Sunday, November 27, 2005, 12:10 AM - General applicable solutions
Symptom:
Uptime program returns wrong value, just a few days instead of the expected 500+ days of uptime.
Solution:
Request your uptime with 'last -xf /var/run/utmp runlevel'. This will return the real uptime of your machine.
| permalink |
Sunday, November 27, 2005, 12:07 AM - php
Intro
Installing php with modules which are not available in configure (--help for all options), can be troublesome. This is a howto to get ps and pslib running with support for png and jpeg without to many problems along the way.
Necessary software
- pslib
- php-4.4.1
- libjpeg + header files from your distribution installed
- libpng + header files from your distribution installed
From both grep the tar.bz2/tar.gz/rpmsource files. This manual assumes sources and not rpm binary distributions.
Compiling and installing pslib
Some very direct steps in getting this to work:
- Unpack the pslib-x.x.x.tar.?? file and cd into the directory.
- configure: ./configure --with-png=/usr/lib/libpng.so --with-jpeg=/usr/lib/libjpeg.so.
The libpng.so and libjpeg.so is probably not needed in the configure command, so ./configure --with-png=/usr/lib --with-jpeg=/usr/lib should work too.
If your libpng and libjpeg are installed in other locations than /usr/lib, use that other location!
You can verify that the Makefile for png/jpeg support is correct by opening the Makefile and looking for the following lines:
PNG_INCLUDEDIR = -I/usr/include
PNG_LIBDIR = -L/usr/lib
PNG_LIBS = -lpng
and:
JPEG_INCLUDEDIR = -I/usr/include
JPEG_LIBDIR = -L/usr/lib
JPEG_LIBS = -ljpeg
Last commands for pslib:
- make
- make install
Compiling and installing php
This setup is to support php with mysql, apache2, libxml, mcrypt, mhash and mbstring:
- Unpack php and cd into the directory
- configure: ./configure --prefix=/usr/local/php4 --with-apxs2=/usr/sbin/apxs2 --with-libxml-dir=/usr/local/lib --with-mysql=/opt/mysql --with-mysqli=/opt/mysql/bin/mysql_config --with-mcrypt=/usr/lib --with-mhash=/usr/lib --enable-mbstring
Alter the directories to the libraries so it matches your setup.
This has been compiled with mysql5 installed from binary install
Ofcourse other options can be added, uses ./configure --help to see all options (long list!)
To finish the install:
- make
- make install
The make install gives a note: run libtool --finish /somedirectory/libs. Since this directory is pretty random, make a libs diretory in your /usr/local/php4 directory (created with the prefix from configure, you can also use another directory):
- mkdir /usr/local/php4/libs
- cp libs/* /usr/local/php4/libs
- libtool --finish /usr/local/php4/libs
The make install can also give an error concerning the httpd.conf file: Just add the wanted line as a dummy, run make install again and hash out the dummy line after the install is finished.
This should result in a running php4 version with apache2 support.
This can be tested by opening a testpage with php in it.
Finally add php4/bin to your PATH so that both php and pear are easily accesible.
MySQL with php
In the php.ini file, not present on your system yet if you install from source, is the extensions section. This might contain a stub for mysql.so. mysql.so is not being used in this setup at all! The mysql support is compiled into the php executable completely, so erase extension=mysql.so if it exists.
Install ps
With the mentioned version of php, 4.4.1, ps will install by just typing 'pear install ps'. It is possible that some headers, or tools are missing (lex (part of flex), bison, others?). Install those parts, and ps will install correctly.
The software can be tested by running the example 'php draw.php' from the examples directory. Before this is possible, it is necessary to make three changes:
1) symlink the ps.so file in the extensions directory from php (for location see the php.ini file under extensions=)
2) Add in the php.ini file under [extensions]: extension=ps.so
3) Add the following line in the draw.php file: dl('ps.so');
This last part is the dynamic load of the ps.so module. If there are any errors (can nog be found/opened), adjust your symlinks so that ps.so can be found.
The setup from php as described here fails to load the module automatically, even though it is noted in the [extensions] section in the php.ini file.
Now run 'php draw.php'. type 'ls -al draw.ps' and open the draw.ps file with your favourite postscript viewer.
A possible problem you run into is the following:
Warning: ps_findfont(): PSlib warning: Could not open protusion file: Helvetica.pro in /home/norbert/ps-1.3.1/examples/draw.php on line 361
This is solved by creating a symlink to the Helvetica.afm file: 'ln -s Helvetica.afm Helvetica.pro'
Run the 'php draw.php' again, and the error is gone, and the draw.ps file is there.
