Pages

Thursday, May 16, 2013

Atomic mod security rules

ConfigServer ModSecurity Control provides an easy way of monitoring which rules are being triggered on the server in real time but more importantly, you can whitelist certain rules either globally accross the entire server or on a per account/domain basis if some of the rules conflict with a particular script or functionality (e.g. FrontPage). To install CMC, run the following:

rm -fv cmc.tgz

wget http://www.configserver.com/free/cmc.tgz
tar -xzf cmc.tgz
cd cmc
sh install.sh
cd ..
rm -Rfv cmc/ cmc.tgz
If you log in to WHM you will now see “ConfigServer ModSec Control” under “Plugins”. It’s important that you click on it because when it’s run the first time, it will create the file “modsec2.whitelist.conf” if it doesn’t already exist. If that file doesn’t exist then you’ll find Apache won’t start when we come to the end of this guide. Also while you’re here, click on “Disable modsecparse.pl”. This will disable the cPanel cron job that processes and empties the mod_security log, allowing you to use the log watching tool built in to CMC.

As to help our VPS and Dedicated Server customers who might also be effected by this we have designed the following guide to make installing Atmoic Mod Security into cPanel with little to no fuss.

Stage 1: Run the following commands at command line:

mkdir /var/asl
mkdir /var/asl/tmp
mkdir /var/asl/data
mkdir /var/asl/data/msa
mkdir /var/asl/data/audit
mkdir /var/asl/data/suspicious
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
mkdir /var/asl/updates
mkdir /var/asl/rules/
mkdir /var/asl/rules/clamav
mkdir /etc/asl/
touch /etc/asl/whitelist
cd /usr/local/src/
wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz
tar zxvf modsec-2.7-free-latest.tar.gz
mkdir /usr/local/apache/conf/modsec_rules/
cp modsec/* /usr/local/apache/conf/modsec_rules/
These command will create the required directory’s and download the latest free version of the Atomic Mod Security rules. It will also directly install them into the location of Apache designed for cPanel and configure the permission.

Stage 2: Configure cPanel to use the Mod Security Rules

In this stage, you can do everything from WHM as long as you have Mod Security already installed as part of your EasyApache build. If you do not, you will need to rebuild apache with Mod Security.

In go to: WHM -> Plugins -> Mod Security and then click: Edit Config

In this section, delete all the current content and then paste in the following configuration:

SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial

Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec2.whitelist.conf
Save this and restart Apache.

This should now have successfully installed the Atomic mod security rules into cPanel which are a much more secure rule base and include extra protection which is important for the latest hacks.

Testing

http://YOUR_HOST/foo.php?foo=http://www.example.com

should give 403

Sunday, May 12, 2013

odbctest.php test page

--- begin odbctest.php---
<?
// connect to DSN MSSQL with a user and password
$connect = odbc_connect("MSSQLServer", "username", "password") or die
("couldn't connect");
odbc_exec($connect, "use Northwind");
$result = odbc_exec($connect, "SELECT CompanyName, ContactName " .
"FROM Suppliers");
while(odbc_fetch_row($result)){
print(odbc_result($result, "CompanyName") .
' ' . odbc_result($result, "ContactName") . "<br>\n");
}
odbc_free_result($result);
odbc_close($connect);
?>
--- end odbctest.php --

GRsec patched kernel install

Fetch the sources:

Download kernel from kernel.org

#wget http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/linux-2.6.32.51.tar.gz

Downlaod latest Grsecurity patch from below URL :

#wget http://grsecurity.net/stable/grsecurity-2.2.2-2.6.32.51-201201021326.patch

Extract:
tar xjf linux-2.6.32.51.tar.gz

Patch the kernel:

#cd linux-2.6.32.51

#patch -p1 < ../grsecurity-2.2.2-2.6.32.51-201201021326.patch

Now start making the kernel :

# make clean && make mrproper

Edit your kernel as per your need :

# make menuconfig

Compile your kernel and install it:

# make bzImage

# make modules

# make modules_install

Make sure it’s working ok with the help of following command :

# depmod 2.6.32.51-grsec

Installing and booting the new kernel :

# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.32.51-grsec

There is also a file called “System.map” that must be copied to the same boot directory.

# cp System.map /boot

Do not forget to make changes in /etc/grub.conf

also go to grub prompt after this and fire below command :

# grub > savedefault –-default=0 –-once

Now reboot server :

#Shutdown -r now.

