Monthly Archives: January 2010

stropts.h: No such file or directory – How to Fix

It is a known issue that modern Linux systems are missing stropts.h file. You will probably have some problems when trying to compile software like pppd, pptp, gftp, etc from sources. Seems to be a strange thing, as you won’t get any errors in previous versions of Linux. Most recent versions of Fedora don’t contain this file, that’s why we need to know what to do if software compilation fails because of missing stropts.h.

Let’s determine when we need to have this file on our machine.When we’re compiling any “old” package from sources, we may receive the following error:

error: stropts.h: No such file or directory

What could be the reason and why isn’t this file included into our Linux distribution? This error means that your system doesn’t support STREAMS.

Linux doesn’t support STREAMS (many years ago it was available as a third party module, but it hasn’t worked for years). stropts.h is part of a POSIX XSR option, which is not supported in modern Linux distributions. Do we really need it in Linux?

This means that software you’re trying to compile, will not use the functions listed under stropts.h as they’re not supported by the operating system. So we will do a simple trick that will let you to compile your software without these functions.

Since the stropts.h is required for a successful compilation, the most simple way to solve the issue is to create a blank file named stropts.hunder /usr/include. You may want to put any comments there, this way you won’t forget what was the reason to create this file. The easiest way to do this is:

touch /usr/include/stropts.h

This simple trick will help you to compile pptp (1.7.2),  pppd (2.4.5), and I think that the list will be much bigger. That was just my experience, but the sense remains the same: you need this file for a successful compilation. Just create it and have fun! :)

How to Disable Dynamic DNS Update in bind

First of all, let’s figure out what Dynamic DNS update is and why it is used in most recent versions of bind.

Dynamic update represents the idea of exchanging data between two computers with known names both visiting an unknown network where we don’t know, care or trust the underlying address.

It is now possible to point your neighbor at the IETF conference to a web page on your laptop by pointing at the URL on your business card using this technology.

When this feature is enabled, your computer has a potential vulnerability, if your bind configuration is secured using TSIG keys or SIG(0). I will create a post on this subject a bit later, but now I’m going to tell you how to disable Dynamic Updates, if you are unsure whether they are secure.

We need to edit named.conf using any editor available. For each domain zone, that should be secured, we need to add a string. Let me show you how to do it. Here is my zone config before:

zone “lampdocs.com” { type master; file “/var/named/lampdocs.com.db”; };

We’re adding a line to disable dynamic DNS updates:

zone “lampdocs.com” { type master; file “/var/named/lampdocs.com.db”;
allow-update { none; };
};

That’s all. Now Dynamic DNS updates are disabled for your domain. Don’t forget to restart bind to activate your input.

Public DNS From Google: Improve Your Security

Google has lately launched its new service named Google Public DNS. What does it mean and how do you use them? Here is a brief excerpt from Google:

Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider.

To try it out you need to configure your network settings to use the IP addresses 8.8.8.8 and 8.8.4.4 as your DNS servers.

If you decide to try Google Public DNS, your client programs will perform all DNS lookups using Google Public DNS.

How to do this in Linux? If you are a console fun, you should edit the /etc/resolv.conf file by entering these values:

nameserver 8.8.8.8
nameserver 8.8.4.4

Google promises to speed up your browsing experience, and to improve your security. Not sure about the speed, but security is the thing you need to think about. I have recently tried Comodo DNS and was very unsatisfied with its speed. Google should release something that should be faster than my ISP’s DNS, for me to use their service :-). In fact, users from small countries will see the difference, like I did.

Google Groups have relatively small amount of user warnings, and this service seems to be stable enough. You’re welcome to give it a try to decide.

Setting Up NTP Time Synchronization in CentOS

If you need to have valid date and time on your server, you need to synchronize it with a time server as well. In order to do this in Linux (especially in CentOS),  we will follow my short howto.

1. Ensure you’ve got ntp installed. Run rpm -qa | grep ntp to find out if it already exists on your system and yum install ntp if it is not present.

2. Run ntpdate. On CentOS, you will probably get this error:

[root@server ~]# ntpdate
29 Jan 09:52:54 ntpdate[8463]: no servers can be used, exiting

This means you have to include a server into your request, just like shown below.

[root@server ~]# ntpdate 0.pool.ntp.org
29 Jan 10:08:07 ntpdate[8853]: step time server 213.198.55.2 offset 676.605025 sec

This means my server had a 10-minute time diffrence with the time server. After this command my time has been adjusted.

