Background

NDT uses the fakewww http server to publish its html and java applet. SLAC security is somewhat dubious about the security of fakewww. This page outlines the steps required to make ndt utilise an apache2 installation rather than fakewww.

Virtual Server

Rather than creating a whole config, i will utilise a virtual server.

ports.conf

Add the following line to the below mentioned configuration file.

/etc/apache2/ports.conf
Listen 7123

001-ndt

Write following in the file on the path mentioned.

/etc/apache2/sites-enabled/001-ndt
NameVirtualHost *:7123
<VirtualHost *:7123>
        ServerAdmin webmaster@localhost

        DocumentRoot /usr/local/ndt
        <Directory />
                AllowOverride None
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

</VirtualHost>

We probably also want to have a link to the main page:

sudo ln -s /usr/local/ndt/tcpbw100.html /usr/local/ndt/index.html

Disable fakewww

We now need to disable fakewww on bootbup on the NPT. This has to be done by hacking the ndt init.d script to read '0' for the FAKE_DAEMON.

This change is made inside ndt init script and is shown in Configuration files section below.

Enable apache2

We simply need to create a symlink into the relevant runmode

ln -s /etc/init.d/apache2 /etc/rc3.d/S91apache2

As of ps Performance Toolkit 3.1, S91apache2 script is packaged with the Knoppix. This script is placed inside the run-level 3 (/etc/rc3.d).

Configuration files

ndt init script

Changes don't stick by default and are wiped out automatically at each reboot. To modify the init script, you'll need to setup something so that your new init script overrides default script of the ISO at each each reboot. The trick is to check at boot-time if you're running a certain version of the disc, and if so, overwrite the init script. To do that, make a directory like "/mnt/store/updates", and then copy the ndt init script there and make changes to it.

Make appropriate changes (shown enclosed inside <changes> .. </changes>) to ndt init script.

/mnt/store/updates/ndt
#!/bin/bash
#
# chkconfig: 2345 55 25
# description: Starts the NDT Web server
# written by Peter Bertoncini <pjb@anl.gov>
#
# Customized NTP startup script for Internet Network Performance Tools
# Live CD.  The process for this tool, and all the others, it to let
# Knoppix take care of some customization during the boot phase.  Knoppix
# will automatically look for, and execute, a knoppix.sh script on an
# attached drive.  This means that we will store the customized file
# on a USB thumb drive.  At boot time the boot process will find and
# execute a knoppix.sh script that will copy the config files into
# the proper place.  If they don't exist, then prompt the user to
# customize things.
#
# At shutdown, copy the files back to the mounted USB drive.
# Rich Carlson - 4/20/06
#
# Added a function to alert a daemon that NDT has started up, along with the
# location of the configuration file
# Aaron Brown - 2008-07-02

path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
NDT_DAEMON=/usr/local/sbin/web100srv
# <changes>
# set to the full path of fakewww or 0 to not run server
FAKE_DAEMON=0
# </changes>
NDT_LOG_DIRECTORY=/var/log/ndt

# bring in NPT functions for later use
ENV="env -i PATH=/lib/init:/bin:/sbin:/usr/bin"
. /lib/init/nptoolkit-functions.sh

[ -f /usr/local/ndt/web100_variables ] || exit 0

# Extra logging can be enabled by adding "--snaplog" or "--tcpdump" options.
# These logs will get stored in the NDT_LOG_DIRECTORY
mkdir -p $NDT_LOG_DIRECTORY
pushd $NDT_LOG_DIRECTORY

