Adding MSSQL Support to PHP on Cpanel – The right way

There are many how-to’s and examples on the net on how to enable MSSQL support in PHP on a Cpanel box, but none are 100% correct nor easy to maintain. I needed a solution that would be simple to maintain — in other words, something that didn’t have to be done over and over each time PHP was upgraded.

Install unixODBC:

cd /usr/src
wget http://www.unixodbc.org/unixODBC-2.3.0.tar.gz
tar -zxf unixODBC-2.3.0.tar.gz
cd unixODBC-2.3.0
./configure -prefix=/usr/local -enable-gui=no
make install

Install FreeTDS:

cd /usr/src/
wget ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz
tar -zxf freetds-stable.tgz
cd freetds-*
./configure -with-tdsver=8.0 -with-unixODBC=/usr/local
make install
ldconfig

Tell EasyApache we want MSSQL support:

echo '--with-mssql' >> /var/cpanel/easy/apache/rawopts/all_php5

Now, recompile PHP/Apache through EasyApache. It’s OK to use the same options as previous, because MSSQL isn’t an option in EasyApache that can be toggled on and off; we did it manually (and permanently) in the last step.

Verify your work by checking phpinfo() for the mssql section.

How to completely uninstall .NET Framework

It would appear that Microsoft likes to keep files needed for critical core functionality of .NET, in folders called ‘temp’.

I ran into an issue where contents of a bulging temp folder were deleted, in turn destroying all installed versions of .NET. Windows Update began failing, and the ability to update or reinstall .NET was completely lost through the conventional means of Add/Remove Programs, ect.

I was about 30 minutes from buying a Mac, until I found a Nuke button for .NET. This nice little tool is called ‘dotnetfx_cleanup_tool.zip’.

Download dotnetfx_cleanup_tool.zip.

After running this tool which completely erases all traces of every version of .NET, you can reinstall .NET through Windows Update.

I also found a nice tool called ‘Windows Install Clean Up’ that will wipe out any non-.NET application, if you’re having issues with the Add/Remove Programs function of any application in your Windows control panel.

Download msicuu2.exe.

Both of these tools weren’t particularly easy to find (Microsoft removed the latter from their site). Hopefully this helps someone else in a similar situation.

Convert a XenServer HVM domain to PV (paravirtual) and back again

After wading through complicated and poorly organized how-to’s for converting a XenServer HVM domain to PV (paravirtual), I wrote a quick and dirty tool to make the conversion in both directions. I was able to get Debian Lenny 5.0.8 paravirtual domain running without any issues. All memory, CPU, disk, and network stats shows up perfectly in XenCenter, too!

Usage:

[root@vps1a ~]# ./vmtool.pl
Usage: vmtool.pl --cmd (hvmtopv|pvtohvm) ([--vm name-label] or [--uuid uuid]) [--root partition_num]

Here’s an example of it running:

[root@vps1a ~]# ./vmtool.pl --cmd=hvmtopv --vm=c1068vm1
uuid = 7cf68fa6-3d07-0869-fa2d-40c89a724042
cmd = hvmtopv
Changing HVM-boot-policy
Changing PV-args
Setting disk boot flag
***Please update /etc/fstab, /etc/inittab. then reboot VM
Done.

If your root partition is anywhere except the 1st partition on the virtual disk, specify the partition number with the –root argument.

To reverse the process, change the –cmd argument from ‘hvmtopv’ to ‘pvtohvm’.

PV domains can be made into templates within XenCenter, so you don’t have to run the script all the time.

Here are steps to take on your domain after changingtour HVM domain to PV. Make sure to complete these steps (except 4) in HVM mode before rebooting. After the reboot, you can install the Xen tools and reboot again.

1. Install a Xen-aware kernel and make it the default boot option in grub.conf or menu.lst.
2. Update /etc/fstab entries – Example: replace /dev/hda1 with /dev/xvda1, /dev/hdd with /dev/xvdd, ect.
3. Update /etc/inittab – Example: replace tty1 with hvc0 so that the Console works properly
4. Make sure the /boot or / partition (depending on your partition layout) has the boot flag set. THIS IS IMPORTANT!
5. Install the Xen tools from the xs-tools CD so that memory, disk, and network usage appears properly in XenCenter

Get the script here:

Download Link

It’s a shame that XenServer still caters to the Windows crowd by making HVM domains the default, with no way to easily switch to PV. Hopefully this script makes life easier for someone.

Adding a remote MySQL user

First, log onto the local Mysql server (add the ‘-p’ switch if you have a root password assigned, or ‘-h hostname’ if it’s a remote server):

mysql -u root

Now add the user and update the privileges. To restrict to a single remote IP instead of any, replace ‘%’ with ‘1.2.3.4’, ect.

GRANT ALL PRIVILEGES ON *.* TO remoteuser@'%' IDENTIFIED BY 'remotepassword';
flush privileges;

Install ffmpeg, flvtool2, mplayer, mencoder and ffmpeg-php in Cpanel, CentOS, RHEL

This is by far the easiest way to get up and running with ffmpeg and assorted tools on a Cpanel / RHEL / CentOS server. I can’t take credit for all of it, however the original site where I found it has long since been offline with nothing similar replacing it. Hopefully these instructions help others as they have helped me.

First, install rpmforge so you don’t have to compile a bunch of components from scratch:

cd /usr/src
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Now, edit ‘/etc/yum.conf’ and remove ‘ruby*’ from the excludes list. This is just to get past the next step; we must restore it later.

Now, install the required packages:

yum install ffmpeg ffmpeg-devel flvtool2 mplayer mencoder lame libogg libvorbis libtheora swftools amrnb amrwb transcode x264

Now, add ‘ruby*’ back to the excludes list in ‘/etc/yum.conf’ to keep Cpanel happy.

Install Mplayer directly from source:

wget http://www.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
tar xjf essential-20071007.tar.bz2
mv essential-20071007 /usr/lib/codec
mkdir /usr/local/include/ffmpeg/
cp -par /usr/include/lib{avcodec,avdevice,avformat,avutil,swscale} /usr/local/include/ffmpeg/
cp -pa /usr/include/lib{avcodec,avdevice,avformat,avutil,swscale}/*.h /usr/local/include/ffmpeg/

Same with the ffmpeg PHP module:

wget http://downloads.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.6.0.tbz2
tar xjf ffmpeg-php-0.6.0.tbz2
cd ffmpeg-php-0.6.0
phpize
./configure && make
make install

Add after the ‘extension_dir’ and ‘zend_extension’ entries in the php.ini:

extension="ffmpeg.so"

Test your installation with the following command. I’ve included the raw shell output so you know what you should be seeing:

root@server [~]# php -i | grep ffmpeg
ffmpeg
ffmpeg-php version => 0.6.0-svn
ffmpeg-php built on => Apr 28 2010 15:40:49
ffmpeg-php gd support  => enabled
ffmpeg libavcodec version => Lavc52.20.0
ffmpeg libavformat version => Lavf52.31.0
ffmpeg swscaler version => SwS0.7.1
ffmpeg.allow_persistent => 0 => 0
ffmpeg.show_warnings => 0 => 0

Update

In certain situations, you may end up with the following error:

/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_toGDImageâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: (Each undeclared identifier is reported only once
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: for each function it appears in.)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_ffmpeg_frameâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:421: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
make: *** [ffmpeg_frame.lo] Error 1

To resolve this, search for all instance of “PIX_FMT_RGBA32″ and replace with “PIX_FMT_RGB32″ in ffmpeg_frame.c and recompile:

perl -pi -e "s/PIX_FMT_RGBA32/PIX_FMT_RGB32/g" ffmpeg_frame.c
make clean
phpize
./configure && make
make install

Finding PHP shell scripts and PHP exploits

Exploits love to hide their evil code using random combination’s of base64_encode, gzdeflate, ect. Although you’re going to get plenty of false positives using this method, by using common sense and this simple command you can weed out most popular exploits which are either standalone files or embedded into existing files. I sometimes update this when I find new exploits so check back.

Replace the path below (.) with the absolute path of the directory you want to recursively scan. For example, you could recursively scan from the working directory:

grep '((eval.*(base64_decode|gzinflate|\$_))|\$[0O]{4,}|FilesMan|GLOBALS.*exit|JGF1dGhfc|IIIl|die\(PHP_OS|posix_getpwuid|Array\(base64_decode|document\.write\("\\u00|sh(3(ll|11)))' . -lroE --include=*.php*

Path to replace . which will all public-facing web folders on a Cpanel box:

/home/*/public_html/

Don’t forget something as simple as ‘clamscan’ (if you’ve got ClamAV installed) can also find some PHP shells. Replace the path below with the absolute path of the directory you want to recursively scan. For example, you could scan all public HTML folders on a Cpanel server for various exploits and certain phishing sites:

nice -n 19 clamscan /home/*/public_html -r -i | grep " FOUND"

Installing Ksplice – The Easy Way

With the recent high-profile exploits like CVE-2010-3301 and CVE-2010-3081, keeping your Linux boxes secure is becoming more and more important. Enter the world of Ksplice.

Ksplice is a tool which automatically applies live Kernel updates to a running system so you never have to reboot, ever again. Imagine staying secure with each kernel release and never having to reboot your Linux machine…and yes, it really works!

When you’ve got dozens or more CentOS boxes to install Ksplice on, this single cut-and-paste method lets you do it in one click. Remember to replace ACTUAL_KEY with your Ksplice access key.

wget https://www.ksplice.com/yum/uptrack/centos/ksplice-uptrack-release.noarch.rpm
rpm -i ksplice-uptrack-release.noarch.rpm
yum -y install uptrack
perl -pi -e 's/INSERT_ACCESS_KEY/ACTUAL_KEY/' /etc/uptrack/uptrack.conf
perl -pi -e 's/autoinstall = no/autoinstall = yes/' /etc/uptrack/uptrack.conf
uptrack-upgrade -y

The code could be easily modified for other flavors of Linux.

Check out www.ksplice.com.

Using TCPdump and Wireshark to monitor network traffic

Here are a few shortcuts for common monitoring tasks with TCPdump. I will update this post over time as new needs arise.

Monitor traffic to/from a single port:

tcpdump -n -i eth0 'port 53'

Monitor and decode traffic to/from or regarding a particular domain or IP (there may be a better way, this is quick and dirty). You can replace the IP with a domain name if needed:

tcpdump -nvvA | grep 188.92.72.128 -A 2

Monitor POST payload for a particular domain (useful for tracing hack attempts and other abuse):

tshark -V -T text -R 'http.request and http.host == "djlab.com" and http.request.method == "POST"' -x > post_log_djlab.com.txt

Monitor POST payload for all domains on a machine:

tshark -V -T text -R 'http.request and http.request.method == "POST"' -x > post_log_all_domains.txt