Category Archives: Linux

All Posts related to Linux

PHP xdiff installation in Linux

Posted on by
Reply

Ok… I’ve been trying to get this working for several days and have finally made it work. XDiff is a brilliant diffing utility for PHP but requires you to install it as an extension. Before you are able to do the main part of this you need to install the libxdiff libraries. This is the part that took me some time to get working.

Ok here is the part that has taken me the time… libxdiff. To install this you need to do the following:
cd /usr/src
wget http://www.xmailserver.org/libxdiff-0.22.tar.gz
tar -xzf libxdiff-0.22.tar.gz
cd libxdiff-0.22
./configure
make
make install

This will get you libxdiff installed. The next part is then simple. Install the php extension using the following:
pecl install xdiff

When you have this installed you should then be able to use xdiff from within PHP. See the php manual for more instructions: http://www.php.net/manual/en/ref.xdiff.php

CentOS Kernel update failure

Posted on by
Reply

After upgrading our Linux Kernel to version to 2.6.18-194 we found our selves having some problems with the Kernel booting. It was failing to mount the root file system. After several hours with google I finally stumbled across a KB post from microsoft to fix the problem.

Apparently the problem is arising because of the Linux IC components we have insatalled for hyper-v. This was stopping the kernel from booting. The post it’s self explains what to do to stop the problem arising before upgrading the kernel but I can assure that this works when applied post upgrade as well. Here are the steps…

  1. Boot into the previous installed kernel and login…
  2. Follow the instruction in this article… http://support.microsoft.com/kb/2387594
  3. Finally boot into the new kernel

The problem I was having has gone away so hopefully this will work for you as well.

PCI DSS Compliance

Posted on by
Reply

Do you have the requirement to be PCI DSS compliant at work? We do! We’ve just started to undertake the compliance programme and my goodness is it a headache! The bit I’m going to talk about here is the network scan.

I thought our systems were secure and protected from any script kiddies trying to brute force their way into our systems but there are so many more vulnerabilities out there than I knew. For example buffer overflow errors in apache, html insertion in MySQL, vulnerabilities in strrpad in PHP. The list is remarkably long!

After the initial scan we were notified of a staggering 50 potential and confirmed vulnerabilities in our system. My last week has revolved around fixing these and confirming that some were in face false positives. This got me. Many linux distributions utilise back porting to fix their applications rather than installing updated versions. For example the apache httpd server will have security vulnerabilities patched from upstream versions in to down stream ones. This allows users to remain on a fixed feature set but with all the vulnerabilities fixed. I see the benefit of this but network scanners are only able to determine the version number installed and not the back ported patches that are installed. Several of the vulnerabilities in our installation were in fact false positives and had been fixed in the release we are running.

The way of verifying this is to obtain the CVE number and then hit google. I was searching for things such as “centos <CVE NUMBER>”. This often found a bug report from redhat (CentOS’s big brother lol). In this report would be a link to the package number that the bug was fixed in. You can then verify that the version that you have installed is greater than or equal to the version listed. I’ve had to do this for multiple packages.

As a general rule of thumb… if you run “yum update” and install all the packages listed for upgrade you will be covered.

Later I’ll cover in a little more detail some of the more specific changes I’ve had to make.

Apache running webs on a network drive…

Posted on by
Reply

Ok… here’s a tricky one I’ve just had to work through.

I have apache, Mysql, PHP running on my Windows machine. So that my development files are stored in a backed up location I wanted to move my files to a mapped network drive. This causes some problems which I’ve just worked through.
When you map a network drive this drive gets mapped under your user account. The apache service runs under the computer system account so has no visibility to the mapped drive and as such using w:\…. in your DocumentRoot directive will not work. Only local drives can be accessed in this manner. As a mapped drive this should have a UNC path associated with it. E.g. \\domain.local\Development\MyWebs. This is the style of path required for Apache.
When entering this path into the httpd.conf file you need to ensure that you use “/” instead of “\”. So the above would be “//domain.local/Development/MyWebs”.
You will then need to change the user that the Apache service runs as. I’ve set it to run under my domain account. This account I know has NTFS permissions to the mapped drive/UNC path.
One final step is to give the new account that the service runs as access to the logs directory under the server root (or move your logs to a location that has permission). After all that you should be able to have a local Apache server running webs stored on a network drive.

Why do things always go wrong at the same time?

Posted on by
Reply

I’ve had one of those days today where everything goes wrong at the same time. Our ecommerce system interfacing with sagepay (used to be protx) has decided to stop taking 3D secured transactions. Investigations are still on going here!

The other problem has been our exchange server. First thing this morning I get a call saying that the exchange server has stopped recieving connections again! Now this was the second time in as many days and shouldn’t be happening. On goes my investigative hat! It appears that the mailbox store on exchange is limited to 18GB by default and we’ve just reached this limit! I found this out by the hundreds of error messages in the system event log! Apparently you can make the store bigger but need to doso via the registry. After fixing this it appears to work again but think this will be a recuring problem… peoples mailboxes are going to continue to expand so I may have to investigate a mailbox archiving program/method at some point.

As for working on something that’s not been fixing things… I’m about to start looking into the Zend Framework MVC engine. Quite excited about this as the other parts of hte Zend Framework I’ve used so far has been brilliant! Very easy to use and delivers some quite complex functionality with minimal effort.

I’ll post again with the outcome of my investigations!