|
Weblet uses a shell-script based web server (sh-httpd) and some CGI scripts that let you
check on the status of your LRP box and read log files with a web-browser.
Weblet is very small (about 12K), so it doesn't take up much room on your disk. The
shell-script web-server is also available separately, for folks who might find
this useful on a non-LRP system.
Weblet V1.2.0
Includes Bandwidth monitor |
| File |
Protocol |
Speed |
Site |
| weblet.lrp |
http |
Fast |
LEAF Sourceforge site |
| weblet.lrp |
http |
Slow |
Local download |
Weblet-tiny V1.2.0
Bandwidth monitor
not included (get it
here) |
|
weblet-tiny.lrp |
http |
Fast |
LEAF Sourceforge site |
| weblet-tiny.lrp |
http |
Slow |
Local download |
| Stand-alone Shell-Script Web-Server |
| sh-httpd 0.4 |
| sh-httpd-0.4.tgz |
http |
Slow |
Local download |
| sh-httpd 0.3 |
| sh-httpd-0.3.tgz |
http |
Slow |
Local download |
- IMPORTANT: If you're using weblet-tiny.lrp, rename it to weblet.lrp
on your floppy disk. The weblet-tiny name is just to distinguish the two
versions here when downloading.
- Setup of the shell-script web server is a little more complex than just
adding the LRP file. Most of this is so the server can run as a
non-root user, which is always a good idea (even if you only allow the
internal network to connect). Don't let all the stuff below intimidate
you...it's actually pretty easy.
- Create the sh-httpd user. For you to be able to read log files remotely, the CGI scripts (and
sh-httpd) need to run as a user with permission to view the log files.
With the standard LRP passwd file, you can run sh-httpd as root (NOT RECOMMENDED!), or create a new user. To create a new user (sh-httpd)
with rights to read the log files (a member of the adm group), add the
following lines to /etc/passwd and /etc/shadow:
passwd:
sh-httpd:x:50:4:shell-script webserver:/var/sh-www:/bin/sh
shadow:
sh-httpd:*:10091:0:99999:7:::
- Add the line below to /etc/inetd.conf, to start sh-httpd when a www
request comes in to your system. You MUST use inetd (or something
similar, like micro_inetd on the utilities page)
to run sh-httpd, as sh-httpd cannot open and listen to a socket on its own
(hey, it's a shell script program...give me a break). This entry assumes
you are using tcpd wrappers to control access, and the server runs as user sh-httpd, which
you will need to create. I suggest you either run on the standard web
port (as shown here), or one of the 'low' ports (< 1024). Some
default firewall rules allow connections to ports >= 1024, so if you run
on a 'high' port, you might have less protection from the outside world.
www stream tcp nowait sh-httpd /usr/sbin/tcpd /usr/sbin/sh-httpd
- Restart inetd with the command 'killall -HUP inetd'
- Configure hosts.allow and hosts.deny as appropriate to your system.
I suggest the following, which blocks all access you do not specifically
allow, and only allows internal network connections to the webserver. WARNING
- This will prevent anything not specifically allowed from running via the
tcpd wrapper. If you have any services you are currently running, like
ssh or telnet, you must either add them to hosts.allow, or not add the ALL:
ALL line to hosts.deny for them to keep working.
hosts.allow:
sh-httpd: 192.168.1.0/255.255.255.0
hosts.deny:
ALL: ALL
- Materhorn/Eiger users: If you want to be able to view your firewall rules with the web server,
you need to change the permissions of the firewall administration programs
with the following two commands. This does not apply to 2.9.x LRP
users with 2.0.x kernels.
chmod 4755 /sbin/ipchains
chmod 4755 /usr/sbin/ipmasqadm
- The weblet CGI scripts are configured with the file
/etc/weblet.conf. You can control the OK, Warning, and Error thresholds
with this file.
- The web server is configured with a main configuration file:
/etc/sh-httpd.conf, and optional mime-types files (location specified in
sh-httpd.conf). WARNING - client access control based on IP
number is disabled by default. To enable only specific IP address to
connect to the sh-httpd web server, which I recommend as an additional layer
of security, uncomment the following line from sh-httpd.conf. You may
need to change the IP address...see sh-httpd.readme for details on this and
other configuration file settings.
