04-14-2023, 10:12 PM
Question:
------------------------------------------------------------------------------------
Hello, Just bringing up this ticket again as it's a similar issue, i'm creating a new function to run an add on i'm creating, like the serverstatus, and i've got this code:
----------
<code>case 'runchkrootkit' : return $this->runChkRootKit();break;
<code>function runChkRootKit(){
$this->requireAdmin();
$chkrootkitrun=$this->executeProg3("chkrootkit-0.49;./chkrootkit");
$this->output.=$chkrootkitrun;
return true;
}
-------------
The first line is just below the 'serverstatus' op in the runop function.
But when I go to:
<code>myip/index.php?op=$runchkrootkit
I get this error:
Some Error Occured.
(runop) internal ehcp error: Undefined operation: $runchkrootkit
This feature may not be complete
Any idea?
Thanks.
------------------------------------------------------------------------------------
Answer:
------------------------------------------------------------------------------------
you are on right way, and you almost understand the coding structure of ehcp. this is good.
here is the solution:
first,
in url:
<code>http://myip/index.php?op=runchkrootkit
that is, do not use dollar sign after op=
second,
remember that, any operations that you call with url is done directly in server, apache, with un-privileged (non-root) user of apache2 or www-data.
So, these operations are limited. you can do mysql operations, or simple php things. But you cannot do any server/root related things.
To do server/root related things, (that require root privileges) ehcp has a simple mechanism:
1-ehcp gui only takes the command that is going to be done, records(inserts) the command to mysql operations table, Function $this->addDaemonOp( does this .
2-ehcp backend daemon listens for any incoming commands by checking the mysql operations table in regular intervals, then, does those operations with root privileges, since ehcp daemon runs with root user. So, take care to what you code for operations that are done in daemon, root mode. this is an important security consideration.
so, to accomplish what you want, you need:
<code>case 'dorunchkrootkit' : $this->requireAdmin(); return $this->addDaemonOp('runchkrootkit','','','','run chkrootkit-this is a comment');break; # this will run in ehcp gui, and will instruct ehcp daemon to runchkrootkit
case 'runchkrootkit' : return $this->runChkRootKit();break; # this will run in ehcp daemon , also note that, ehcp gui and daemon uses same classapp.php file.
<code>function runChkRootKit(){
#$this->requireAdmin(); # in fact, not needed, since this is already daemon, and root.
$this->requireCommandLine(__FUNCTION__);
$chkrootkitrun=$this->executeProg3("cd /somepath/chkrootkit-0.49; ./chkrootkit");
$this->output.=$chkrootkitrun; # no output can be sent to gui from daemon... we need a new mechanism for this. but you can email yourself, using $this->miscconfig['adminemail']
return true;
}
third,
i am not sure that multiple commands can run in function executeProg3, I suggest to use a single command, maybe a small bash script that does what you want.
Restored from old drupal forum, for user uid:1 username:ehcpdeveloper
You may reset your password to access your new account here.
------------------------------------------------------------------------------------
Hello, Just bringing up this ticket again as it's a similar issue, i'm creating a new function to run an add on i'm creating, like the serverstatus, and i've got this code:
----------
<code>case 'runchkrootkit' : return $this->runChkRootKit();break;
<code>function runChkRootKit(){
$this->requireAdmin();
$chkrootkitrun=$this->executeProg3("chkrootkit-0.49;./chkrootkit");
$this->output.=$chkrootkitrun;
return true;
}
-------------
The first line is just below the 'serverstatus' op in the runop function.
But when I go to:
<code>myip/index.php?op=$runchkrootkit
I get this error:
Some Error Occured.
(runop) internal ehcp error: Undefined operation: $runchkrootkit
This feature may not be complete
Any idea?
Thanks.
------------------------------------------------------------------------------------
Answer:
------------------------------------------------------------------------------------
you are on right way, and you almost understand the coding structure of ehcp. this is good.
here is the solution:
first,
in url:
<code>http://myip/index.php?op=runchkrootkit
that is, do not use dollar sign after op=
second,
remember that, any operations that you call with url is done directly in server, apache, with un-privileged (non-root) user of apache2 or www-data.
So, these operations are limited. you can do mysql operations, or simple php things. But you cannot do any server/root related things.
To do server/root related things, (that require root privileges) ehcp has a simple mechanism:
1-ehcp gui only takes the command that is going to be done, records(inserts) the command to mysql operations table, Function $this->addDaemonOp( does this .
2-ehcp backend daemon listens for any incoming commands by checking the mysql operations table in regular intervals, then, does those operations with root privileges, since ehcp daemon runs with root user. So, take care to what you code for operations that are done in daemon, root mode. this is an important security consideration.
so, to accomplish what you want, you need:
<code>case 'dorunchkrootkit' : $this->requireAdmin(); return $this->addDaemonOp('runchkrootkit','','','','run chkrootkit-this is a comment');break; # this will run in ehcp gui, and will instruct ehcp daemon to runchkrootkit
case 'runchkrootkit' : return $this->runChkRootKit();break; # this will run in ehcp daemon , also note that, ehcp gui and daemon uses same classapp.php file.
<code>function runChkRootKit(){
#$this->requireAdmin(); # in fact, not needed, since this is already daemon, and root.
$this->requireCommandLine(__FUNCTION__);
$chkrootkitrun=$this->executeProg3("cd /somepath/chkrootkit-0.49; ./chkrootkit");
$this->output.=$chkrootkitrun; # no output can be sent to gui from daemon... we need a new mechanism for this. but you can email yourself, using $this->miscconfig['adminemail']
return true;
}
third,
i am not sure that multiple commands can run in function executeProg3, I suggest to use a single command, maybe a small bash script that does what you want.
Restored from old drupal forum, for user uid:1 username:ehcpdeveloper
You may reset your password to access your new account here.