Debugging On Linux – Strace & Cpanel

Last week, I went over the basics of strace and some very simple examples of it’s use. So this week I thought I would demonstrate a very useful use of strace in problematically duplicating the functions of cpanel’s WHM web interface. This will allow you to do anything WHM does through the browser via the command line or in a daemon.

The first thing we need to do is find out what the process ID is of the cpanel server process:

[root@rammstein ~]# ps fauwwx | grep cpsrvd

root      4083  0.0  0.1  17628  7576 ?        
S    00:28   0:01 cpsrvd - waiting for connections

There we go, so now we run the same strace command that we talk about last week with on variation, we are going to specify the -o option which will write all the traced commands to a file, rather than flooding our screen with them.

[root@rammstein ~]# strace -s 10000 -v -f -p 4083 
                    -o cpan.log

Then you go into WHM and run the function you want to know about, in my example here, I just ran the apache status function. Go back to your shell and ctrl C to end the strace.

Process 4083 attached - interrupt to quit
Process 19924 attached
Process 19925 attached
Process 19925 detached
Process 19924 detached
Process 4083 detached

Now, use less to open the file in a search able way, in less, just hit the / key to enter search mode and type in what you want to search for. In this case, we are searching for execv. Hit enter and it will take you to a line that looks something like this:

19925 execve("/usr/local/cpanel/whostmgr/bin/whostmgr2", ["/usr/local/cpanel/whostmgr/bin/whostmgr2", "./apachestatus"], ["PATH=/usr
bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin", "DOCUMENT_ROOT=/usr/local/cpanel
NSFER_ENCODING=", "SCRIPT_URI=scripts2/apachestatus", "HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLC
C1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; InfoPath.2; OfficeLiveConnector.1.0; it dept policy)", "HTTP_REFERER=http://rammstein.hi", "CONTENT_TYPE=", "HTTP_COOKIE=__utma=87959297.808540076.1193239699.1213644
247.1213802332.59; __utmz=87959297.1213287245.57.8.utmccn=(referral)||utmcct=/v2/index.html|utmcmd=referral;
logintheme=cpanel; whostmgrrelogin=no; whostmgrsession=closed", "HTTP_ACCEPT_CHARSET=", "HTTP_ACCEPT_ENCODING=gzip, deflate", "HTTP_
ACCEPT_LANGUAGE=en-us", "HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/, application/xaml+xml, application/x-ms-xbap, application/, application/, applicatio
n/msword, application/x-silverlight, application/x-shockwave-flash, */*", "", "SUBID=", "UPLIN
K=", "REMOTE_USER=root", "LOGIN_THEME=cpanel", "REMOTE_PASSWORD=__HIDDEN__", "", "PASS=*"]) = 0

Looks like a jumbled mess, but really it’s quite straight forward once you start to weed through it. First, you have the path to the executable. Then you have a set of brackets with first, the executable again, then the list of parameters sent to it. Next you have all the environment variables that were set at the time of execution. With that information we can accurately simulate the execution via the command line. Most of the environment variables can be ignored, as they are HTTP specific variables like request method, content length, query strings, http user agent, etc. Really, the most important one is “REMOTE_USER” and “CPANEL”. So we hop into our favorite text editor and type in:

#! /usr/bin/perl

use strict;
$ENV{'REMOTE_USER'} = 'root';
$ENV{'CPANEL'} = 'active';
system('/usr/local/cpanel/whostmgr/bin/whostmgr2', './apachestatus');

Save that somewhere where it can be executed and is safe. The /scripts directory works, though I like to keep my stuff separate from cpanel’s as much as possible. chmod it to 755 or something akin thereto and run it!

[root@rammstein ~]# ./

HTTP/1.0 200 OK
Connection: close
Server: whostmgr/11.23.2
Content-type: text/html

Web Host Manager 11.23.2 - Apache Server Status for
More HTML stuff, remember, this was for output to a browser!

Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8b DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/ Server at Port 80

It will output, generally, in HTML since WHM outputs to a browser. But with some regex’s and iterative perl functions, you can parse through that, extract the info you need, and dump the rest!

So there you have it! Using Strace you can find out exactly what cpanel is doing and thereby simulate it in the command line for programmatic usage.

Use it wisely.


Leave a Reply