ConfigServer ModSecurity Control provides an easy way of monitoring which rules are being triggered on the server in real time but more importantly, you can whitelist certain rules either globally accross the entire server or on a per account/domain basis if some of the rules conflict with a particular script or functionality (e.g. FrontPage). To install CMC, run the following:
rm -fv cmc.tgz
wget http://www.configserver.com/free/cmc.tgz
tar -xzf cmc.tgz
cd cmc
sh install.sh
cd ..
rm -Rfv cmc/ cmc.tgz
If you log in to WHM you will now see “ConfigServer ModSec Control” under “Plugins”. It’s important that you click on it because when it’s run the first time, it will create the file “modsec2.whitelist.conf” if it doesn’t already exist. If that file doesn’t exist then you’ll find Apache won’t start when we come to the end of this guide. Also while you’re here, click on “Disable modsecparse.pl”. This will disable the cPanel cron job that processes and empties the mod_security log, allowing you to use the log watching tool built in to CMC.
As to help our VPS and Dedicated Server customers who might also be effected by this we have designed the following guide to make installing Atmoic Mod Security into cPanel with little to no fuss.
Stage 1: Run the following commands at command line:
mkdir /var/asl
mkdir /var/asl/tmp
mkdir /var/asl/data
mkdir /var/asl/data/msa
mkdir /var/asl/data/audit
mkdir /var/asl/data/suspicious
chown nobody.nobody /var/asl/data/msa
chown nobody.nobody /var/asl/data/audit
chown nobody.nobody /var/asl/data/suspicious
chmod o-rx -R /var/asl/data/*
chmod ug+rwx -R /var/asl/data/*
mkdir /var/asl/updates
mkdir /var/asl/rules/
mkdir /var/asl/rules/clamav
mkdir /etc/asl/
touch /etc/asl/whitelist
cd /usr/local/src/
wget http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz
tar zxvf modsec-2.7-free-latest.tar.gz
mkdir /usr/local/apache/conf/modsec_rules/
cp modsec/* /usr/local/apache/conf/modsec_rules/
These command will create the required directory’s and download the latest free version of the Atomic Mod Security rules. It will also directly install them into the location of Apache designed for cPanel and configure the permission.
Stage 2: Configure cPanel to use the Mod Security Rules
In this stage, you can do everything from WHM as long as you have Mod Security already installed as part of your EasyApache build. If you do not, you will need to rebuild apache with Mod Security.
In go to: WHM -> Plugins -> Mod Security and then click: Edit Config
In this section, delete all the current content and then paste in the following configuration:
SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
Include /usr/local/apache/conf/modsec_rules/10_asl_antimalware.conf
Include /usr/local/apache/conf/modsec_rules/10_asl_rules.conf
Include /usr/local/apache/conf/modsec_rules/20_asl_useragents.conf
Include /usr/local/apache/conf/modsec_rules/30_asl_antispam.conf
Include /usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf
Include /usr/local/apache/conf/modsec_rules/60_asl_recons.conf
Include /usr/local/apache/conf/modsec_rules/99_asl_jitp.conf
Include /usr/local/apache/conf/modsec2.whitelist.conf
Save this and restart Apache.
This should now have successfully installed the Atomic mod security rules into cPanel which are a much more secure rule base and include extra protection which is important for the latest hacks.
Testing
http://YOUR_HOST/foo.php?foo=http://www.example.com
should give 403
Thursday, May 16, 2013
Sunday, May 12, 2013
odbctest.php test page
--- begin odbctest.php---
<?
// connect to DSN MSSQL with a user and password
$connect = odbc_connect("MSSQLServer", "username", "password") or die
("couldn't connect");
odbc_exec($connect, "use Northwind");
$result = odbc_exec($connect, "SELECT CompanyName, ContactName " .
"FROM Suppliers");
while(odbc_fetch_row($result)){
print(odbc_result($result, "CompanyName") .
' ' . odbc_result($result, "ContactName") . "<br>\n");
}
odbc_free_result($result);
odbc_close($connect);
?>
--- end odbctest.php --
GRsec patched kernel install
Fetch the sources:
Download kernel from kernel.org
#wget http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/linux-2.6.32.51.tar.gz
Downlaod latest Grsecurity patch from below URL :
#wget http://grsecurity.net/stable/grsecurity-2.2.2-2.6.32.51-201201021326.patch
Extract:
tar xjf linux-2.6.32.51.tar.gz
Patch the kernel:
#cd linux-2.6.32.51
#patch -p1 < ../grsecurity-2.2.2-2.6.32.51-201201021326.patch
Now start making the kernel :
# make clean && make mrproper
Edit your kernel as per your need :
# make menuconfig
Compile your kernel and install it:
# make bzImage
# make modules
# make modules_install
Make sure it’s working ok with the help of following command :
# depmod 2.6.32.51-grsec
Installing and booting the new kernel :
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.32.51-grsec
There is also a file called “System.map” that must be copied to the same boot directory.
# cp System.map /boot
Do not forget to make changes in /etc/grub.conf
also go to grub prompt after this and fire below command :
# grub > savedefault –-default=0 –-once
Now reboot server :
#Shutdown -r now.
Download kernel from kernel.org
#wget http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/linux-2.6.32.51.tar.gz
Downlaod latest Grsecurity patch from below URL :
#wget http://grsecurity.net/stable/grsecurity-2.2.2-2.6.32.51-201201021326.patch
Extract:
tar xjf linux-2.6.32.51.tar.gz
Patch the kernel:
#cd linux-2.6.32.51
#patch -p1 < ../grsecurity-2.2.2-2.6.32.51-201201021326.patch
Now start making the kernel :
# make clean && make mrproper
Edit your kernel as per your need :
# make menuconfig
Compile your kernel and install it:
# make bzImage
# make modules
# make modules_install
Make sure it’s working ok with the help of following command :
# depmod 2.6.32.51-grsec
Installing and booting the new kernel :
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.32.51-grsec
There is also a file called “System.map” that must be copied to the same boot directory.
# cp System.map /boot
Do not forget to make changes in /etc/grub.conf
also go to grub prompt after this and fire below command :
# grub > savedefault –-default=0 –-once
Now reboot server :
#Shutdown -r now.
FFmpeg
Download all the files needed
cd /usr/local/src
wget http://www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
wget http://rubyforge.org/frs/download.php/17497/flvtool2-1.0.6.tgz
wget http://easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.0.tbz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz
wget http://ftp.penguin.cz/pub/users/utx/amr/amrnb-7.0.0.2.tar.bz2
wget http://ftp.penguin.cz/pub/users/utx/amr/amrwb-7.0.0.3.tar.bz2
wget http://downloads.xiph.org/releases/theora/libtheora-1.0beta3.tar.gz
Extract all the files
tar zxvf lame-3.97.tar.gz
tar zxvf libogg-1.1.3.tar.gz
tar zxvf libvorbis-1.2.0.tar.gz
tar zxvf flvtool2-1.0.6.tgz
tar jxvf essential-20071007.tar.bz2
tar jxvf ffmpeg-php-0.5.0.tbz2
bzip2 -cd amrnb-7.0.0.2.tar.bz2 | tar xvf -
bzip2 -cd amrwb-7.0.0.3.tar.bz2 | tar xvf -
tar zxvf libtheora-1.0beta3.tar.gz
We need a codec directory
mkdir /usr/local/lib/codecs/
Install Ruby on Rails, subversion & ncurses
apt-get install subversion ruby libcurses-ruby
Run some SVN queries
svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
cd /usr/local/src/mplayer
svn update
Copy Codecs for mplayer
mkdir /usr/local/lib/codecs
mv /usr/local/src/essential-20071007/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/
We also need to secure the tmp directory
mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp
Install lame
cd /usr/local/src/lame-3.97
./configure
make && make install
Install libogg
cd /usr/local/src/libogg-1.1.3
./configure && make && make install
Install libvorbis
cd /usr/local/src/libvorbis-1.2.0
./configure && make && make install
Install flvtool2
cd /usr/local/src/flvtool2-1.0.6/
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install
Install mplayer & mencoder
cd /usr/local/src/mplayer
./configure –enable-jpeg
make && make install
Install AMR (for 3gp conversion)
cd /usr/local/src/amrnb-7.0.0.2
./configure
make && make install
cd /usr/local/src/amrwb-7.0.0.3
./configure
make && make install
Install libtheora (for ogg video encoding)
cd /usr/local/src/libtheora-1.0beta3
./configure
make && make install
Install ffmpeg
cd /usr/local/src/ffmpeg/
./configure –enable-libmp3lame –enable-libogg –enable-libvorbis –disable-mmx –enable-shared –enable-amr-nb –enable-libtheora
cd /usr/local/src
wget http://www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
wget http://rubyforge.org/frs/download.php/17497/flvtool2-1.0.6.tgz
wget http://easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.0.tbz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz
wget http://ftp.penguin.cz/pub/users/utx/amr/amrnb-7.0.0.2.tar.bz2
wget http://ftp.penguin.cz/pub/users/utx/amr/amrwb-7.0.0.3.tar.bz2
wget http://downloads.xiph.org/releases/theora/libtheora-1.0beta3.tar.gz
Extract all the files
tar zxvf lame-3.97.tar.gz
tar zxvf libogg-1.1.3.tar.gz
tar zxvf libvorbis-1.2.0.tar.gz
tar zxvf flvtool2-1.0.6.tgz
tar jxvf essential-20071007.tar.bz2
tar jxvf ffmpeg-php-0.5.0.tbz2
bzip2 -cd amrnb-7.0.0.2.tar.bz2 | tar xvf -
bzip2 -cd amrwb-7.0.0.3.tar.bz2 | tar xvf -
tar zxvf libtheora-1.0beta3.tar.gz
We need a codec directory
mkdir /usr/local/lib/codecs/
Install Ruby on Rails, subversion & ncurses
apt-get install subversion ruby libcurses-ruby
Run some SVN queries
svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
cd /usr/local/src/mplayer
svn update
Copy Codecs for mplayer
mkdir /usr/local/lib/codecs
mv /usr/local/src/essential-20071007/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/
We also need to secure the tmp directory
mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp
Install lame
cd /usr/local/src/lame-3.97
./configure
make && make install
Install libogg
cd /usr/local/src/libogg-1.1.3
./configure && make && make install
Install libvorbis
cd /usr/local/src/libvorbis-1.2.0
./configure && make && make install
Install flvtool2
cd /usr/local/src/flvtool2-1.0.6/
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install
Install mplayer & mencoder
cd /usr/local/src/mplayer
./configure –enable-jpeg
make && make install
Install AMR (for 3gp conversion)
cd /usr/local/src/amrnb-7.0.0.2
./configure
make && make install
cd /usr/local/src/amrwb-7.0.0.3
./configure
make && make install
Install libtheora (for ogg video encoding)
cd /usr/local/src/libtheora-1.0beta3
./configure
make && make install
Install ffmpeg
cd /usr/local/src/ffmpeg/
./configure –enable-libmp3lame –enable-libogg –enable-libvorbis –disable-mmx –enable-shared –enable-amr-nb –enable-libtheora
Saturday, May 11, 2013
MSSQL Connection Testpage
<?php
$Server = "localhost";
$User = "your_name";
$Pass = "your_password";
$DB = "examples";
//connection to the database
$dbconn = mssql_connect($Server, $User, $Pass)
or die("Couldn't connect to SQL Server on $Server");
//select a database to work with
$selected = mssql_select_db($DB, $dbconn)
or die("Couldn't open database $myDB");
//declare the SQL statement that will query the database
$query = "SELECT name from test ";
//execute the SQL query and return records
$result = mssql_query($query);
$numRows = mssql_num_rows($result);
echo "<h1>" . $numRows . " Row" . ($numRows == 1 ? "" : "s") . " Returned </h1>";
//display the results
while($row = mssql_fetch_array($result))
{
echo "<br>" . $row["name"];
}
//close the connection
mssql_close($dbconn);
?>
$Server = "localhost";
$User = "your_name";
$Pass = "your_password";
$DB = "examples";
//connection to the database
$dbconn = mssql_connect($Server, $User, $Pass)
or die("Couldn't connect to SQL Server on $Server");
//select a database to work with
$selected = mssql_select_db($DB, $dbconn)
or die("Couldn't open database $myDB");
//declare the SQL statement that will query the database
$query = "SELECT name from test ";
//execute the SQL query and return records
$result = mssql_query($query);
$numRows = mssql_num_rows($result);
echo "<h1>" . $numRows . " Row" . ($numRows == 1 ? "" : "s") . " Returned </h1>";
//display the results
while($row = mssql_fetch_array($result))
{
echo "<br>" . $row["name"];
}
//close the connection
mssql_close($dbconn);
?>
Friday, May 10, 2013
FFMPEG on CentOS 6 cPanel Server
FFMPEG on CentOS 6 cPanel server
This article describes installation of ffmpeg, flvtool2, mplayer, mencoder, MP4Box, ffmpeg-php and many other video conversion tools on a CentOS 6 server with cPanel hosting control panel.
1. Enable SubHosting.net and EPEL yum repositories
The CentOS 6 RPM packages of ffmpeg, mplayer and MP4Box packages are available on Subhosting.net. These RPM packages are copied from ATrpms and RPM Fusion YUM repositories for a simplified installation.
Some packages on Subhosting.net YUM repo depend on EPEL repo. To enable EPEL repo, install the epel-release RPM package:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
To enable SubHosting.net YUM repository, create the file /etc/yum.repos.d/subhosting.repo and add following repository configuration:
[SubHosting]
name=SubHosting Packages CentOS 6 - $basearch
baseurl=http://dl.subhosting.net/yumrepo/centos/6/$basearch/
enabled=1
gpgcheck=0
Note: with following 'yum' commands, use the switch --exclude "*.i386" on 64-bit systems so as to avoid installing 32-bit packages along with 64-bit packages. Of course, DO NOT use this switch on 32-bit systems.
2. Install ffmpeg mplayer and mencoder
Install these packages using following yum command:
yum install ffmpeg mplayer
Note: there is no separate package for mencoder. It is also provided by mplayer package.
This will also install various dependency packages like libtheora, libvorbis, libogg, lame, opencore-amr, x264, xvidcore etc.
3. Install flvtool2
cPanel has its own ruby installer script. So install ruby using following cPanel script:
/scripts/installruby
Flvtool2 is available as a Ruby Gems package. Use following gem command to install flvtool2:
gem install flvtool2
4. Install MP4Box2
MP4Box is provided by gpac package. Install gpac and its library packages:
yum install gpac gpac-libs
5. Install ffmpeg-php
Ffmpeg-php requires ffmpeg development package. Install it using yum:
yum install ffmpeg-devel
Now download the latest ffmpeg-php package:
wget http://downloads.sourceforge.net/ffmpeg-php/ffmpeg-php-0.6.0.tbz2
Untar this package, build and install it with following commands:
tar xjf ffmpeg-php-0.6.0.tbz2
cd ffmpeg-php-0.6.0
sed -i ‘s/PIX_FMT_RGBA32/PIX_FMT_RGB32/g’ ffmpeg_frame.c
phpize
./configure
make
make install
The make install command will show PHP extensions path where ffmpeg PHP extension is installed:
root@server [~/ffmpeg-php-0.6.0]# make install
Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20060613/
Now edit php.ini file (/usr/local/lib/php.ini) and make sure that value of extension_dir is set to PHP extension directory as given by above make install command:
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613"
Add following line just below extension_dir and this will enable ffmpeg PHP extension:
extension="ffmpeg.so"
Restart Apache to make this change effective:
/scripts/restartsrv_httpd
You can verify the status of ffmpeg extension on a PHP info web page or from command line as given below:
root@server [~]# php -i | grep ffmpeg
ffmpeg
ffmpeg-php version => 0.6.0-svn
ffmpeg-php built on => Jun 2 2012 20:48:04
ffmpeg-php gd support => enabled
ffmpeg libavcodec version => Lavc52.123.0
ffmpeg libavformat version => Lavf52.111.0
ffmpeg swscaler version => SwS0.14.1
ffmpeg.allow_persistent => 0 => 0
ffmpeg.show_warnings => 0 => 0
OLDPWD => /root/ffmpeg-php-0.6.0
_SERVER["OLDPWD"] => /root/ffmpeg-php-0.6.0
_ENV["OLDPWD"] => /root/ffmpeg-php-0.6.0
6. Installation paths
Following are the file system paths of tools that we installed:
ffmpeg: /usr/bin/ffmpeg
mplayer: /usr/bin/mplayer
mencoder: /usr/bin/mencoder
flvtool2: /usr/bin/flvtool2
MP4Box: /usr/bin/MP4Box
Installing ffmpeg-php
Installing ffmpeg-php
Now we are ready to install ffmpeg-php. This can be done in six easy steps:
Download the latest ffmpeg-php release
http://sourceforge.net/projects/ffmpeg-php/files/ffmpeg-php/
Extract the archive:
tar -xjf ffmpeg-php-X.x.x.tbz2
cd ffmpeg-php-X.x.x/
phpize
./configure && make
sudo make install
Now we are ready to install ffmpeg-php. This can be done in six easy steps:
Download the latest ffmpeg-php release
http://sourceforge.net/projects/ffmpeg-php/files/ffmpeg-php/
Extract the archive:
tar -xjf ffmpeg-php-X.x.x.tbz2
cd ffmpeg-php-X.x.x/
phpize
./configure && make
sudo make install
Subscribe to:
Posts (Atom)