# Specify some default options.
WEB100SRV_OPTIONS="-a"
# <changes>
FAKEWWW_OPTIONS=""
# FAKEWWW_OPTIONS="-l $NDT_LOG_DIRECTORY/access.log -e $NDT_LOG_DIRECTORY/error.log"
# </changes>
# FAKEWWW_OPTIONS="-l /var/log/fakewww.log"
# logging now on by default writing access_log and error_log files
# in /usr/local/ndt

case "$1" in
   start)
        echo -n "Starting NDT Services: "
        if [ -f /usr/local/ndt/tcpbw100.html ]; then
                echo " - using customized NDT web server page."
        else
                /bin/cp /usr/local/etc/tcpbw100.knoppix /usr/local/ndt/tcpbw100.html
                echo " - using generic NDT web server page - Please customize"
                /bin/touch /tmp/customize.ndt
        fi
        mkdir -p /var/run/ndt/run
        chmod 755 /var/run/ndt/run
        chown root:wheel /var/run/ndt/run >/dev/null 2>&1 || true

        echo -n "     "

        # <changes>
        # don't run www daemon if no content
        if [ ! $FAKE_DAEMON ]; then
        # </changes>

        if [ ! -x $FAKE_DAEMON ]; then
                echo "fakewww binary missing - Not starting"
                exit 1
        fi
        start-stop-daemon --start -m --pidfile=/var/run/ndt/run/fakewww.pid \
                --exec $FAKE_DAEMON -- $FAKEWWW_OPTIONS >/dev/null 2>&1 &
        if [ $? != 0 ]; then
                echo "Problem starting fakewww"
                exit -1
        fi

        echo -n "fakewww"

        fi

        if [ ! -x $NDT_DAEMON ]; then
                echo "web100srv binary missing - Not starting"
                exit 1
        fi
        start-stop-daemon --start -m --pidfile=/var/run/ndt/run/web100srv.pid \
                --exec $NDT_DAEMON -- $WEB100SRV_OPTIONS >/dev/null 2>&1 &
        echo -n " web100srv"
        echo "."
    ;;

    stop)
        echo -n "Stopping NDT services: "
        start-stop-daemon --stop --name fakewww
        echo -n "fakewww"
        start-stop-daemon --stop --name web100srv
        echo -n " web100srv"

        # <changes>
        mount_NPT_drives
        select_NPT_drive
        if [ "$DRVS" == "" ] ; then
                echo "Error: no drives available to hold customized files."
        else
                for DRV in $DRVS ; do
                        save_NPT_file $DRV /usr/local/ndt/tcpbw100.html tcpbw100.html
                        save_NPT_file $DRV /usr/local/ndt/web100srv.log web100srv.log
                        save_NPT_file $DRV /usr/local/ndt/access_log access_log
                        save_NPT_file $DRV /usr/local/ndt/error_log error_log
                        echo "Saving NDT customization files to '$DRV' drive"
                done
        fi
        # </changes>

        echo "."
    ;;

    restart)
        echo -n "Restarting NDT services: "
        start-stop-daemon --stop --name fakewww
        start-stop-daemon --stop --name web100srv
        sleep 2
        start-stop-daemon --start -m --pidfile=/var/run/ndt/run/fakewww.pid \
                --exec $FAKE_DAEMON -- $FAKEWWW_OPTIONS >/dev/null 2>&1 &
        echo -n "fakewww"
        start-stop-daemon --start -m --pidfile=/var/run/ndt/run/web100srv.pid \
                --exec $NDT_DAEMON -- $WEB100SRV_OPTIONS >/dev/null 2>&1 &
        echo " web100srv."
    ;;

    *)
        echo $"Usage: $0 {start|stop|restart}"
        exit 1
    ;;
esac

exit 0

knoppix.local.sh

To make things stick in NPT after reboot, we first create a knoppix.local.sh file for local modifications.

/mnt/store/knoppix.local.sh
#!/bin/bash
# make changes stick in npt everytime system reboots
if [ "$2" == "3.1" -o "$2" == "3.1.1" ]; then
    cp /mnt/store/updates/ndt /etc/init.d/ndt
fi

Also do the following to make the script executable.

/mnt/store/knoppix.local.sh
sudo chmod +x /mnt/store/knoppix.local.sh

and have the relevant files on the jumpdrive.

End Note

Do "sudo netstat -nlp" to see if apache2 now listens on 7123 (ndt) instead of fakewww. Moreover reboot and repeat the netstat command. If changes stick then congratulations you are done!

  • No labels