PHP Rest Class

A multi purpose php rest class.

<?php
/*
 * Rest Class for php
 */
class Rest {
/*
 * Request URI
 */
 private $request = NULL;
/*
 * Method called
 */
 private $method = NULL;
/*
 * Params received
 */
 private $params = array();
 /*
 * Constructor
 */
 public function __construct() {
 $this->_parseParams();
 }
/**
 * @brief Lookup request params
 * @param string $name Name of the argument to lookup
 * @param mixed $default Default value to return if argument is missing
 * @returns The value from the GET/POST/PUT/DELETE value, or $default if not set
 */
 public function get($name, $default = null) {
 if (isset($this->params[$name])) {
 return $this->params[$name];
 } else {
 return $default;
 }
 }
private function _parseParams() {
 $this->method = $_SERVER['REQUEST_METHOD'];
 if ($this->method == "PUT" || $method == "DELETE") {
 parse_str(file_get_contents('php://input'), $this->params);
 $GLOBALS["_{$method}"] = $this->params;
 // Add these request vars into _REQUEST, mimicing default behavior, PUT/DELETE will override existing COOKIE/GET vars
 $_REQUEST = $this->params + $_REQUEST;
 } else if ($this->method == "GET") {
 $this->params = $_GET;
 } else if ($this->method == "POST") {
 // Check for emulated POST
 if ($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']) {
 $this->method = strtoupper($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']);
 } else if ($_POST['_method']) {
 $this->method = strtoupper($_POST['_method']);
 } 
 $this->params = $_POST;
 }
 $this->request = preg_split("/\//", substr(@$_SERVER['PATH_INFO'], 1));
 }
 
 public function getMethod(){
 return $this->method;
 }
 
 public function getRequest(){
 return $this->request;
 }
 
 public function getAllParams(){
 return $this->params;
 }
 
 public function response($data, $error = NULL){
 // Data header for all responses
 header('Content-Type: application/json');
 // Standard json format status, error, data along with respective headers
 if(isset($data) && !isset($error)){
 // Send Success Header
 header('HTTP/1.1 200 OK');
 $json['status'] = "200";
 $json['data'] = $data;
 }
 else {
 // Send Failure Header
 header('HTTP/1.1 200 OK');
 $json['status'] = "500";
 $json['error'] = $error;
 }
return json_encode($json);
} // response
}
/*
// Debug
$r = new REST();
echo $r->getMethod() . "\n";
print_r($r->getRequest());
print_r($r->getAllParams());
*/

Install BackupPC on CentOS 6.3

  1. You need to have a running CentOS 6.3. I installed it with minimal components on a VM via Hyper-V 2; “lean but mean” so to say. 
  2. Using Putty, connect to your CentOS box and install these useful tools:
    • wget – an easy-to-use CLI download tool.
    • nano – a file editor for humans.
    • screen – I like this tool because it allows you to have different screens for every task you to do; very useful, it enhances your Putty experience 
    • man – your dependable CLI technical support.

    Use this command yum -y install man nano screen wget

  3. You need to add two special repositories, EPEL and REMI. A number of the packages we need for this endeavor is not part of the Red Hat / CentOS package manifest.
    wget -c http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
    wget -c http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
    rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
     
  4. Enable the REMI repository.
    nano /etc/yum.repos.d/remi.repo 

    Edit and save the above file to reflect this:

    name=Les RPM de remi pour Enterprise Linux $releasever – $basearch
    #baseurl=http://rpms.famillecollet.com/enterprise/$releasever/remi/$basearch/
    mirrorlist=http://rpms.famillecollet.com/enterprise/$releasever/remi/mirror
    enabled=1
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
    failovermethod=priority

  5. Install the BackupPC pre-requisites.
    yum -y install perl-Compress-Zlib perl-Archive-Zip perl-File-RsyncP perl-suidperl openssh-clients expect 
  6. Do an update, then upgrade, to make sure everything is up-to-date.
    yum -y update
    yum -y upgrade 
  7. We need to create the user account that BackupPC will use and assign a password for it.
    adduser backuppc
    passwd backuppc 

    You will be prompted to key-in your desired password. Remember this password ’cause you will need it later.

  8. And now folks, the moment you’ve all been waiting for, the BackupPC installation!  
    yum -y install BackupPC 

    I wish the command was longer or better yet, extremely complex but that’s just it… 

  9. After the package installation, two biggies are now in place, Apache and BackupPC. Verify that these services are listed in the startup script.
    chkconfig –list backuppc
    chkconfig –list httpd 

    Notice that both are turned off.

  10. We need to make these two services start at startup. Do this:
    chkconfig backuppc on
    chkconfig httpd on 
  11. You’re probably guessing what’s Apache got to do with BackupPC; well, it runs the web interface but we need to do some tasks before we can use it. We first need to create the access file.
    htpasswd -c /etc/BackupPC/apache.users backuppc 

    You will be prompted for a password; just key-in the password you assigned the backuppc user awhile back.

  12. Edit and save the BackupPC configuration file for Apache.
    nano /etc/httpd/conf.d/BackupPC.conf 

    Your changes should reflect something like this:
    order deny,allow
    deny from all
    #allow from 127.0.0.1
    #allow from ::1
    allow from all
    AuthType Basic
    AuthUserFile /etc/BackupPC/apache.users
    AuthName “backuppc”

  13. As a safety precaution, make a duplicate of the BackupPC main configuration file.
    cp /etc/BackupPC/config.pl /etc/BackupPC/config.pl.ORIG 
  14. We’ll use screen to help us accomplish this next task.
    screen
    nano /etc/BackupPC/config.pl 

    In nano, press CTRL + W; this will invoke the search facility. Search for this parameter $Conf\{ServerMesgSecret\}.

    Now, press CTRL + A + C; this will open another screen. Run this command:
    mkpasswd -l 32 -d 16

    Highlight the output then press CTRL + A + P; this will bring you back to the previous screen. Right-click your mouse to paste the output between the single quotes of the aforementioned configuration parameter. You should have something like this:
    $Conf{ServerMesgSecret} = ’7687nR848l39etpm7812w1f-pj3iEpb7′;

    Next, search for this parameter $Conf{CgiAdminUsers} and add backuppc. You should have something like this:
    $Conf{CgiAdminUsers} = ‘backuppc’;

  15. This time, edit the Apache configuration file.
    nano /etc/httpd/conf/httpd.conf 

    Changes should reflect these changes:
    User backuppc
    Group apache
    ServerName actual_server_hostname_or_IP_Address:80
    (e.g. ServerName 172.27.10.25:80)

  16. Now, the secret that made the BackupPC web interface work:
    iptables -I INPUT -p tcp –dport 80 -j ACCEPT
    /sbin/service iptables save 

    Just to make sure the firewall entry was saved, we verify.
    cat /etc/sysconfig/iptables. Result below:

    # Generated by iptables-save v1.4.7 on Mon Oct 15 15:57:49 2012
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [4:464]
    -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
    -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
    -A INPUT -j REJECT –reject-with icmp-host-prohibited
    -A FORWARD -j REJECT –reject-with icmp-host-prohibited
    COMMIT
    # Completed on Mon Oct 17 15:57:49 2012

  17. We now are nearing completion, let’s start the services.
    service httpd start
    service backuppc start 
  18. The finale, access the BackupPC web interface. 

    http://backuppc_server_hostname/BackupPC

Allowing FTP with IPTables

Here’s the document I refer people to so that they can following the FTP protocol:http://slacksite.com/other/ftp.html

  • To do active-mode FTP, you need to allow incoming connections to TCP port 21 and outgoing connections from port 20.
  • To do passive-mode FTP, you need to allow incoming connections to TCP port 21 and incoming connections to a randomly-generated port on the server computer (necessitating using a conntrack module in netfilter)

You don’t have anything re: your OUTPUT chain in your post, so I’ll include that here, too. If your OUTPUT chain is default-drop then this matters.

Add these rules to your iptables configuration:

iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT

To support passive mode FTP, then, you need to load the ip_conntrack_ftp module on boot. Uncomment and modify the IPTABLES_MODULES line in the /etc/sysconfig/iptables-config file to read:

IPTABLES_MODULES="ip_conntrack_ftp"

Save the iptables config and restart iptables.

service iptables save
service iptables restart

To completely rule out VSFTPD as being a problem, stop VSFTPD, verify that it’s not listening on port 21 with a “netstat -a” and then run a :

nc -l 21

This will start netcat listening on port 21 and will echo input to your shell. From another host, TELNET to port 21 of your server and verify that you get a TCP connection and that you see output in the shell when you type in the TELNET connection.

Finally, bring VSFTPD back up, verify that it is listening on port 21, and try to connect again. If the connection to netcat worked then your iptables rules are fine. If the connection to VSFTPD doesn’t work after netcat does then something is wrong w/ your VSFTPD configuration.