Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
With all the logs I look at it appears the root of the problem is with apparmor terminating it with "mysql respawning too fast" errors. I think we should tackle the problem from that angle.
It's late in my timezone so I'm going to go to bed. But I'll be up again tomorrow and continue looking into this.
SAM
1.
Quote:
Considering the relative lack of danger of experimenting with my dev server, I chanced playing with the permissions with a:
chmod -R 770 /media/asimov/mysql
"chmod -R 770 /var/lib/mysql" returns "chmod: cannot access `/var/lib/mysql': No such file or directory"
2.
Quote:
Check that my.cnf exists in /etc/mysql/ and that there's only one of them around in the various config directories (as well as your own home directory, I guess).
Check that the apparmor entry for mysql exists and points to the right directories and files.
Not sure how to do this.
4.
Quote:
Reconfigure mysql using dpkg-reconfigure mysql-server-5.5
A dialog opened, I set root password to "fixit" (go ahead and hack me internets)
This returned:
Code:
120904 0:35:44 [Note] Plugin 'FEDERATED' is disabled.
120904 0:35:44 InnoDB: The InnoDB memory heap is disabled
120904 0:35:44 InnoDB: Mutexes and rw_locks use GCC atomic builtins
120904 0:35:44 InnoDB: Compressed tables use zlib 1.2.3.4
120904 0:35:44 InnoDB: Initializing buffer pool, size = 128.0M
120904 0:35:44 InnoDB: Completed initialization of buffer pool
120904 0:35:44 InnoDB: highest supported file format is Barracuda.
120904 0:35:44 InnoDB: Waiting for the background threads to start
120904 0:35:45 InnoDB: 1.1.8 started; log sequence number 1595675
120904 0:35:45 InnoDB: Starting shutdown...
120904 0:35:45 InnoDB: Shutdown completed; log sequence number 1595675
mysql start/running, process 21949
5.
Quote:
Avoid using an empty root password was another potential fix with a high frequency of repeats.
Fairly sure I haven't done this.
6.
Quote:
Reinstall mysql was also an oft recommended option. If you do, remember to back things up beforehand!
I think we've been around this circle.
I'm not really sure how to check if any of that worked. "mysql" still returns "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)".
In case its helpful, here are my (perhaps unchanged) log files:
If you set a password for ther mysql root user, you need the -p option.
Code:
mysql -u root -p
Else maybe you can now try my advice in post #17.
It seems to have worked! I'm in MySQL monitor. Now... what do I do from here?
EDIT: Actually, I guess its do whatever from here (a good thing!). Whats the standard procedure for checking to make sure I have a working, integrated LAMP setup?
Last edited by southpointingchariot; 09-04-2012 at 12:45 AM.
And write a little PHP page that can connect to a database.
You have experience with WAMP, so the rest should be the same.
Gotya - however, this is made more complicated by the fact that I'm not really familiar with MySQL (an attempt to start using it is what started this whole mess). Thus I'm not really sure what parts of that tutorial I need to follow (should I install mysql-server?), nor how to test MySQL or phpmyadmin.
Gotya - however, this is made more complicated by the fact that I'm not really familiar with MySQL (an attempt to start using it is what started this whole mess). Thus I'm not really sure what parts of that tutorial I need to follow (should I install mysql-server?), nor how to test MySQL or phpmyadmin.
It is best to learn MySQL from the command line. Go ahead and start doing your thing in this post.
3 recommendations you should take to heart
Do not use "helper" software like phpmyadmin or webmin. When hackers are attacking a server this is the kind of stuff they're looking for (and it's easy to find). Even wordpress is a common attack vector. I tend to not run PHP apps at all and tend to go for Python or Perl using a development framework.
Enable a firewall (I recommend iptables) which blocks all incomming connections. Then only open TCP ports 80 and 443 for your web applications.
Be sure to set a root password on your database and use isolated users for different databases like I outlined in previous posts.
If you're not familiar with LAMP then the easiest undertaking to get familiar with it is installing wordpress using their tar.gz file. Download wordpress here.
It is best to learn MySQL from the command line. Go ahead and start doing your thing in this post.
3 recommendations you should take to heart
Do not use "helper" software like phpmyadmin or webmin. When hackers are attacking a server this is the kind of stuff they're looking for (and it's easy to find). Even wordpress is a common attack vector. I tend to not run PHP apps at all and tend to go for Python or Perl using a development framework.
Enable a firewall (I recommend iptables) which blocks all incomming connections. Then only open TCP ports 80 and 443 for your web applications.
Be sure to set a root password on your database and use isolated users for different databases like I outlined in previous posts.
If you're not familiar with LAMP then the easiest undertaking to get familiar with it is installing wordpress using their tar.gz file. Download wordpress here.
I have some experience with wordpress - this is a personal development project, not a professional one for now, the goal is to learn how to build a simple CMS. I'm planning on using this tutorial: http://www.elated.com/articles/cms-i...noon-php-mysql. My only real LAMP experience is basic PHP include stuff, some wordpress, and maintaining a local server to test sites I'm working on.
Is PHP really that suspect? Do you know of a CMS intro tutorial that uses perl or python instead (I don't actually know either, though I need to learn them at some point of course - just for doing perl rename commands in bash )
Right now the National Vulnerability Database Search Engine appears to be down. But when last time it was up when I did a search for php there were over 22000 vulnerabilities related to php or applications designed in php. The thing about php is that it is really easy to get yourself in trouble if you don't properly sanitise inputs. There's a ton of other design issues for the developer to consider from a security perspective but alas I don't want to turn this thread into php bashing. It has it's place in the world of web design if you do it right. In your case, designing a CMS for educational purposes is okay since you're attempting to learn the LAMP stack. You're bound to have security issues no matter what you create since you're new to the process. However, if you decide to release your source code like so many others just be sure to put a big fat disclaimer on there that you don't know about the security integrity of the software you designed.
One thing you should realize is that no software is impervious to bugs or vulnerabilities. For instance, people who leave their MySQL server wide open are susceptible to serious security attacks like this one. But you add several layers security where possible such as separating user logins, enabling system security layers like SELinux or AppArmor, and always a firewall.
If you're new to Python then I recommend taking a free course on it. Go to the Django website they've got a quick install guide and a beginners tutorial (the tutorial assumes you know Python already to some extent). As always google is a great resource and usually you'll find your questions answered by somebody on the internet.
Right now the National Vulnerability Database Search Engine appears to be down. But when last time it was up when I did a search for php there were over 22000 vulnerabilities related to php or applications designed in php. The thing about php is that it is really easy to get yourself in trouble if you don't properly sanitise inputs. There's a ton of other design issues for the developer to consider from a security perspective but alas I don't want to turn this thread into php bashing. It has it's place in the world of web design if you do it right. In your case, designing a CMS for educational purposes is okay since you're attempting to learn the LAMP stack. You're bound to have security issues no matter what you create since you're new to the process. However, if you decide to release your source code like so many others just be sure to put a big fat disclaimer on there that you don't know about the security integrity of the software you designed.
One thing you should realize is that no software is impervious to bugs or vulnerabilities. For instance, people who leave their MySQL server wide open are susceptible to serious security attacks like this one. But you add several layers security where possible such as separating user logins, enabling system security layers like SELinux or AppArmor, and always a firewall.
If you're new to Python then I recommend taking a free course on it. Go to the Django website they've got a quick install guide and a beginners tutorial (the tutorial assumes you know Python already to some extent). As always google is a great resource and usually you'll find your questions answered by somebody on the internet.
Thanks again for all your help.
Your point concerning security is good - its not really a major concern right at this moment, but I want to do it right from the beginning - that's kinda the whole point.
From what I know, Django is an excellent application, but I wonder if it suits my goal (perhaps because my goal is unwise). I'm trying to focus on minimalism - if there's anything my foray into the meaningful digital world has taught me, its that its better not to have all the features, and do the work, then use a generic, likely bloated-for-my-purposes package (web design I would argue fits this very well - vim > dreamweaver). My thought is thus to actually build a very weak CMS on my own (well, from a tutorial), and then tear it down several times until I'm as comfortable with my base as I am with my basic HTML and CSS methodology, and then slowly learn features from there. I'm aware that most newbs take the opposite strategy - use the pre-made thing, then get smaller and smaller - but I was hoping to take the minimalist approach. Am I on the wrong track do you think? Is Django still the right thing to pursue?
Am I on the wrong track do you think? Is Django still the right thing to pursue?
It's a design decision at this point. Both tools get the job done, you just need to evaluate the pros and cons of each. That's about as good of an answer I can give you. Short of being you, it's difficult for me to understand your requirements without seeing a full performance spec of the job. I'd say go with what makes you comfortable if you're just learning the LAMP stack.
I've programmed in both PHP and Python and have been successful in both. So basically all I can recommend is aim your arrow and let it fly. Use either.
Thanks for the input! I'm worried my ignorance is preventing me from diving in undirected - do you happen to know a good intro tutorial to building a minimalist CMS? Or, at least, do you know what I should search for?
To start, clean up the initial installation of mysql. There are some users that should not be there in my opinion; same for the existence of a possible test database. See Securing the Initial MySQL Accounts
Note: do not remove the 'debian-sys-maint' user
A note on security
Make sure that files with login credentials can be read by apache but not by visitors of the site. My approach is to have
Code:
/home/wim/website1
|
+----- inc
+----- www
/home/wim/website1/www will be the documentroot for an apache website and visitors of your website can access the files in there. They can not access files in /home/wim/website1/inc but apache can read them.
To start, clean up the initial installation of mysql. There are some users that should not be there in my opinion; same for the existence of a possible test database. See Securing the Initial MySQL Accounts
Note: do not remove the 'debian-sys-maint' user
A note on security
Make sure that files with login credentials can be read by apache but not by visitors of the site. My approach is to have
Code:
/home/wim/website1
|
+----- inc
+----- www
/home/wim/website1/www will be the documentroot for an apache website and visitors of your website can access the files in there. They can not access files in /home/wim/website1/inc but apache can read them.
Thanks for the find! I'm worried its progression is somewhat out my league, but I'll check out the tutorial, and maybe that'll help. If nothing else, I'm getting a better picture of what I need to look for. There's a uber-minimalist CMS tutorial out there, and one way or another, I'll figure out which one it is!
Last edited by southpointingchariot; 09-05-2012 at 09:11 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.