In case you can not find the examples directory, download the ps-1.3.1.tgz file here, unpack and go to the examples directory.
In all the other cases you are going to use the postscript module, you will have to include the 'dl("ps.so");' line so it loads the module. Solutions for automatic load of modules which are not mentioned in the php configure file, is welcome norbert at hipersonik.com.
| permalink |
Saturday, November 26, 2005, 11:56 PM - php
For to me unknown reasons with php5 pear install mysql fails on the mysql client part. With the following line to compile php5 again from source, everything works fine (no use of pear anymore, just compile in mysql support):
./configure --prefix=/usr/local/php4 --with-apxs2=/usr/sbin/apxs2 --with-libxml-dir=/usr/local/lib --with-mysql=/opt/mysql --with-mysqli=/opt/mysql/bin/mysql_config --with-mcrypt=/usr/lib --with-mhash=/usr/lib --with-ps=shared --enable-mbstring --with-gd --with-zlib --with-jpeg --with-png --with-jpeg-dir=/usr/lib --cache-file=/dev/null
The possible remaining problem, which is easily solved with a symlink is that now mysql.sock is expected in /tmp. Create a symlink from your mysql.sock to /tmp and that will be solved too.
With this just took me under 3 minutes to get php5 running. I like to forget the 3 hours before that when I was just guessing where to look.
For support of other commonly used software --with-mcrypt=/usr/lib --with-mhash=/usr/lib --with-ps=shared --enable-mbstring --with-gd --with-zlib --with-jpeg --with-png --with-jpeg-dir=/usr/lib --cache-file=/dev/null are added. For all these packages, the development headers should be present in /usr/include of your other commonly accessible include directory.
--cache-file=/dev/null is convenient of the configure seems to work, but in reality does not really do the job correctly. It disables the configure cache, making it able for you to check the log to see if things really go the way you want them to go.
| permalink |
Saturday, November 26, 2005, 11:47 PM - SuSE
Compiling PWC module under SuSE 10:
You are getting an error:
make -C /lib/modules/2.6.13-15-default/source SUBDIRS=/home/norbert/pwc-10.0.9-rc1 modules
make[1]: Entering directory `/usr/src/linux-2.6.13-15'
Makefile:494: .config: No such file or directory
WARNING: Symbol version dump /usr/src/linux-2.6.13-15/Module.symvers<br>
is missing; modules will have no dependencies and modversions.
CC [M] /home/norbert/pwc-10.0.9-rc1/pwc-if.o
/bin/sh: scripts/basic/fixdep: No such file or directory
make[2]: *** [/home/norbert/pwc-10.0.9-rc1/pwc-if.o] Error 1
make[1]: *** [_module_/home/norbert/pwc-10.0.9-rc1] Error 2
make[1]: Leaving directory `/usr/src/linux-2.6.13-15'
make: *** [default] Error 2
The simple (bit crude fix):
Open the MakeFile in the pwc directory.
Erase the lines with SuSE detection, but leave the line with KSRC:<br>
KSRC := /lib/modules/$(KVER)/build
Type make, and the module builds (ofcourse, you should have the kernel sources on your system)
This fix works for pwc-10.0.7,8 and 9
| permalink |
Saturday, November 26, 2005, 11:42 PM - General applicable solutions
McAfee has a description of the worm but not a way to get rid of it in an efficient way, or how to protect your system.
Another description and name at symantec: Linux.Plupii
Protection against the worm
Symantec is helpfull: See point 4 of technical details
An update for the xmlrpc problem will solve the vulnerability there. Link for the version: Click here
For awstats version 6.4 and up is safe.
Webhints is supposed to be not vulnerable, however it is included in the worm. A second look at it would be a wise thing to do. If you run webhints, block the communication ports for this worm just to make sure. Blocking data from and to 62.101.193.244 (the worm download location) is also a good precaution.
Style of attack
It looks like the worm does attack only on the IP address of the server, not name based. The easiest protection, is not to link the IP address of the server to cgi-bin or one of the mentioned files. This is done most easily with a virtual host definition in the apache configuration. A redirect index.html or php (whatever has your preference) to the real website on the server is after that enough to stop the worm.
Getting rid of the worm
Delete the worm. The name of the worm is lupii, just fgrep. If you have the worm, block UDP port 7111 & 7222 on the firewall, and you will run safely with the worm, but with you in control.
Some easy to implement other protections
includer.cgi: Long time known to have vulnerabilities. An up to date version should do the trick, else you should not be using this script at all.
Disclaimer: This comes ofcourse without any warranties!
| permalink | related link |
Back
