Tuesday, January 29, 2013

Find and Delete Core Dumps using PHP and Shell

Linux sometimes dumps a huge file when a script crashes. These core files can build up and eat away valuable disk space. Some other methods of deleting core files will damage your server. Here are a few simple commands I use to find and delete these core dump files safely.

Deleting files on Linux can be dangerous – one wrong character can destroy important files. I read a few other methods of removing core files that will potentially delete important files while leaving the core dumps on disk. Do not use these methods. The problem is that they are looking for files named “core” with no extension. If you do this you’re just trashing system files and leaving the dump files behind.

Linux core dump file names look like “core.4324” – they have a four digit number as the extension. If your system has a different core dump format you’ll need to adjust these commands. We need a reliable way to find these files and only these files. We will need to find file names with the following criteria:

  • Must be a file – not a directory
  • Must begin with “core.”
  • Must have an extension of exactly four numbers

Linux find is a powerful tool, and with a little regular expression magic we can tackle all of these at once. Before deleting anything, we should do a test run with find to make sure we aren’t catching anything unwanted. Run the following find command to locate all core dump files in the current directory and all subdirectories.

Find all core dump files:
find . -type f -regex “.*/core.[0-9][0-9][0-9][0-9]$”
The regex in the above command matches the file name “core.xxxx” where “xxxx” is exactly four numbers 0-9. If the results look correct, we can delete all those dump files with the following command.

Find and delete all core dump files:
find . -type f -regex “.*/core.[0-9][0-9][0-9][0-9]$” -exec rm ;
The one downfall of this method is that it’s slower, since regular expressions take time to process. But this is a small price to pay for getting rid of these files in large numbers safely. If you see any errors with the above code or have any experiences to share please leave a comment below.

Source: http://gabrielharper.com/blog/2009/05/finding-deleting-linux-core-dump-files-safely/

Find and delete all core dump files in linux webserver using PHP and Shell script:

In this tutorial, I have used two scripts which was downloaded from internet and slightly modified. Using this two scripts, we can view and delete the core dump files by simply running the script through web browser. PHP script must be saved in the directory which consists of core dump files. Shell script must be saved in cgi-bin directory.

PHP Script: CoreDumpCheck.php
<html>
  <head>
    <title>Core Dump Checker</title>
    <style type=”text/css”>
      div a{font-size:12px;}
      .results{ border:1px solid #ccc; padding:2px; width:800px; height:400px; overflow:auto; }
    </style>
  </head>
<body>
<?php
// The purpose of this file is to help find out what is causing
// a core dump
echo “<h1>Scanning Directory for core dumps</h1>”;
echo “\n<h3><a href=’http://www.example.com/cgi-bin/core_dump.sh’>Click here to delete the dumps…</a></h3>”;
// grab a listing of current files in this directory
$file_list = scandir(getcwd());
// loop through the files, and print those that appear to be core files
foreach ($file_list as $key => $value)
{
  // is this a core file?
  if (substr($value,0,5) == “core.”)
  {
    // yes, this is a core file. print a link to it
    echo ” <div>
    <a href=’?core=$value’>$value</a>
    </div>
    “;
    // keep track of whether we found core files or not
    $found_core_file = true;
  }
}
// print a message if no core files are found
if (!$found_core_file)
{
  echo “<h2>No core dumps found.</h2>”;
}
// if the user clicks a core dump, show them the bdg results
//
// begin with some security checking
//
// does the string begin with “core.”?
if(substr($_GET[‘core’],0,5) == “core.”)
{
  // is the string after the . a string
  if(is_numeric(str_replace(“core.”,””,$_GET[‘core’])))
  {
    // doesn’t appear to be any hackish activity, scan the
    // core file and print the results
    $command = “gdb -c ” . $_GET[‘core’];
    echo ” <h2>RUNNING: $command</h2>
    <div class=’results’>
    <pre>” . shell_exec($command) . “</pre>
    </div>
    “;
    $command = “strings ” . $_GET[‘core’];
    echo ” <h2>RUNNING: $command</h2>
    <div class=’results’>
    <pre>” . shell_exec($command) . “</pre>
    </div>“;
  }
}
?>
</body>
</html>

SHELL Script: core_dump.sh
#!/bin/sh
#!/bin/bash
find /home/host/public_html -regex ‘.*/core.[0-9]*$’ -exec rm -f {} \;
echo “Content-type: text/html”
echo “”
echo ‘
<html>
  <head>
    <meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
    <title>Core Dump Deletion</title>
  </head>
  <body>
    <table width=”100%” height=”100%” cellspacing=”0″ cellpadding=”0″ border=”0″>
      <tr>
        <td align=”center” valign=”middle”>
          <h2>Core Dump Deleted Successfully!</h2>
        </td>
      </tr>
    </table>
  </body>
</html>’
exit 0

0 comments :

Post a Comment