May 27, 2013
I now know this script was there for years but I just found it some month ago, when I installed MySQL on a CentOS and it told me to use it. But I checked, it is also present on an old Ubuntu 8.04 LTS (released 5 years ago). The script is called:
Here are the questions you get asked by it:
Change the root password? [Y/n]
Remove anonymous users? [Y/n]
Disallow root login remotely? [Y/n]
Remove test database and access to it? [Y/n]
Reload privilege tables now? [Y/n]
You really should run this program as it makes the basic securing of MySQL really easy.
May 23, 2013
By pure luck I found the Microsoft Remote Connectivity Analyzer as I’m not into the Microsoft world. Anyway this web site lets you test easily if the Groupware server you’re using is configured correctly. For example if you’ve problems connecting/syncing with your mobile or tablet to a server via ActiveSync. This protocol is not just used by Exchange but also by some OpenSource Groupware applications. Anyway its a nice link to know.
May 20, 2013
As Google is discontinuing their Google Reader I needed to look for alternatives and after some looking I went for Tiny Tiny RSS, which I can run on one of my web servers. At least this was the theory :-). The problems I faced were that Tiny Tiny RSS seems to have problems with a half-way secure PHP setup, and I needed therefore to make some changes to get it working. As I didn’t find that much documentation on this topic and it seams the Tiny Tiny RSS developers are not really security affine.
1. open_basedir is not supported
I did as described in the Install Notes and went to the
http://your.site.com/tt-rss/install/ URL to use the installer to configure my Tiny Tiny RSS, but I was prompted with this error message:
PHP configuration option open_basedir is not supported. Please disable this in PHP settings file (php.ini).
I searched through the Internet and it seams that some obscure errors can occur if you use open_basedir. But to me it seem more like: I (=developer) don’t have the problem and the user has it and he has open_basedir activated so this must be the problem. Anyway, open_basedir is an imported security measure for PHP hosting, do not ever disabled it, specially if you have more than one vhost. I running with enabled open_basedir for 2 weeks now without getting any obscure errors (or any errors at all). At the time of writing this blog post I was running PHP 5.3.23 and 5.3.25 on this server.
After these preliminary words – how did I get rid of this error messages? Simple I just commented raising of the exceptions out. For this open the
install/index.php in a text editor and search for the line containing “
option open_basedir is not supported“, comment it out like this:
And you need to do the same in the
2. passthru disabled
I wanted to call the
./update.php --daemon command from the command line but I got following error message:
PHP Warning: passthru() has been disabled for security reasons in /var/www/xxxx/html/update.php on line 150
This is because a secure configured default
php.ini has following set:
disable_functions = exec, passthru, shell_exec, system, proc_open, popen, curl_exec, curl_multi_exec, parse_ini_file, show_source
I remove disabled functions per vhost so I don’t have the least common denominator for security. In this case needed to make sure that the
update.php called via the command line uses a custom made
php.ini. I therefore created this bash script.
In this directory a special
php.ini is located which has
3. undefined function posix_getpid
I wanted to use the
update_daemon2.php script as it is recommended but I got following error message:
[09:48:30] [MASTER] installing shutdown handlers
PHP Fatal error: Call to undefined function posix_getpid() in /var/www/xxxx/html/update_daemon2.php on line 223
PHP Fatal error: Call to undefined function posix_getpid() in /var/www/xxxx/html/update_daemon2.php on line 236
PHP Fatal error: Call to undefined function posix_getpid() in /var/www/xxxx/html/update_daemon2.php on line 99
The solution on Centos/RHEL/SL is easy, just install the posix package for php:
yum install php-posix
I hope this post helps others which move to Tiny Tiny RSS and still want a reasonably secure PHP setup.
May 12, 2013
I was searching again for some directories or files on one of my servers, which were filling the hard disk. Normally I used
du -hs * starting via / and going downwards in the directory structure …. but not this time … I went on the search for a command line program which makes that easier … and I found it: Welcome NCurses Disk Usage.
On CentOS/RHEL/SL you need the EPEL repository and than just type
yum install ncdu. On Ubuntu just type
sudo apt-get install ncdu.
If you use it via SSH it is recommended to use the option
-q which does according to the manual:
-q Quiet mode. While calculating disk space, ncdu will update the screen .10 times a second by default, this will be decreased to once every 2 seconds in quiet mode. Use this feature to save bandwidth over remote connections.
And as I normally know on which partition I want to look (
df -h tells me which hard disk is getting full 🙂 ), I use following option too:
-x Only count files and directories on the same filesystem as the specified dir.
which leads to this output after starting it: