Fixing RTL8111/8168B kernel module on Debian/Ubuntu

Posted on by Randy

For many years, issues with the r8169 module have plagued Debian and related Linux distributions such as Ubuntu.

You’ll see lots of ifconfig errors and stuff like this on desktop mainboards with a Realtek NIC:

Oct 29 07:40:32 c1100d335 kernel: [1996163.743022] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 07:40:32 c1100d335 kernel: [1996163.777667] r8169: eth0: link up
Oct 29 08:17:38 c1100d335 kernel: [1998515.536001] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 08:17:38 c1100d335 kernel: [1998515.554022] r8169: eth0: link up
Oct 29 08:38:50 c1100d335 kernel: [1999866.799565] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 08:38:50 c1100d335 kernel: [1999866.817750] r8169: eth0: link up
Oct 29 09:12:56 c1100d335 kernel: [2002018.492904] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 09:12:56 c1100d335 kernel: [2002018.508900] r8169: eth0: link up
Oct 29 09:56:20 c1100d335 kernel: [2004766.751497] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 09:56:20 c1100d335 kernel: [2004766.771105] r8169: eth0: link up
Oct 29 10:19:38 c1100d335 kernel: [2006244.296991] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 10:19:38 c1100d335 kernel: [2006244.319198] r8169: eth0: link up
Oct 29 10:41:02 c1100d335 kernel: [2007610.618895] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 10:41:02 c1100d335 kernel: [2007610.636753] r8169: eth0: link up
Oct 29 10:53:38 c1100d335 kernel: [2008416.126505] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 10:53:38 c1100d335 kernel: [2008416.228687] r8169: eth0: link up

Or if you’re lucky, you get this:

Oct 29 15:21:29 mirror kernel: [20796.791066] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 15:21:29 mirror kernel: [20796.791109] ------------[ cut here ]------------
Oct 29 15:21:29 mirror kernel: [20796.791133] WARNING: at net/sched/sch_generic.c:222 dev_watchdog+0xa6/0xfb()
Oct 29 15:21:29 mirror kernel: [20796.791159] Modules linked in: nf_conntrack_ipv4 xt_tcpudp xt_conntrack iptable_mangle nf_conntrack_ftp ipt_REJECT ipt_LOG xt_limit xt_multiport xt_state nf_conntrack iptable_filter ip_tables x_tables ipv6 loop parport_pc parport i2c_i801 i2c_core psmouse button snd_hda_intel serio_raw snd_pcm snd_timer snd soundcore snd_page_alloc rng_core pcspkr intel_agp evdev ext3 jbd mbcache sd_mod piix ide_pci_generic ide_core usbhid hid ff_memless ata_generic ata_piix libata scsi_mod dock uhci_hcd ehci_hcd r8169 thermal processor fan thermal_sys [last unloaded: scsi_wait_scan]
Oct 29 15:21:29 mirror kernel: [20796.791457] Pid: 0, comm: swapper Not tainted 2.6.26-2-amd64 #1
Oct 29 15:21:29 mirror kernel: [20796.791482]
Oct 29 15:21:29 mirror kernel: [20796.791484] Call Trace:
Oct 29 15:21:29 mirror kernel: [20796.791517]  <IRQ>  [<ffffffff80234958>] warn_on_slowpath+0x51/0x7a
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff803cc972>] dev_watchdog+0x0/0xfb
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff802353f3>] printk+0x4e/0x56
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff80212507>] read_tsc+0x9/0x20
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8023cf15>] lock_timer_base+0x26/0x4b
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8023d0a4>] __mod_timer+0xbd/0xcc
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff80243847>] queue_delayed_work_on+0xb8/0xc8
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff803cc972>] dev_watchdog+0x0/0xfb
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff803cca18>] dev_watchdog+0xa6/0xfb
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff803cc972>] dev_watchdog+0x0/0xfb
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8023c9d5>] run_timer_softirq+0x16a/0x1e2
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff802393a1>] __do_softirq+0x5c/0xd1
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8020d2dc>] call_softirq+0x1c/0x28
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8020f3e8>] do_softirq+0x3c/0x81
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff802392ff>] irq_exit+0x3f/0x85
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8021aaab>] smp_apic_timer_interrupt+0x8c/0xa4
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff80212b57>] mwait_idle+0x0/0x4d
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8020cd02>] apic_timer_interrupt+0x72/0x80
Oct 29 15:21:29 mirror kernel: [20796.795054]  <EOI>  [<ffffffff80212b98>] mwait_idle+0x41/0x4d
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8020ad04>] cpu_idle+0x8e/0xb8
Oct 29 15:21:29 mirror kernel: [20796.795054]
Oct 29 15:21:29 mirror kernel: [20796.795054] ---[ end trace 90f2af131b1794c6 ]---
Oct 29 15:21:29 mirror kernel: [20796.811063] r8169: eth0: link up

