=split(/:/,$date);
+ $res=&tcp_connect($server,$port);
+ open(OUT,">>$wherelog$day");
+ if ($res) {
+ print OUT "$time:-1:-1:-1:-1:$res\n";
+ exit 1;
+ }
+ print S "GET $request\n";
+ while (<S>) {
+ $requests=$1 if ( m|^BusyServers:\ (\S+)|);
+ $idle=$1 if ( m|^IdleServers:\ (\S+)|);
+ $number=$1 if ( m|sses:\ (\S+)|);
+ $cpu=$1 if (m|^CPULoad:\ (\S+)|);
+ }
+ print OUT "$time:$requests:$idle:$number:$cpu\n";
+}
+
+
diff --git a/2.2/scripts/apache2splitlogfile b/2.2/scripts/apache2splitlogfile
new file mode 100644
index 0000000..732c5d7
--- /dev/null
+++ b/2.2/scripts/apache2splitlogfile
@@ -0,0 +1,122 @@
+#!/usr/bin/perl
+#
+## ====================================================================
+## The Apache Software License, Version 1.1
+##
+## Copyright (c) 2000 The Apache Software Foundation. All rights
+## reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions
+## are met:
+##
+## 1. Redistributions of source code must retain the above copyright
+## notice, this list of conditions and the following disclaimer.
+##
+## 2. Redistributions in binary form must reproduce the above copyright
+## notice, this list of conditions and the following disclaimer in
+## the documentation and/or other materials provided with the
+## distribution.
+##
+## 3. The end-user documentation included with the redistribution,
+## if any, must include the following acknowledgment:
+## "This product includes software developed by the
+## Apache Software Foundation (http://www.apache.org/)."
+## Alternately, this acknowledgment may appear in the software itself,
+## if and wherever such third-party acknowledgments normally appear.
+##
+## 4. The names "Apache" and "Apache Software Foundation" must
+## not be used to endorse or promote products derived from this
+## software without prior written permission. For written
+## permission, please contact apache@apache.org.
+##
+## 5. Products derived from this software may not be called "Apache",
+## nor may "Apache" appear in their name, without prior written
+## permission of the Apache Software Foundation.
+##
+## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+## DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+## SUCH DAMAGE.
+## ====================================================================
+##
+## This software consists of voluntary contributions made by many
+## individuals on behalf of the Apache Software Foundation. For more
+## information on the Apache Software Foundation, please see
+## <http://www.apache.org/>.
+##
+## Portions of this software are based upon public domain software
+## originally written at the National Center for Supercomputing Applications,
+## University of Illinois, Urbana-Champaign.
+##
+##
+
+## Heavily modified by Jean-Michel Dault <jmdault@mandrakesoft.com>
+## for use with in the Avanced Extranet Server.
+## This script can now be used with the CustomLogs directive, with a pipe.
+## When in combination with SetEnv VLOG <path>, it will write the log file
+## in the right place. Also, it splits the log automatically with a year
+## and month prefix. Finally, we open and re-close the logfile for every
+## log entry. It is slower, but it permits us to check for symlinks, and
+## flush the buffers so everything is realtime and we don't lose any entry.
+
+
+#
+# This script will take a combined Web server access
+# log file and break its contents into separate files.
+# It assumes that the first field of each line is the
+# virtual host identity (put there by "%v"), and that
+# the logfiles should be named that+".log" in the current
+# directory.
+#
+# The combined log file is read from stdin. Records read
+# will be appended to any existing log files.
+#
+
+use POSIX qw(strftime);
+
+while (<STDIN>) {
+ #
+ # Get the first token from the log record; it's the
+ # identity of the virtual host to which the record
+ # applies.
+ #
+ ($vhost) = split /\s/;
+ #
+ # Normalize the virtual host name to all lowercase.
+ # If it's blank, the request was handled by the default
+ # server, so supply a default name. This shouldn't
+ # happen, but caution rocks.
+ #
+ $vhost = lc ($vhost) or "access";
+ #
+
+ s/VLOG=(.*)[\/]*$//;
+ $logs=$1;
+ if($logs eq "") {$logs="/var/log/apache2";}
+ $date=strftime("%Y-%m", localtime());
+ $filename="${logs}/VLOG-${date}-${vhost}.log";
+ if (-l $filename) {
+ die "File $filename is a symlink, writing too dangerous, dying!\n";
+ }
+ open LOGFILE, ">>$filename"
+ or die ("Can't open $filename");
+ #
+ # Strip off the first token (which may be null in the
+ # case of the default server), and write the edited
+ # record to the current log file.
+ #
+ s/^\S*\s+//;
+ print LOGFILE $_;
+ close(LOGFILE);
+}
+
+exit(0);
diff --git a/2.2/scripts/gentestcrt.sh b/2.2/scripts/gentestcrt.sh
new file mode 100755
index 0000000..d1e9e11
--- /dev/null
+++ b/2.2/scripts/gentestcrt.sh
@@ -0,0 +1,242 @@
+#!/bin/sh
+##
+## gentestcrt -- Create self-signed test certificate
+## (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft
+## Based on cca.sh script by Ralf S. Engelschall
+##
+
+# external tools
+openssl="/usr/bin/openssl"
+
+# some optional terminal sequences
+case $TERM in
+ xterm|xterm*|vt220|vt220*)
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
+ T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
+ ;;
+ vt100|vt100*)
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
+ T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
+ ;;
+ default)
+ T_MD=''
+ T_ME=''
+ ;;
+esac
+
+# find some random files
+# (do not use /dev/random here, because this device
+# doesn't work as expected on all platforms)
+randfiles=''
+for file in /var/log/messages /var/adm/messages \
+ /kernel /vmunix /vmlinuz \
+ /etc/hosts /etc/resolv.conf; do
+ if [ -f $file ]; then
+ if [ ".$randfiles" = . ]; then
+ randfiles="$file"
+ else
+ randfiles="${randfiles}:$file"
+ fi
+ fi
+done
+
+
+echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}"
+echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft"
+echo "Based on cca.sh script by Ralf S. Engelschall"
+echo ""
+
+grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy
+grep -q -s DUMMY server.key && mv server.key server.key.dummy
+
+echo ""
+echo ""
+
+if [ ! -e ./server.crt -a ! -e ./server.key ];then
+ echo "Will create server.key and server.crt in `pwd`"
+else
+ echo "server.key and server.crt already exist, dying"
+ exit
+fi
+
+echo ""
+
+
+mkdir -p /tmp/tmpssl-$$
+pushd /tmp/tmpssl-$$ > /dev/null
+
+
+ echo "${T_MD}INITIALIZATION${T_ME}"
+
+ echo ""
+ echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}"
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}"
+ cp /dev/null ca.rnd
+ echo '01' >ca.ser
+ if [ ".$randfiles" != . ]; then
+ $openssl genrsa -rand $randfiles -out ca.key 1024
+ else
+ $openssl genrsa -out ca.key 1024
+ fi
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate RSA private key" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}"
+ cat >.cfg <<EOT
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+RANDFILE = ca.rnd
+[ req_DN ]
+countryName = "1. Country Name (2 letter code)"
+#countryName_default = CA
+#countryName_min = 2
+countryName_max = 2
+stateOrProvinceName = "2. State or Province Name (full name) "
+#stateOrProvinceName_default = "Quebec"
+localityName = "3. Locality Name (eg, city) "
+#localityName_default = "Montreal"
+0.organizationName = "4. Organization Name (eg, company) "
+0.organizationName_default = "Apache HTTP Server"
+organizationalUnitName = "5. Organizational Unit Name (eg, section) "
+organizationalUnitName_default = "For testing purposes only"
+commonName = "6. Common Name (eg, CA name) "
+commonName_max = 64
+commonName_default = "localhost"
+emailAddress = "7. Email Address (eg, name@FQDN)"
+emailAddress_max = 40
+#emailAddress_default = "root@localhost"
+EOT
+ $openssl req -config .cfg -new -key ca.key -out ca.csr
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate certificate signing request" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}"
+ cat >.cfg <<EOT
+#extensions = x509v3
+#[ x509v3 ]
+#subjectAltName = email:copy
+#basicConstraints = CA:true,pathlen:0
+#nsComment = "CCA generated custom CA certificate"
+#nsCertType = sslCA
+EOT
+ $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}RESULT:${T_ME}"
+ $openssl verify ca.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
+ exit 1
+ fi
+ $openssl x509 -text -in ca.crt
+ $openssl rsa -text -in ca.key
+
+ echo "${T_MD}CERTIFICATE GENERATION${T_ME}"
+ user="server"
+
+ echo ""
+ echo "${T_MD}Generating custom USER${T_ME} [$user]"
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}"
+ if [ ".$randfiles" != . ]; then
+ $openssl genrsa -rand $randfiles -out $user.key 1024
+ else
+ $openssl genrsa -out $user.key 1024
+ fi
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate RSA private key" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}"
+ cat >.cfg <<EOT
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+RANDFILE = ca.rnd
+[ req_DN ]
+countryName = "1. Country Name (2 letter code)"
+#countryName_default = XY
+#countryName_min = 2
+countryName_max = 2
+stateOrProvinceName = "2. State or Province Name (full name) "
+#stateOrProvinceName_default = "Unknown"
+localityName = "3. Locality Name (eg, city) "
+#localityName_default = "Server Room"
+0.organizationName = "4. Organization Name (eg, company) "
+0.organizationName_default = "Apache HTTP Server"
+organizationalUnitName = "5. Organizational Unit Name (eg, section) "
+organizationalUnitName_default = "Test Certificate"
+commonName = "6. Common Name (eg, DOMAIN NAME) "
+commonName_max = 64
+commonName_default = "localhost"
+emailAddress = "7. Email Address (eg, name@fqdn)"
+emailAddress_max = 40
+#emailAddress_default = "root@localhost"
+EOT
+ $openssl req -config .cfg -new -key $user.key -out $user.csr
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate certificate signing request" 1>&2
+ exit 1
+ fi
+ rm -f .cfg
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}"
+ cat >.cfg <<EOT
+#extensions = x509v3
+#[ x509v3 ]
+#subjectAltName = email:copy
+#basicConstraints = CA:false,pathlen:0
+#nsComment = "CCA generated client certificate"
+#nsCertType = client
+EOT
+ $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate X.509 certificate" 1>&2
+ exit 1
+ fi
+ caname="`$openssl x509 -noout -text -in ca.crt |\
+ grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
+ username="`$openssl x509 -noout -text -in $user.crt |\
+ grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
+# echo "Assembling PKCS#12 package"
+# $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}RESULT:${T_ME}"
+ $openssl verify -CAfile ca.crt $user.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
+ exit 1
+ fi
+ $openssl x509 -text -in $user.crt
+ $openssl rsa -text -in $user.key
+
+
+popd >/dev/null
+
+
+rm -f /tmp/tmpssl-$$/*.csr
+rm -f /tmp/tmpssl-$$/ca.*
+chmod 400 /tmp/tmpssl-$$/*
+
+echo "Certificate creation done!"
+cp /tmp/tmpssl-$$/server.* .
+
+rm -rf /tmp/tmpssl-$$