CLIENT_ADDRS="192.168.1."
- Backup your changes. If you did everything listed above, you need to
backup root (only if you did step 6), and etc. If you changed any of
the weblet or sh-httpd configuration files, you will need to backup weblet,
as well.
- readme - General information about the
shell-script web server, including usage notes, external program
requirements, and configuration file details
- version - Revision information and some general features
- There are now two versions of the weblet package available: weblet.lrp and
weblet-tiny.lrp. The only difference is weblet-tiny does NOT
include the java bandwidth monitoring applet. Weblet-tiny DOES
however, include stat.sh, the shell-script daemon required by the Java
application (which you can download and run on an internal workstation, saving
precious disk space on your firewall). You will still probably need to
configure inetd to run the stat.sh if your adding this package to an existing
LEAF/LRP firewall.
- The web-server and CGI scripts were written on LRP 2.9.7, and tested on
LRP 2.9.7 and Eiger. Everything works fine on Materhorn/Eiger as well, and I
think the only issue with LRP 2.9.4 is the date command. If you note
any problems, let me know...there are a lot of differences between the 2.0.x
kernel and the 2.2.x kernel network commands, and the various versions of
busybox commands floating around.
- You may or may not be able to see an example of these scripts running on
my LRP test system...it just depends on what I'm up to at the moment.
Try http://lrptest.steinkuehler.net
and/or http://lrptest.steinkuehler.net:8008
- I would LOVE for someone with actual web-design talent to make some
pages...if you come up with anything you think looks good, put it up &
mention it on the LRP mailing list, or send it to me and I'll post it here.
- LRP 2.9.4 Users - You have a limited 'date' command, which does not
support the -uR flag used to create the 'date' header in the sh-httpd
script. To work around this, change:
from: REQ_DATE="`date -uR`"
to : REQ_DATE="`date`" And comment the line:
echo -d "Date: ${REQ_HEADER}\r"
in the print_headers() procedure near the top of the file. This
will put a date in the log file (if enabled), and prevent the server from
sending an improper Date: header, which could confuse some clients.
The log file date will still be in the wrong format, but if you really want,
you can either translate it, or modify any log analysis tools to recognize
the odd format.
LRP 2.9.x Users - Some users have reported problems running
weblet under 2.9.x (specifically 2.9.8pre). Apparently, busybox does
not have world execute permissions, so running weblet as user sh-httpd does
not work. To fix this, change the permissions on busybox (chmod 755
/bin/busybox) and backup the root package. - Logging is disabled by default for LRP users. If you want to enable logging, you
should uncomment the LOGFILE line in sh-httpd.conf, and setup a cron job to
rotate the log files so you don't gradually fill up your RAM disk. If
you use the default user name and log locations, just add the following line to
/etc/crontab:
40 6 * * * sh-httpd savelog -g adm -m 640 -u sh-httpd -c 4 /var/sh-log/sh-httpd.log
Last-modified: header and HEAD method are now
supported, thanks to Tormod Volden,
who pointed out that you can set the TZ variable before doing an ls command
to get UTC date/time. getpeername is the only odd external program used by
sh-httpd. It is part of the debian 'tcputils' package.
11/01/01 19:03 67,808 weblet.lrp
-rw-r--r-- root/root 1014 Oct 31 13:35 2000 etc/sh-httpd.conf
-rw-r--r-- root/root 200 Aug 22 05:15 2000 etc/sh-httpd.mime
-rw-r--r-- root/root 599 Oct 20 14:59 2000 etc/weblet.conf
-rwxr-xr-x root/root 167 Oct 30 04:49 2001 etc/cron.daily/savelog-sh-httpd
-rwxr-xr-x root/root 4132 Aug 05 13:10 2000 usr/bin/getpeername
-rwxr-xr-x root/root 8028 May 27 17:46 2001 usr/sbin/sh-httpd
-rwxr--r-- root/root 144 Sep 27 08:04 2001 usr/sbin/stat.sh
drwxr-xr-x 50/adm 0 Nov 01 18:52 2001 var/sh-log/
drwxr-xr-x 50/adm 0 Nov 01 18:24 2001 var/sh-www/
drwxr-xr-x 50/adm 0 Nov 01 18:58 2001 var/sh-www/cgi-bin/
-rwxr-xr-x 50/adm 2399 Oct 30 06:38 2001 var/sh-www/cgi-bin/checkmem
-rwxr-xr-x 50/adm 1815 Oct 30 06:39 2001 var/sh-www/cgi-bin/checkfw
-rwxr-xr-x 50/adm 1046 Nov 01 18:58 2001 var/sh-www/cgi-bin/viewlogs
-rwxr-xr-x 50/adm 2465 Oct 30 06:38 2001 var/sh-www/cgi-bin/checkdisk
-rwxr-xr-x 50/adm 985 Oct 08 12:59 2001 var/sh-www/cgi-bin/viewnet
-rwxr-xr-x 50/adm 1329 Oct 08 12:43 2001 var/sh-www/cgi-bin/viewfw
-rwxr-xr-x 50/adm 1019 Oct 30 05:37 2001 var/sh-www/cgi-bin/viewsys
-rwxr-xr-x 50/adm 499 Oct 08 12:56 2001 var/sh-www/cgi-bin/viewmasq
-rwxr-xr-x 50/adm 2258 Oct 30 05:56 2001 var/sh-www/cgi-bin/cgi.include
lrwxrwxrwx root/root 0 Nov 01 18:22 2001 var/sh-www/cgi-bin/viewlogs-www -> viewlogs
drwxrwxrwx 50/adm 0 Nov 01 18:22 2001 var/sh-www/images/
-rw-r--r-- 50/adm 376 Aug 19 04:46 2000 var/sh-www/images/lrpbkg.gif
-rw-r--r-- root/root 1369 Oct 30 04:11 2001 var/sh-www/images/error.gif
-rw-r--r-- root/root 1594 Oct 30 04:11 2001 var/sh-www/images/warn.gif
-rw-r--r-- root/root 1155 Oct 30 04:11 2001 var/sh-www/images/ok.gif
-rw-r--r-- root/root 12890 Oct 30 04:28 2001 var/sh-www/index.html
-rwxr--r-- root/root 50630 Sep 27 07:34 2001 var/sh-www/lrpStat.jar
-rwxr--r-- root/root 1200 Sep 27 14:38 2001 var/sh-www/netmon.html
-rw-r--r-- root/root 101 Aug 19 04:29 2000 var/lib/lrpkg/weblet.conf
-rw-r--r-- root/root 13 Aug 19 04:40 2000 var/lib/lrpkg/weblet.exclude.list
-rw-r--r-- root/root 1063 Oct 07 16:45 2000 var/lib/lrpkg/weblet.help
-rw-r--r-- root/root 184 Oct 30 06:48 2001 var/lib/lrpkg/weblet.list
-rw-r--r-- root/root 6 Oct 30 07:07 2001 var/lib/lrpkg/weblet.version
11/01/01 19:02 18,210 weblet-tiny.lrp
-rw-r--r-- root/root 1014 Oct 31 13:35 2000 etc/sh-httpd.conf
-rw-r--r-- root/root 200 Aug 22 05:15 2000 etc/sh-httpd.mime
-rw-r--r-- root/root 599 Oct 20 14:59 2000 etc/weblet.conf
-rwxr-xr-x root/root 167 Oct 30 04:49 2001 etc/cron.daily/savelog-sh-httpd
-rwxr-xr-x root/root 4132 Aug 05 13:10 2000 usr/bin/getpeername
-rwxr-xr-x root/root 8028 May 27 17:46 2001 usr/sbin/sh-httpd
-rwxr--r-- root/root 144 Sep 27 08:04 2001 usr/sbin/stat.sh
drwxr-xr-x 50/adm 0 Nov 01 18:52 2001 var/sh-log/
drwxr-xr-x 50/adm 0 Nov 01 19:03 2001 var/sh-www/
drwxr-xr-x 50/adm 0 Nov 01 18:58 2001 var/sh-www/cgi-bin/
-rwxr-xr-x 50/adm 2399 Oct 30 06:38 2001 var/sh-www/cgi-bin/checkmem
-rwxr-xr-x 50/adm 1815 Oct 30 06:39 2001 var/sh-www/cgi-bin/checkfw
-rwxr-xr-x 50/adm 1046 Nov 01 18:58 2001 var/sh-www/cgi-bin/viewlogs
-rwxr-xr-x 50/adm 2465 Oct 30 06:38 2001 var/sh-www/cgi-bin/checkdisk
-rwxr-xr-x 50/adm 985 Oct 08 12:59 2001 var/sh-www/cgi-bin/viewnet
-rwxr-xr-x 50/adm 1329 Oct 08 12:43 2001 var/sh-www/cgi-bin/viewfw
-rwxr-xr-x 50/adm 1019 Oct 30 05:37 2001 var/sh-www/cgi-bin/viewsys
-rwxr-xr-x 50/adm 499 Oct 08 12:56 2001 var/sh-www/cgi-bin/viewmasq
-rwxr-xr-x 50/adm 2258 Oct 30 05:56 2001 var/sh-www/cgi-bin/cgi.include
lrwxrwxrwx root/root 0 Nov 01 18:22 2001 var/sh-www/cgi-bin/viewlogs-www -> viewlogs
drwxrwxrwx 50/adm 0 Nov 01 18:22 2001 var/sh-www/images/
-rw-r--r-- 50/adm 376 Aug 19 04:46 2000 var/sh-www/images/lrpbkg.gif
-rw-r--r-- root/root 1369 Oct 30 04:11 2001 var/sh-www/images/error.gif
-rw-r--r-- root/root 1594 Oct 30 04:11 2001 var/sh-www/images/warn.gif
-rw-r--r-- root/root 1155 Oct 30 04:11 2001 var/sh-www/images/ok.gif
-rw-r--r-- root/root 12890 Oct 30 04:28 2001 var/sh-www/index.html
-rwxr--r-- root/root 434 Nov 01 19:01 2001 var/sh-www/netmon.html
-rw-r--r-- root/root 101 Aug 19 04:29 2000 var/lib/lrpkg/weblet.conf
-rw-r--r-- root/root 13 Aug 19 04:40 2000 var/lib/lrpkg/weblet.exclude.list
-rw-r--r-- root/root 1063 Oct 07 16:45 2000 var/lib/lrpkg/weblet.help
-rw-r--r-- root/root 184 Oct 30 06:48 2001 var/lib/lrpkg/weblet.list
-rw-r--r-- root/root 6 Oct 30 07:07 2001 var/lib/lrpkg/weblet.version
10/10/00 10:32 13,961 sh-httpd-0.4.tgz
drwxr-xr-x root/root 0 Oct 09 10:28 2000 sh-httpd-0.4/
-rwxr-xr-x root/root 8006 Oct 09 10:28 2000 sh-httpd-0.4/sh-httpd
-rw-r--r-- root/root 1025 Aug 20 20:18 2000 sh-httpd-0.4/sh-httpd.conf
-rw-r--r-- root/root 200 Aug 20 20:18 2000 sh-httpd-0.4/sh-httpd.mime
-rw-r--r-- root/root 5657 Oct 05 17:13 2000 sh-httpd-0.4/sh-httpd.readme
-rw-r--r-- root/root 2063 Oct 10 10:28 2000 sh-httpd-0.4/sh-httpd.version
-rw-r--r-- root/root 18007 Aug 22 08:40 2000 sh-httpd-0.4/gpl.txt
- 10-31-01
- Completely revamped version for Dachstein. Still the same old
sh-httpd, but the web pages have been completely re-designed based on work
done by Justin Ribeiro, with status images created by Julian Church. The cgi scripts have been updated to the 'new
look' as well. Also, the excelent bandwidth monitor Java applet from
Martin Hejl has been included. The package also includes an entry for
/etc/cron.daily to rotate the web logs, so your ramdisk won't eventually fill
up, and you can now monitor your web logs from the main page, as well as your
system logs.
- 1-18-01
- Added note about busybox permissions for LRP 2.9.x users.
- 10-31-00 Version 1.1.2
- Updated viewsys CGI script to display the currently running processes.
- 10-16-00 Version 1.1.1
- Updated checkmem CGI script to accurately reflect available memory, not
just free (unused) memory.
- 10-9-00 Version 1.1
- Updated web server to sh-httpd V0.4, added current connections CGI script,
minor updates to existing web pages.
- 8-20-00 Version 1.0
- Initial release
- The shell scripts are their own source code...
|