If you’re REALLY lucky (or leave the machine powered up for a few weeks), you might see this followed by a complete lock-up:

Oct 28 09:40:35 mirror kernel: [1800333.162704] NETDEV WATCHDOG: eth0: transmit timed out
Oct 28 09:41:40 mirror kernel: [1800397.679803] Modules linked in: nf_conntrack_ipv4 xt_tcpudp xt_conntrack iptable_mangle nf_conntrack_ftp ipt_REJECT ipt_LOG xt_limit xt_multiport xt_state nf_conntrack iptable_filter ip_tables x_tables i
pv6 loop parport_pc parport button snd_hda_intel pcspkr rng_core snd_pcm snd_timer snd soundcore snd_page_alloc psmouse i2c_i801 serio_raw i2c_core intel_agp evdev ext3 jbd mbcache usbhid hid ff_memless sd_mod piix ide_pci_generic ide_cor
e r8169 ata_generic ata_piix libata scsi_mod ehci_hcd dock uhci_hcd thermal processor fan thermal_sys [last unloaded: scsi_wait_scan]
Oct 28 09:41:40 mirror kernel: [1800397.679803] CPU 2:
Oct 28 09:41:40 mirror kernel: [1800397.679803] Modules linked in: nf_conntrack_ipv4 xt_tcpudp xt_conntrack iptable_mangle nf_conntrack_ftp ipt_REJECT ipt_LOG xt_limit xt_multiport xt_state nf_conntrack iptable_filter ip_tables x_tables i
pv6 loop parport_pc parport button snd_hda_intel pcspkr rng_core snd_pcm snd_timer snd soundcore snd_page_alloc psmouse i2c_i801 serio_raw i2c_core intel_agp evdev ext3 jbd mbcache usbhid hid ff_memless sd_mod piix ide_pci_generic ide_cor
e r8169 ata_generic ata_piix libata scsi_mod ehci_hcd dock uhci_hcd thermal processor fan thermal_sys [last unloaded: scsi_wait_scan]
Oct 28 09:41:40 mirror kernel: [1800397.679803] Pid: 17, comm: events/2 Tainted: G        W 2.6.26-2-amd64 #1
Oct 28 09:41:40 mirror kernel: [1800397.679803] RIP: 0010:[<ffffffff8042a52a>]  [<ffffffff8042a52a>] _spin_lock+0x10/0x15
Oct 28 09:41:40 mirror kernel: [1800397.679803] RSP: 0018:ffff81007f3f7ec8  EFLAGS: 00000287
Oct 28 09:41:40 mirror kernel: [1800397.679803] RAX: 000000000000100f RBX: 0000000000000100 RCX: ffffffff803f1263
Oct 28 09:41:40 mirror kernel: [1800397.679803] RDX: ffff8100379803e8 RSI: 0000000000000011 RDI: ffff81001a483080
Oct 28 09:41:40 mirror kernel: [1800397.679803] RBP: ffff81007f3f7e40 R08: ffff81001a4833e0 R09: 0000000000000000
Oct 28 09:41:40 mirror kernel: [1800397.679803] R10: ffff810080a4e000 R11: ffffffff8021a857 R12: ffffffff8020cd02
Oct 28 09:41:40 mirror kernel: [1800397.679803] R13: ffff81007f3f7e40 R14: ffff81001a483040 R15: ffff81001a483040
Oct 28 09:41:40 mirror kernel: [1800397.679803] FS:  0000000000000000(0000) GS:ffff81007f378240(0000) knlGS:0000000000000000
Oct 28 09:41:40 mirror kernel: [1800397.679803] CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Oct 28 09:41:40 mirror kernel: [1800397.679803] CR2: 00007f1cbc2c2f20 CR3: 0000000000201000 CR4: 00000000000006e0
Oct 28 09:41:40 mirror kernel: [1800397.679803] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Oct 28 09:41:40 mirror kernel: [1800397.679803] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Oct 28 09:41:40 mirror kernel: [1800397.679803]
Oct 28 09:41:40 mirror kernel: [1800397.679803] Call Trace:
Oct 28 09:41:40 mirror kernel: [1800397.679803]  <IRQ>  [<ffffffff803f1275>] ? tcp_delack_timer+0x12/0x1eb
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803f1263>] ? tcp_delack_timer+0x0/0x1eb
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8023c9d5>] ? run_timer_softirq+0x16a/0x1e2
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802393a1>] ? __do_softirq+0x5c/0xd1
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020d2dc>] ? call_softirq+0x1c/0x28
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020f3e8>] ? do_softirq+0x3c/0x81
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802392ff>] ? irq_exit+0x3f/0x85
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8021aaab>] ? smp_apic_timer_interrupt+0x8c/0xa4
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020cd02>] ? apic_timer_interrupt+0x72/0x80
Oct 28 09:41:40 mirror kernel: [1800397.679803]  <EOI>  [<ffffffffa027835c>] ? :nf_conntrack:nf_conntrack_in+0x2/0x4fe
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803d4d74>] ? nf_iterate+0x41/0x7d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803dcac8>] ? dst_output+0x0/0xb
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803d4e0d>] ? nf_hook_slow+0x5d/0xbe
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803dcac8>] ? dst_output+0x0/0xb
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803dde05>] ? __ip_local_out+0x9b/0x9d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803dde10>] ? ip_local_out+0x9/0x1f
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803de9ce>] ? ip_queue_xmit+0x29f/0x2f2
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803ee700>] ? tcp_transmit_skb+0x731/0x76e
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803b66bc>] ? __alloc_skb+0x7f/0x12d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803ece9b>] ? tcp_rcv_state_process+0x9f8/0xa2a
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803f31b7>] ? tcp_v4_do_rcv+0x42b/0x49d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffffa02a942d>] ? :nf_conntrack_ipv4:ipv4_confirm+0xd1/0xdd
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803d4d74>] ? nf_iterate+0x41/0x7d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803e16e7>] ? __inet_lookup_established+0xf1/0x192
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803f518f>] ? tcp_v4_rcv+0x693/0x6e4
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803da7ca>] ? ip_local_deliver_finish+0x120/0x1dd
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803da687>] ? ip_rcv_finish+0x32f/0x352
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803daba4>] ? ip_rcv+0x22e/0x273
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffffa009a91c>] ? :r8169:rtl8169_rx_interrupt+0x4fa/0x511
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffffa009ca7e>] ? :r8169:rtl8169_reset_task+0x41/0xea
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffffa009ca3d>] ? :r8169:rtl8169_reset_task+0x0/0xea
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802430a4>] ? run_workqueue+0x82/0x111
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff80243971>] ? worker_thread+0xd5/0xe0
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802461a5>] ? autoremove_wake_function+0x0/0x2e
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8024389c>] ? worker_thread+0x0/0xe0
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8024607f>] ? kthread+0x47/0x74
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802300ed>] ? schedule_tail+0x27/0x5c
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020cf38>] ? child_rip+0xa/0x12
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff80246038>] ? kthread+0x0/0x74
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020cf2e>] ? child_rip+0x0/0x12
Oct 28 09:41:40 mirror kernel: [1800397.679803]

Luckily, there is hope. You can blacklist the in-kernel driver and install a vendor-supplied module.

cd /usr/src
wget http://djlab.com/stuff/r8168-8.032.00.tar.bz2
tar jxvf r8168-8.032.00.tar.bz2
cd r8168-8.032.00
make clean modules
make install
depmod -a
echo "blacklist r8169" >> /etc/modprobe.d/blacklist-network.conf
update-initramfs -u

Then, reboot the box and check which driver you’re using with ‘ethtool -i eth0’. It should now be r8168 instead of r8169:

driver: r8168
version: 8.032.00-NAPI
firmware-version:
bus-info: 0000:01:00.0

Update – 2/22/2011

I’m re-posting Daniel’s automation with DKMS. These are cut-and-paste-ready code-blocks.

Make sure dkms and gcc are installed:

apt-get install dkms gcc

Create the dkms.conf:

cat <<EOF > /usr/src/r8168-8.032.00/dkms.conf
PACKAGE_NAME=r8168
PACKAGE_VERSION=8.032.00
MAKE[0]="'make'"
BUILT_MODULE_NAME[0]=r8168
BUILT_MODULE_LOCATION[0]="src/"
DEST_MODULE_LOCATION[0]="/kernel/updates/dkms"
AUTOINSTALL="YES"
EOF

Then run:

dkms add -m r8168 -v 8.032.00
dkms build -m r8168 -v 8.032.00
dkms install -m r8168 -v 8.032.00

Done! Now it will automatically be compiled and installed for new kernels.

Adding MSSQL Support to PHP on Cpanel – The right way

Posted on by Randy

There are many how-to’s and examples on the net on how to enable MSSQL support in PHP on a Cpanel box, but none are 100% correct nor easy to maintain. I needed a solution that would be simple to maintain — in other words, something that didn’t have to be done over and over each time PHP was upgraded.

Install unixODBC:

cd /usr/src
wget http://www.unixodbc.org/unixODBC-2.3.0.tar.gz
tar -zxf unixODBC-2.3.0.tar.gz
cd unixODBC-2.3.0
./configure -prefix=/usr/local -enable-gui=no
make install

Install FreeTDS:

cd /usr/src/
wget ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz
tar -zxf freetds-stable.tgz
cd freetds-*
./configure -with-tdsver=8.0 -with-unixODBC=/usr/local
make install
ldconfig

Tell EasyApache we want MSSQL support:

echo '--with-mssql' >> /var/cpanel/easy/apache/rawopts/all_php5

Now, recompile PHP/Apache through EasyApache. It’s OK to use the same options as previous, because MSSQL isn’t an option in EasyApache that can be toggled on and off; we did it manually (and permanently) in the last step.

Verify your work by checking phpinfo() for the mssql section.

How to completely uninstall .NET Framework

Posted on by Randy

It would appear that Microsoft likes to keep files needed for critical core functionality of .NET, in folders called ‘temp’.

I ran into an issue where contents of a bulging temp folder were deleted, in turn destroying all installed versions of .NET. Windows Update began failing, and the ability to update or reinstall .NET was completely lost through the conventional means of Add/Remove Programs, ect.

I was about 30 minutes from buying a Mac, until I found a Nuke button for .NET. This nice little tool is called ‘dotnetfx_cleanup_tool.zip’.

Download dotnetfx_cleanup_tool.zip.

After running this tool which completely erases all traces of every version of .NET, you can reinstall .NET through Windows Update.

I also found a nice tool called ‘Windows Install Clean Up’ that will wipe out any non-.NET application, if you’re having issues with the Add/Remove Programs function of any application in your Windows control panel.

Download msicuu2.exe.

Both of these tools weren’t particularly easy to find (Microsoft removed the latter from their site). Hopefully this helps someone else in a similar situation.

Convert a XenServer HVM domain to PV (paravirtual) and back again

Posted on by Randy

After wading through complicated and poorly organized how-to’s for converting a XenServer HVM domain to PV (paravirtual), I wrote a quick and dirty tool to make the conversion in both directions. I was able to get Debian Lenny 5.0.8 paravirtual domain running without any issues. All memory, CPU, disk, and network stats shows up perfectly in XenCenter, too!

Usage:

[root@vps1a ~]# ./vmtool.pl
Usage: vmtool.pl --cmd (hvmtopv|pvtohvm) ([--vm name-label] or [--uuid uuid]) [--root partition_num]

Here’s an example of it running:

[root@vps1a ~]# ./vmtool.pl --cmd=hvmtopv --vm=c1068vm1
uuid = 7cf68fa6-3d07-0869-fa2d-40c89a724042
cmd = hvmtopv
Changing HVM-boot-policy
Changing PV-args
Setting disk boot flag
***Please update /etc/fstab, /etc/inittab. then reboot VM
Done.

If your root partition is anywhere except the 1st partition on the virtual disk, specify the partition number with the –root argument.

To reverse the process, change the –cmd argument from ‘hvmtopv’ to ‘pvtohvm’.

PV domains can be made into templates within XenCenter, so you don’t have to run the script all the time.

Here are steps to take on your domain after changingtour HVM domain to PV. Make sure to complete these steps (except 4) in HVM mode before rebooting. After the reboot, you can install the Xen tools and reboot again.

1. Install a Xen-aware kernel and make it the default boot option in grub.conf or menu.lst.
2. Update /etc/fstab entries – Example: replace /dev/hda1 with /dev/xvda1, /dev/hdd with /dev/xvdd, ect.
3. Update /etc/inittab – Example: replace tty1 with hvc0 so that the Console works properly
4. Make sure the /boot or / partition (depending on your partition layout) has the boot flag set. THIS IS IMPORTANT!
5. Install the Xen tools from the xs-tools CD so that memory, disk, and network usage appears properly in XenCenter

Get the script here:

Download Link

It’s a shame that XenServer still caters to the Windows crowd by making HVM domains the default, with no way to easily switch to PV. Hopefully this script makes life easier for someone.

Adding a remote MySQL user

Posted on by Randy

First, log onto the local Mysql server (add the ‘-p’ switch if you have a root password assigned, or ‘-h hostname’ if it’s a remote server):

mysql -u root

Now add the user and update the privileges. To restrict to a single remote IP instead of any, replace ‘%’ with ‘1.2.3.4’, ect.

GRANT ALL PRIVILEGES ON *.* TO remoteuser@'%' IDENTIFIED BY 'remotepassword';
flush privileges;

Install ffmpeg, flvtool2, mplayer, mencoder and ffmpeg-php in Cpanel, CentOS, RHEL

Posted on by Randy

This is by far the easiest way to get up and running with ffmpeg and assorted tools on a Cpanel / RHEL / CentOS server. I can’t take credit for all of it, however the original site where I found it has long since been offline with nothing similar replacing it. Hopefully these instructions help others as they have helped me.

First, install rpmforge so you don’t have to compile a bunch of components from scratch:

cd /usr/src
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Now, edit ‘/etc/yum.conf’ and remove ‘ruby*’ from the excludes list. This is just to get past the next step; we must restore it later.

Now, install the required packages:

yum install ffmpeg ffmpeg-devel flvtool2 mplayer mencoder lame libogg libvorbis libtheora swftools amrnb amrwb transcode x264

Now, add ‘ruby*’ back to the excludes list in ‘/etc/yum.conf’ to keep Cpanel happy.

Install Mplayer directly from source:

wget http://www.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
tar xjf essential-20071007.tar.bz2
mv essential-20071007 /usr/lib/codec
mkdir /usr/local/include/ffmpeg/
cp -par /usr/include/lib{avcodec,avdevice,avformat,avutil,swscale} /usr/local/include/ffmpeg/
cp -pa /usr/include/lib{avcodec,avdevice,avformat,avutil,swscale}/*.h /usr/local/include/ffmpeg/

Same with the ffmpeg PHP module:

wget http://downloads.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.6.0.tbz2
tar xjf ffmpeg-php-0.6.0.tbz2
cd ffmpeg-php-0.6.0
phpize
./configure && make
make install

Add after the ‘extension_dir’ and ‘zend_extension’ entries in the php.ini:

extension="ffmpeg.so"

Test your installation with the following command. I’ve included the raw shell output so you know what you should be seeing:

root@server [~]# php -i | grep ffmpeg
ffmpeg
ffmpeg-php version => 0.6.0-svn
ffmpeg-php built on => Apr 28 2010 15:40:49
ffmpeg-php gd support  => enabled
ffmpeg libavcodec version => Lavc52.20.0
ffmpeg libavformat version => Lavf52.31.0
ffmpeg swscaler version => SwS0.7.1
ffmpeg.allow_persistent => 0 => 0
ffmpeg.show_warnings => 0 => 0

Update

In certain situations, you may end up with the following error:

/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_toGDImageâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: (Each undeclared identifier is reported only once
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: for each function it appears in.)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_ffmpeg_frameâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:421: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
make: *** [ffmpeg_frame.lo] Error 1

To resolve this, search for all instance of “PIX_FMT_RGBA32″ and replace with “PIX_FMT_RGB32″ in ffmpeg_frame.c and recompile:

perl -pi -e "s/PIX_FMT_RGBA32/PIX_FMT_RGB32/g" ffmpeg_frame.c
make clean
phpize
./configure && make
make install

Finding PHP shell scripts and PHP exploits

Posted on by Randy

Exploits love to hide their evil code using random combination’s of base64_encode, gzdeflate, ect. Although you’re going to get plenty of false positives using this method, by using common sense and this simple command you can weed out most popular exploits which are either standalone files or embedded into existing files. I sometimes update this when I find new exploits so check back.

Replace the path below (.) with the absolute path of the directory you want to recursively scan. For example, you could recursively scan from the working directory:

grep '((eval.*(base64_decode|gzinflate|\$_))|\$[0O]{4,}|FilesMan|GLOBALS.*exit|JGF1dGhfc|IIIl|die\(PHP_OS|posix_getpwuid|Array\(base64_decode|document\.write\("\\u00|sh(3(ll|11)))' . -lroE --include=*.php*

Path to replace . which will all public-facing web folders on a Cpanel box:

/home/*/public_html/

Don’t forget something as simple as ‘clamscan’ (if you’ve got ClamAV installed) can also find some PHP shells. Replace the path below with the absolute path of the directory you want to recursively scan. For example, you could scan all public HTML folders on a Cpanel server for various exploits and certain phishing sites:

nice -n 19 clamscan /home/*/public_html -r -i | grep " FOUND"

Installing Ksplice – The Easy Way

Posted on by Randy

With the recent high-profile exploits like CVE-2010-3301 and CVE-2010-3081, keeping your Linux boxes secure is becoming more and more important. Enter the world of Ksplice.

Ksplice is a tool which automatically applies live Kernel updates to a running system so you never have to reboot, ever again. Imagine staying secure with each kernel release and never having to reboot your Linux machine…and yes, it really works!

When you’ve got dozens or more CentOS boxes to install Ksplice on, this single cut-and-paste method lets you do it in one click. Remember to replace ACTUAL_KEY with your Ksplice access key.

wget https://www.ksplice.com/yum/uptrack/centos/ksplice-uptrack-release.noarch.rpm
rpm -i ksplice-uptrack-release.noarch.rpm
yum -y install uptrack
perl -pi -e 's/INSERT_ACCESS_KEY/ACTUAL_KEY/' /etc/uptrack/uptrack.conf
perl -pi -e 's/autoinstall = no/autoinstall = yes/' /etc/uptrack/uptrack.conf
uptrack-upgrade -y

The code could be easily modified for other flavors of Linux.

Check out www.ksplice.com.