FFmpeg

Download all the files needed

cd /usr/local/src
wget http://www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
wget http://rubyforge.org/frs/download.php/17497/flvtool2-1.0.6.tgz
wget http://easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.0.tbz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz
wget http://ftp.penguin.cz/pub/users/utx/amr/amrnb-7.0.0.2.tar.bz2
wget http://ftp.penguin.cz/pub/users/utx/amr/amrwb-7.0.0.3.tar.bz2
wget http://downloads.xiph.org/releases/theora/libtheora-1.0beta3.tar.gz

Extract all the files

tar zxvf lame-3.97.tar.gz
tar zxvf libogg-1.1.3.tar.gz
tar zxvf libvorbis-1.2.0.tar.gz
tar zxvf flvtool2-1.0.6.tgz
tar jxvf essential-20071007.tar.bz2
tar jxvf ffmpeg-php-0.5.0.tbz2
bzip2 -cd amrnb-7.0.0.2.tar.bz2 | tar xvf -
bzip2 -cd amrwb-7.0.0.3.tar.bz2 | tar xvf -
tar zxvf libtheora-1.0beta3.tar.gz

We need a codec directory

mkdir /usr/local/lib/codecs/

Install Ruby on Rails, subversion & ncurses

apt-get install subversion ruby libcurses-ruby

Run some SVN queries

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
cd /usr/local/src/mplayer
svn update

Copy Codecs for mplayer

mkdir /usr/local/lib/codecs
mv /usr/local/src/essential-20071007/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/

We also need to secure the tmp directory

mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp

Install lame

cd /usr/local/src/lame-3.97
./configure
make && make install

Install libogg

cd /usr/local/src/libogg-1.1.3
./configure && make && make install

Install libvorbis

cd /usr/local/src/libvorbis-1.2.0
./configure && make && make install

Install flvtool2

cd /usr/local/src/flvtool2-1.0.6/
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install

Install mplayer & mencoder

cd /usr/local/src/mplayer
./configure –enable-jpeg
make && make install

Install AMR (for 3gp conversion)

cd /usr/local/src/amrnb-7.0.0.2
./configure
make && make install

cd /usr/local/src/amrwb-7.0.0.3
./configure
make && make install

Install libtheora (for ogg video encoding)

cd /usr/local/src/libtheora-1.0beta3
./configure
make && make install

Install ffmpeg

cd /usr/local/src/ffmpeg/
./configure –enable-libmp3lame –enable-libogg –enable-libvorbis –disable-mmx –enable-shared –enable-amr-nb –enable-libtheora

Saturday, May 11, 2013

MSSQL Connection Testpage

<?php
$Server = "localhost";
$User = "your_name";
$Pass = "your_password";
$DB = "examples";

//connection to the database
$dbconn = mssql_connect($Server, $User, $Pass)
or die("Couldn't connect to SQL Server on $Server");

//select a database to work with
$selected = mssql_select_db($DB, $dbconn)
or die("Couldn't open database $myDB");

//declare the SQL statement that will query the database
$query = "SELECT name from test ";

//execute the SQL query and return records
$result = mssql_query($query);

$numRows = mssql_num_rows($result);
echo "<h1>" . $numRows . " Row" . ($numRows == 1 ? "" : "s") . " Returned </h1>";

//display the results
while($row = mssql_fetch_array($result))
{
echo "<br>" . $row["name"];
}
//close the connection
mssql_close($dbconn);
?>

Friday, May 10, 2013

FFMPEG on CentOS 6 cPanel Server

FFMPEG on CentOS 6 cPanel server




This article describes installation of ffmpeg, flvtool2, mplayer, mencoder, MP4Box, ffmpeg-php and many other video conversion tools on a CentOS 6 server with cPanel hosting control panel.

1. Enable SubHosting.net and EPEL yum repositories

The CentOS 6 RPM packages of ffmpeg, mplayer and MP4Box packages are available on Subhosting.net. These RPM packages are copied from ATrpms and RPM Fusion YUM repositories for a simplified installation.

Some packages on Subhosting.net YUM repo depend on EPEL repo. To enable EPEL repo, install the epel-release RPM package:


rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm


To enable SubHosting.net YUM repository, create the file /etc/yum.repos.d/subhosting.repo and add following repository configuration:


[SubHosting]
name=SubHosting Packages CentOS 6 - $basearch
baseurl=http://dl.subhosting.net/yumrepo/centos/6/$basearch/
enabled=1
gpgcheck=0


Note: with following 'yum' commands, use the switch --exclude "*.i386" on 64-bit systems so as to avoid installing 32-bit packages along with 64-bit packages. Of course, DO NOT use this switch on 32-bit systems.

2. Install ffmpeg mplayer and mencoder

Install these packages using following yum command:


yum install ffmpeg mplayer


Note: there is no separate package for mencoder. It is also provided by mplayer package.

This will also install various dependency packages like libtheora, libvorbis, libogg, lame, opencore-amr, x264, xvidcore etc.

3. Install flvtool2

cPanel has its own ruby installer script. So install ruby using following cPanel script:


/scripts/installruby


Flvtool2 is available as a Ruby Gems package. Use following gem command to install flvtool2:


gem install flvtool2


4. Install MP4Box2

MP4Box is provided by gpac package. Install gpac and its library packages:


yum install gpac gpac-libs


5. Install ffmpeg-php

Ffmpeg-php requires ffmpeg development package. Install it using yum:


yum install ffmpeg-devel


Now download the latest ffmpeg-php package:


wget http://downloads.sourceforge.net/ffmpeg-php/ffmpeg-php-0.6.0.tbz2


Untar this package, build and install it with following commands:


tar xjf ffmpeg-php-0.6.0.tbz2
cd ffmpeg-php-0.6.0
sed -i ‘s/PIX_FMT_RGBA32/PIX_FMT_RGB32/g’ ffmpeg_frame.c
phpize
./configure
make
make install


The make install command will show PHP extensions path where ffmpeg PHP extension is installed:


root@server [~/ffmpeg-php-0.6.0]# make install
Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20060613/


Now edit php.ini file (/usr/local/lib/php.ini) and make sure that value of extension_dir is set to PHP extension directory as given by above make install command:


extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613"


Add following line just below extension_dir and this will enable ffmpeg PHP extension:


extension="ffmpeg.so"


Restart Apache to make this change effective:


/scripts/restartsrv_httpd


You can verify the status of ffmpeg extension on a PHP info web page or from command line as given below:


root@server [~]# php -i | grep ffmpeg
ffmpeg
ffmpeg-php version => 0.6.0-svn
ffmpeg-php built on => Jun 2 2012 20:48:04
ffmpeg-php gd support => enabled
ffmpeg libavcodec version => Lavc52.123.0
ffmpeg libavformat version => Lavf52.111.0
ffmpeg swscaler version => SwS0.14.1
ffmpeg.allow_persistent => 0 => 0
ffmpeg.show_warnings => 0 => 0
OLDPWD => /root/ffmpeg-php-0.6.0
_SERVER["OLDPWD"] => /root/ffmpeg-php-0.6.0
_ENV["OLDPWD"] => /root/ffmpeg-php-0.6.0


6. Installation paths

Following are the file system paths of tools that we installed:


ffmpeg: /usr/bin/ffmpeg
mplayer: /usr/bin/mplayer
mencoder: /usr/bin/mencoder
flvtool2: /usr/bin/flvtool2
MP4Box: /usr/bin/MP4Box


Installing ffmpeg-php

Installing ffmpeg-php

Now we are ready to install ffmpeg-php. This can be done in six easy steps:

Download the latest ffmpeg-php release

http://sourceforge.net/projects/ffmpeg-php/files/ffmpeg-php/

Extract the archive:
tar -xjf ffmpeg-php-X.x.x.tbz2
cd ffmpeg-php-X.x.x/
phpize
./configure && make
sudo make install

ffmpeg installation centos

Install FFmpeg on CentOS or RedHat EL 6.x

The following install steps have been proven to work on RedHat Enterprise Linux 6.2. You can check which version you are running with

cat /etc/redhat-release
Additionally, we assume that you are connected and registered with the Red Hat network and/or updated the system with the latest updates from the repositories.

Follow this guide step by step!

Install the additional repo

rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Update repository

yum -y update
Install all necessary packages

yum install SDL-devel a52dec a52dec-devel alsa-lib-devel faac faac-devel faad2 faad2-devel
yum install freetype-devel giflib gsm gsm-devel imlib2 imlib2-devel lame lame-devel libICE-devel libSM-devel libX11-devel
yum install libXau-devel libXdmcp-devel libXext-devel libXrandr-devel libXrender-devel libXt-devel
yum install id3tag-devel libogg libvorbis vorbis-tools mesa-libGL-devel mesa-libGLU-devel xorg-x11-proto-devel xvidcore xvidcore-devel zlib-devel
yum install amrnb-devel amrwb-devel
yum install libtheora theora-tools
yum install glibc gcc gcc-c++ autoconf automake libtool
yum install ncurses-devel
yum install libdc1394 libdc1394-devel
yum install yasm nasm
yum install libvpx*
yum install git-core
yum install opencore-amr-devel
Install the essential codecs

wget http://www8.mplayerhq.hu/MPlayer/releases/codecs/all-20110131.tar.bz2
bunzip2 all-20110131.tar.bz2; tar xvf all-20110131.tar

mkdir /usr/local/lib/codecs/
mkdir /usr/local/lib64/codecs/
cp all-20110131/* /usr/local/lib/codecs/
cp all-20110131/* /usr/local/lib64/codecs/
chmod -R 755 /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib64/codecs/
Install LibOgg

wget http://downloads.xiph.org/releases/ogg/libogg-1.3.0.tar.gz
tar xzvf libogg-1.3.0.tar.gz
cd libogg-1.3.0
./configure
make
make install
Install Libvorbis

wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.3.3.tar.gz
tar xzvf libvorbis-1.3.3.tar.gz
cd libvorbis-1.3.3
./configure
make
make install
Install Libtheora

wget http://downloads.xiph.org/releases/theora/libtheora-1.1.1.tar.gz
tar xzvf libtheora-1.1.1.tar.gz
cd libtheora-1.1.1
./configure
make
make install
Install Libvpx

git clone http://git.chromium.org/webm/libvpx.git
cd libvpx
./configure --enable-shared --extra-cflags=-fPIC
make
make install
Install Aacenc

wget http://downloads.sourceforge.net/opencore-amr/vo-aacenc-0.1.2.tar.gz
tar xzvf vo-aacenc-0.1.2.tar.gz
cd vo-aacenc-0.1.2
./configure --enable-shared
make
make install
Install X264

git clone git://git.videolan.org/x264.git
cd x264
./configure --enable-shared --extra-cflags=-fPIC --extra-asflags=-D__PIC__
make
make install
Note: (Sometimes the network might be down. Then you can also grab it via wget at ftp://ftp.videolan.org/pub/videolan/x264/snapshots/last_stable_x264.tar.bz2)

Configure Libraries

export LD_LIBRARY_PATH=/usr/local/lib/
echo /usr/local/lib > /etc/ld.so.conf.d/custom-libs.conf
ldconfig
Compile FFmpeg (the configure options have to be on one line)

git clone git://source.ffmpeg.org/ffmpeg.git
cd ffmpeg
git checkout n1.2
./configure --enable-version3 --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvpx --enable-libfaac \
--enable-libmp3lame --enable-libtheora --enable-libvorbis --enable-libx264 --enable-libvo-aacenc --enable-libxvid --disable-ffplay \
--enable-shared --enable-gpl --enable-postproc --enable-nonfree --enable-avfilter --enable-pthreads --extra-cflags=-fPIC
make
make install
(The --arch=x86_64 option should only be used if you are on a 64Bit System!)

You can also use their Github repository at https://github.com/FFmpeg/FFmpeg.git.

That's it. This should give you a full functional FFMpeg installation for Razuna. Test it now with;

ffmpeg
This should give you the following back (yours might vary a bit);

FFmpeg version SVN-r20525, Copyright (c) 2000-2009 Fabrice Bellard, et al.
configuration: --enable-gpl --enable-nonfree --enable-postproc --enable-libfaad --enable-avfilter
--enable-pthreads --enable-libxvid --enable-libx264 --enable-libmp3lame --enable-libfaac
--disable-ffserver --disable-ffplay --enable-libamr-nb --enable-libamr-wb --enable-libtheora
--enable-libvorbis --disable-ffplay --enable-shared
libavutil 50. 4. 0 / 50. 4. 0
libavcodec 52.39. 0 / 52.39. 0
libavformat 52.39. 2 / 52.39. 2
libavdevice 52. 2. 0 / 52. 2. 0
libavfilter 1. 8. 0 / 1. 8. 0
libswscale 0. 7. 1 / 0. 7. 1
libpostproc 51. 2. 0 / 51. 2. 0
Try to convert a movie with;

ffmpeg -i movie.mov -vcodec libx264 -vpre hq -acodec libfaac movie.mp4

http://ffmpeg.org/trac/ffmpeg/wiki/CentosCompilationGuide

http://wiki.razuna.com/display/ecp/FFMpeg+Installation+on+CentOS+and+RedHat

Sunday, May 5, 2013

Memcached installation

http://www.sohailriaz.com/how-to-install-memcached-with-memcache-php-extension-on-centos-5x/

1) Install memcached.

Enable rpmforge respository to install latest memcached rpm using yum.

For i386 / i686

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

For x86_64

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Use yum to install memcached

yum -y install memcached

As soon as memcached installation completed, edit options for memcached in /etc/sysconfig/memcached to meet your need.

vi /etc/sysconfig/memcached

PORT=”11211″ #define on which port to urn

USER=”nobody” #same as apache user

MAXCONN=”1024″ #maximum number of connections allowed

CACHESIZE=”64″ #memory used for caching

OPTIONS=”" #use for any custom options

Save the file. All options can be seen by using following command

memcached -h

Start memcached

/etc/init.d/memcached start

Starting Distributed memory caching (memcached): [ OK ]

to check the running status of memcached

/etc/init.d/memcached status

memcached (pid 6475) is running…

and

netstat -anp | grep 11211

tcp 0 0 :::11211 :::* LISTEN 6475/memcached

udp 0 0 0.0.0.0:11211 0.0.0.0:* 6475/memcached

2) Install PHP Extension.

Download and install latest stable memcache version from PECL.

cd /usr/src

wget http://pecl.php.net/get/memcache-2.2.5.tgz

tar zxvf memcache-2.2.5.tgz

cd memcache-2.2.5

phpize

./configure

make

make install

memcache.so will be install in php modules directory, now enable memcache.so extension in php.ini

To find out your php.ini location, execute following command

php -i | grep php.ini

Configuration File (php.ini) Path => /usr/local/lib

Loaded Configuration File => /usr/local/lib/php.ini

vi /usr/local/lib/php.ini

extension = “memcache.so”

save the file and restart httpd server.

/etc/init.d/httpd restart

To check is memcache extension loaded in php, execute following command.

php -i | grep memcache

memcache

memcache support => enabled

memcache.allow_failover => 1 => 1

memcache.chunk_size => 8192 => 8192

memcache.default_port => 11211 => 11211

memcache.default_timeout_ms => 1000 => 1000

memcache.hash_function => crc32 => crc32

memcache.hash_strategy => standard => standard

memcache.max_failover_attempts => 20 => 20

Registered save handlers => files user sqlite memcache

PWD => /usr/src/memcache-2.2.5

_SERVER["PWD"] => /usr/src/memcache-2.2.5
_ENV["PWD"] => /usr/src/memcache-2.2.5

Friday, May 3, 2013

Setting password for mysql user in .my.cnf

Setting password for mysql user in .my.cnf

Sometimes you want automated access for root on your MySQL database. One way of accomplishing that is by doing this:

# cd /root
# touch .my.cnf
# chmod 640 .my.cnf

And put in it:

[client]
user=root
password=<password of mysql root user>
Once you have done the following steps, the root user can login to mysql as root user without giving password.
root@server [~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 749
Server version: 5.1.68-cll MySQL Community Server (GPL)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

mysql>

Hide Apache, PHP and Bind Versions

Hide Apache, PHP and Bind Versions
To Check Apache Version:

By default, Apache will send version and modules information like mod_php, mod_perl, mod_ssl in every HTTP header.

If you want to view Apache web server version and sofware of a remote server, follow this procedure.

# telnet example.com 80

Trying example.com...
Connected to example.com.
Escape character is ‘^]'.
HEAD / HTTP/1.0 <- after this press 2 times ENTER
HTTP/1.1 200 OK
Date: Sun, 07 Oct 2012 12:57:57 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 JRun/4.0
Last-Modified: Tue, 03 Jan 2012 11:41:16 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Connection closed by foreign host.

In the above example it is showing all the details about your web server and php this is not recommended for security reasons.We need to hide this information with the following procedure.
To Hide Apache Information:
To hide the information, add the following two apache directives in Apache configuration file, (httpd.conf or apache2.conf)

ServerTokens ProductOnly

ServerSignature Off

# /etc/init.d/httpd restart

Now the output for apache header looks like below

Server: Apache
To Hide PHP Version Details

Locate php.ini loaded in the server.

Change the following option in php.ini

expose_php On

to

expose_php Off

# /etc/init.d/httpd restart
To Hide BIND Version
You can check the Bind version of a server by using the following command.

# dig +short @XXX.XXX.XXX.XXX -c CH -t txt version.bind
"9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.4"

To hide your version of bind, change the version value in named.conf as like the following.
You can give any string for the version.

options {
directory "/var/named";
version "We Just Hide It";
};

# dig +short @XXX.XXX.XXX.XXX -c CH -t txt version.bind
"We Just Hide It"

Complile and install PHP from source

Complile and install PHP from source

You can follow the steps shown below to install PHP5.2.x , PHP5.3.x and PHP5.4.x . You can download and install the desired PHP version. Please reade the Important notes before starting the installation.

Here i am using Centos 5.8 64 bit to install PHP. It will work in all the other CentOS 64 bit versions. In the 32 bit OS, there will be corresponding changes in yum install packages. You have to make sure that the installing packages are for 32 bit or not.

I have followed the steps in the following urls to setup LAMP server, i have tested and verified installation by following the steps described in there.

http://linuxadmintips4u.blogspot.in/2012/07/configure-apache.html

http://linuxadmintips4u.blogspot.in/2012/07/configuration-of-mysql.html
PHP
Important Notes:

***If you are using Apache2.4.x with PHP, it is recommanded PHP version above 5.3.x. There some complilation errors in using PHP5.2.x. There are some module mismatches in Apache2.4.x with PHP5.2.x.

***If you are planning to install SUPHP, there some changes in PHP complilation in PHP5.2.x and PHP5.3.x. If you are using PHP5.4.x, you can use the same installation as descripbed below.

***If you are using Apache2.4.x, it is not possible to install SUPHP with any of the PHP versions with the suphp-0.7.1. I am awaiting for the next version of suphp.

***You can follow the below url to install SUPHP in PHP5.2.x , PHP5.3.x and PHP5.4.x .
Installation

[root@vps ~]# cd /usr/local/src/

Download one of the following PHP packages and extract the packges as per the selected packages.

[root@vps src]# wget http://in1.php.net/distributions/php-5.2.17.tar.gz
or
[root@vps src]# wget http://in1.php.net/distributions/php-5.3.24.tar.gz
or
[root@vps src]# wget http://in1.php.net/distributions/php-5.4.14.tar.gz
[root@vps src]# tar -xzf php-5.2.17.tar.gz
[root@vps src]# cd php-5.2.17

Create a script, configure.sh with the following contents. I have tested the following script with all the versions of PHP and it is working fine for me.

#================================================================
#!/bin/bash

"./configure" \
"--prefix=/usr/local/php" \
"--with-apxs2=/usr/local/apache/bin/apxs" \
"--with-config-file-path=/usr/local/apache/conf" \
"--disable-debug" \
"--disable-rpath" \
"--enable-inline-optimization" \
"--enable-sockets" \
"--enable-wddx" \
"--enable-calendar" \
"--enable-ftp" \
"--enable-mbstring=all" \
"--enable-dom" \
"--enable-mbregex" \
"--enable-bcmath" \
"--with-openssl" \
"--with-kerberos" \
"--with-mcrypt" \
"--with-curl" \
"--with-gd" \
"--with-zlib-dir=/usr/lib" \
"--with-jpeg-dir=/usr/lib" \
"--with-png-dir=/usr/lib" \
"--with-freetype-dir=/usr/lib" \
"--with-regex=system" \
"--with-gettext" \
"--with-bz2" \
"--with-iconv" \
"--with-layout=GNU" \
"--with-imap=/usr/local/src/imap-2007f" \
"--with-imap-ssl" \
"--enable-soap" \
"--with-snmp" \
"--with-libdir=lib64" \
"--with-mysql=/usr/local/mysql" \
"--with-pdo-mysql"

#================================================================

[root@vps php-5.2.17]# chmod +x configure.sh
[root@vps php-5.2.17]# sh configure.sh

[root@vps php-5.2.17]# make
[root@vps php-5.2.17]# make install

Once the installation completed, create the following link to use the php command directly in terminal.

[root@vps ~]# ln -s /usr/local/php/bin/php /usr/bin/php

Once you done the above steps, check the version of PHP using the following command

[root@vps ~]# php -v
The above compilation command will enable the following modules. You can remove unwanted php modules from the compilation step. You may encounter errors while the compilation. All the errors which i got is added in the 'Possible Error' section at the end of this article. Please check there if you encountered an error during complilation.

Modules Installed During Installation
bcmath bz2 calendar Core ctype curl date dom filter ftp gd gettext hash iconv imap json libxml mbstring mcrypt mime_magic mysql openssl pcre PDO pdo_mysql pdo_sqlite posix Reflection session SimpleXML snmp soap sockets SPL SQLite standard tokenizer wddx xml xmlreader xmlwriter zlib
Possible Errors
I got the following errors while installing php with above modules and the solution i have given fixed those errors.

Compile Time Errors:

Error:
checking libxml2 install dir... no
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2 installation.

Solution:
[root@vps php-5.2.17]# yum install libxml2-devel -y

-------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: Cannot find OpenSSL's <evp.h>

Solution:
[root@vps php-5.2.17]# yum install openssl-devel -y

-------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: Please reinstall the BZip2 distribution

Solution:
[root@vps php-5.2.17]# yum install bzip2-devel.x86_64 -y

--------------------------------------------------------------------------------------------------------------------------------------------------

Error:
checking for cURL in default path... not found
configure: error: Please reinstall the libcurl distribution

Solution:
[root@vps php-5.2.17]# yum install curl-devel.x86_64 -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: libjpeg.(a|so) not found.

Solution:
[root@vps php-5.2.17]# yum install libjpeg-devel.x86_64 -y

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: libpng.(a|so) not found.

Solution:
[root@vps php-5.2.17]# yum install libpng-devel.x86_64 -y

----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: freetype.h not found.

Solution:
[root@vps php-5.2.17]# yum install freetype-devel.x86_64 -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
checking OpenSSL dir for SNMP... no
checking whether to enable UCD SNMP hack... no
checking for net-snmp-config... no
configure: error: snmp.h not found. Check your SNMP installation

Solution:
[root@vps php-5.2.17]# yum install net-snmp-devel -y

-----------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: mcrypt.h not found. Please reinstall libmcrypt

Solution:
[root@vps php-5.2.17]# yum install libmcrypt.x86_64 libmcrypt-devel.x86_64 -y

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing. This should not happen. Check config.log for additional information.

Solution:

Install imap using the script described in the following url.

http://linuxadmintips4u.blogspot.in/2013/04/error-utf8mime2text-has-new-signature.html

----------------------------------------------------------------------------------------------------------------------------------------

Error:
checking for specified location of the MySQL UNIX socket... no
checking for MySQL UNIX socket location... no
configure: error: Cannot find libmysqlclient_r under /usr/local/mysql.
Note that the MySQL client library is not bundled anymore!

Solution:

http://linuxadmintips4u.blogspot.in/2013/04/error-cannot-find-libmysqlclientr-under.html

--------------------------------------------------------------------------------------------------------------------------------------------

Errors in Make
Error:
/usr/bin/ld: cannot find -lltdl
collect2: ld returned 1 exit status
make: *** [libphp5.la] Error 1

Solution:

Here's what you need to do to fix this issue,
1.Verify that the libtool and libtool-ltdl packages are installed.
[root@vps php-5.2.17]# yum install libtool-ltdl.x86_64 libtool.x86_64 -y

2.Symlink libltdl.so to libltdl.so.x.x.x

PHP looks for the libltdl library only at (for x64 at least) /usr/lib64/libltdl.so. The symlink to this file is not included in the libtool packages,you'll have to make it yourself
[root@vps php-5.2.17]# cd /usr/lib64
[root@vps lib64]# ln -s libltdl.so.3.1.4 libltdl.so

Try once again...

------------------------------------------------------------------------------------------------------------------------------------------------

Error:
/usr/local/imap-2007f/lib/libc-client.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [libphp5.la] Error 1
Solution:

Install imap using the script described in the following url.

http://linuxadmintips4u.blogspot.in/2013/04/error-utf8mime2text-has-new-signature.html

Complile and install MYSQL

Complile and install MYSQL
Preliminary installations

[root@vps ~]# yum -y install ncurses-devel
Complile and install Mysql

[root@vps ~]# groupadd mysql
[root@vps ~]# useradd -r -g mysql mysql
[root@vps ~]# cd /usr/local/src/
[root@vps src]# wget http://downloads.mysql.com/archives/mysql-5.5/mysql-5.5.0-m2.tar.gz
[root@vps src]# tar -xzf mysql-5.5.0-m2.tar.gz
[root@vps src]# cd mysql-5.5.0-m2

[root@vps mysql-5.5.0-m2]# ./configure --prefix=/usr/local/mysql --localstatedir=/usr/local/mysql/data --disable-maintainer-mode --with-mysqld-user=mysql --with-unix-socket-path=/tmp/mysql.sock --without-comment --without-debug --without-bench

[root@vps mysql-5.5.0-m2]# make && make install

[root@vps mysql-5.5.0-m2]# ./scripts/mysql_install_db

[root@vps mysql-5.5.0-m2]# chown -R root:mysql /usr/local/mysql
[root@vps mysql-5.5.0-m2]# chown -R mysql:mysql /usr/local/mysql/data
-To set the proper ownership for the MySQL directories and data files, so that only MySQL (and root) can do anything with them.

***Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf /usr/local/mysql/etc/my.cnf ~/.my.cnf
[root@vps mysql-5.5.0-m2]# cp support-files/my-medium.cnf /etc/my.cnf
[root@vps mysql-5.5.0-m2]# chown root:sys /etc/my.cnf
[root@vps mysql-5.5.0-m2]# chmod 644 /etc/my.cnf
[root@vps ~]# cd /usr/local/mysql/bin
[root@vps ~]# for file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done
-To set up symlinks for all the MySQL binaries, so they can be run from anyplace without having to include/specify long paths.
Create Startup service for mysql
[root@vps ~]# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
***Do not issue the above command more than once.

[root@vps ~]# ldconfig
[root@vps ~]# cp ./support-files/mysql.server /etc/rc.d/init.d/mysql
[root@vps ~]# chmod +x /etc/rc.d/init.d/mysql
[root@vps ~]# chkconfig mysql on

You can now start/stop mysql using the following commands.

[root@vps ~]# /etc/rc.d/init.d/mysql start
[root@vps ~]# /etc/rc.d/init.d/mysql stop
***If you are encounter any problems in start and stop mysql, you can find the reason from the error log of mysql. Error log name is in the <hostname>.err format.
Here my server hostname is vps.arun.com and therefore the error log name og mysql is vps.arun.com.err . You can use find the error log in the var directory of mysql installation. Here in my case it is /usr/local/mysql/var/vps.arun.com.err.
You can set new mysql root password using the followiing command.
[root@vps ~]# mysqladmin -u root password <newpassword>

Notes:-

Error:
Configure: error: No curses termcap library found
Fix:
[root@vps mysql]# yum install ncurses-devel -y
Error:
Error in /usr/local/mysql/var/vps.arun.com.err
/usr/local/mysql/libexec/mysqld: File './mysql-bin.index' not found (Errcode: 13)
fix:
Change the ownership of var directory in mysql's installation directory, as like follows.
chown -R mysql:mysql /usr/local/mysql/var

Complile and install Apache

Complile and install Apache
Here i am explaining the steps to setup a LAMP server. I am hre using CentOS 5.8 64 bit to setup LAMP. There will be similar variations in other OS in LINUX. I think this will work in most of the CentOS versions.

Apache

Preliminary Checking Installations for Apache

In most of the CentOS installations httpd may be installed by default. It is better to remove those installation at first.

[root@vps ~]# rpm -q httpd
httpd-2.2.3-65.el5.centos

The following command will uninstall httpd-2.2.3-65.el5.centos rpm package.

[root@vps ~]# rpm -e httpd-2.2.3-65.el5.centos
It is needed to install the necessary compilers to use the make command. The following comand will help you to install the necessary packages.
[root@vps ~]# yum install gcc gcc-c++ -y
It is needed to Install APR and APR-UTIL packages to install Apache.

Install APR

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget http://apache.techartifact.com/mirror//apr/apr-1.4.6.tar.gz
[root@vps src]# tar -xzf apr-1.4.6.tar.gz
[root@vps src]# cd apr-1.4.6
[root@vps apr-1.4.6]# ./configure --prefix=/usr/local/apr
[root@vps apr-1.4.6]# make
[root@vps apr-1.4.6]# make install
Install APR-UTIL

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget http://apache.techartifact.com/mirror//apr/apr-util-1.5.2.tar.gz
[root@vps src]# tar -xzf apr-util-1.5.2.tar.gz
[root@vps src]# cd apr-util-1.5.2
[root@vps apr-util-1.5.2]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/bin/apr-1-config
[root@vps apr-util-1.5.2]# make
[root@vps apr-util-1.5.2]# make install

Compile and Install Apache 2.2.x

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget http://apache.techartifact.com/mirror//httpd/httpd-2.2.24.tar.gz
[root@vps src]# tar -xzf httpd-2.2.24.tar.gz
[root@vps src]# cd httpd-2.2.24

[root@vps httpd-2.2.24]# ./configure --prefix=/usr/local/apache --with-apr=/usr/local/apr/bin/apr-1-config --with-apr-util=/usr/local/apr-util/bin/apu-1-config --enable-ssl=/usr/include/openssl --enable-rewrite --enable-deflate --enable-suexec

*** You can check the option available for the configuration using the following command. As per your need, you can add new modules.

[root@vps httpd-2.2.24]# ./configure --help

[root@vps httpd-2.2.24]# make
[root@vps httpd-2.2.24]# make install

The following command will enable you to use use httpd command instead of giving full path of apachectl.

[root@vps httpd-2.2.24]# ln -s /usr/local/apache/bin/apachectl /usr/bin/httpd
Once you have done the above configuration and the creating the symbolic link, You can check the settings of Apache using the following commands.
[root@vps ~]# httpd -M
[root@vps ~]# httpd -V

Compile and Install Apache 2.4.4

***I have noted that in Apache 2.4.x, suphp-0.7.1 cannot compile with any of the php version. There no development in suphp after 2009-03-14. So i personally do not recommend Apache 2.4.x at this time.
***Also I have noted that there are some issues in Apache 2.4.x with PHP5.2.x. So think before using Apache 2.4.x in your server.

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget http://apache.techartifact.com/mirror//httpd/httpd-2.4.4.tar.bz2
[root@vps src]# tar -xjf httpd-2.4.4.tar.bz2
[root@vps src]# cd httpd-2.4.4

[root@vps httpd-2.4.4]# ./configure --prefix=/usr/local/apache --enable-load-all-modules --with-apr=/usr/local/apr/bin/apr-1-config --with-apr-util=/usr/local/apr-util/bin/apu-1-config --with-pcre=/usr/local/pcre/bin/pcre-config

[root@vps httpd-2.4.4]# make
[root@vps httpd-2.4.4]# make install

The following command will enable you to use use httpd command instead of giving full path of apachectl.

[root@vps httpd-2.2.24]# ln -s /usr/local/apache/bin/apachectl /usr/bin/httpd
Once you have done the above configuration and the creating the symbolic link, You can check the settings of Apache using the following commands.
[root@vps ~]# httpd -M
[root@vps ~]# httpd -V
Notes:-

It is needed to install pcre to install apache2.4.x. Locate if the 'pcre-config' is in your system. If it is not available, you will encounter the following error while the installation of Apache.

Error:
configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/

Fix:
============================================================================================

[root@vps ~]# cd /usr/local/src
[root@vps src]# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.32.tar.gz
[root@vps src]# tar -xzf pcre-8.32.tar.gz
[root@vps src]# cd pcre-8.32
[root@vps pcre-8.32]# ./configure --prefix=/usr/local/pcre
[root@vps pcre-8.32]# make
[root@vps pcre-8.32]# make install
============================================================================================

Create A startup Script for httpd
Create a file /etc/init.d/httpd with the following contents in it. You have to give the pid file location, httpd and apachectl correctly in the script to run the script.
Here in my case, these are the settings.

[root@vps ~]# locate httpd.pid
/var/run/httpd.pid

================================================================================
#!/bin/bash
#
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /var/run/httpd.pid
# config: /usr/local/apache/conf/httpd.conf

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache/bin/apachectl
httpd=/usr/local/apache/bin/httpd
pid=/var/run/httpd.pid
prog=httpd
RETVAL=0
# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $"Starting $prog: "
daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd $pid
}
reload() {
echo -n $"Reloading $prog: "
killproc $httpd -HUP
RETVAL=$?
echo
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f $pid ] ; then
stop
start
fi
;;
reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|reload|status"
echo $"|fullstatus|graceful|help|configtest}"
exit 1
esac

exit $RETVAL
================================================================================
[root@vps ~]# chmod +x /etc/init.d/httpd
[root@vps ~]# chkconfig --add httpd
[root@vps ~]# chkconfig httpd on

This will enable you to start and stop apache using the following commands

[root@vps ~]# /etc/init.d/httpd start
[root@vps ~]# /etc/init.d/httpd stop