3. Add time synchronization to your crontab and run it as often as you need.

30 * * * * /usr/sbin/ntpdate -s 0.pool.ntp.org

Will sync your clock every hour; I think is enough to perform synchronization weekly.  Let’s do it.

30 10 5 * * /usr/sbin/ntpdate -s 0.pool.ntp.org

This simple guide will keep your clock synchronized. Have fun!

How to Enable Ioncube Support For The Entire Server

PHP code protection is widely used today. As most servers come with Zend installed, I will tell you how to install another code protection library named Ioncube. If you’re a server administrator, I would suggest you to install this library on server level, as it might be used by many users of your server.

First of all, we need to download the Ioncube package. Just choose your operating system and download an archive to your place. Then you need to extract it.

tar -xzvf ioncube_loaders_lin_x86.tar.gz

I would suggest you to copy extracted files to a safe location so you could point to it when adding support lines to php.ini.

It will be much easier if ioncube loader helper page is accessible from the web, just like here: http://www.lampdocs.com/blog/ioncube/ioncube-loader-helper.php?page=install-assistant . Helper will detect the place where your php.ini is located and will suggest the correct path. If you don’t have web access to helper page, you’re welcome to follow my post finding php.ini file location.

To install the Loader in your php.ini file, edit or create php.ini file by the path specified by loader and add the following line before any other zend_extension lines:

zend_extension = /
/ioncube_loader_lin_5.2.so

where /
/ is where you’ve installed the loader, e.g. /usr/local/ioncube/. Make sure this line is added before any other zend_extension lines, as you might have troubles starting Apache. Here is how it looks on my server:

[Zend]
zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.2.so
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
zend_optimizer.version=3.3.3

zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

After that you must restart apache to activate your changes. You should not experience problems starting it, and your ioncube installation should be ready to use. If not, you’re welcome to ask me here. :)

How to Enable register_globals in php using .htaccess

As you should already know, register_globals is a php.ini directive that manages the way PHP deals with variables. It has been deprecated for security issues and we won’t see it in PHP 6.0. If the deprecated register_globals directive is on (removed as of PHP 6.0.0), then variables_order also configures the order the ENV, GET, POST, COOKIE and SERVER variables are populated in global scope. So for example if variables_order is set to “EGPCS”, register_globals is enabled, and both $_GET[‘action’] and $_POST[‘action’] are set, then $action will contain the value of $_POST[‘action’] as P comes after G in our example directive value. This is extremely insecure and it is not recommended to enable this directive.

But if you really need it (for example, you need to transfer an old-made site to your server and make it working until all the variables are changed), you may enable it using an .htaccess file. This way register_globals will be active just for one site. Here is the string you need to add to your .htaccess file:

php_value register_globals 1

I wish you to change all the variables as soon as possible, but you may use my solution until then :)

PHP Function to Convert from Unicode to any Charset

When you are dealing with encoded strings it is not so easy to determine the encoding. But if your string is converted to unicode, there are no standard PHP functions to decode it. I have found a function that allows to convert a unicode string to any charset you like. Here it is:

<? function Unicode2Charset($str, $charset = ‘Windows-1251’) { // by SiMM, addition by John Profic return preg_replace( ‘~&#(?:x([da-f]+)|(d+));~ie’, ‘iconv(“UTF-16LE”, $charset, pack(“v”, “$1” ? hexdec(“$1”) : “$2”))’, $str ); } ?>

I have posted a Windows-1251 example, but you are welcome to convert to any other encoding you need.

Sendmail and local-host-names file: Troubleshooting

I will not post the whole process of sendmail configuration here, just would like to pay attention to a small detail.

/etc/mail/local-host-names is a text file, that contains the list of domain names and it is taken by sendmail when checking outgoing mail. You should make sure you have this file in the following format:

# local-host-names sample file
lampdocs.com
test.lampdocs.com
# end of file

Please, note, that you should leave the comment on the last line as it is ignored by sendmail. Your local-host-names should have the last line either blank, either commented. Hope this saves someone some time, as this feature is not so well documented and you might have problems with the last domain in the list.

How to Determine the Uploaded File Type With PHP

Nowadays file upload is widely used on the web. We upload pictures, archives and videos and often don’t think how these files are handled by our server. In this post I’m going to show you several solutions for file upload in PHP, that allow to determine what kind of file was uploaded using a form.

The first option is related to the $_FILES array. When a file is uploaded, it is placed into a temporary directory and we use PHP functions to move it to the place we need. Let’s take a simple form to understand how it is processed.

<form enctype="multipart/form-data" action="upload.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="200000" />
Choose a file to upload: <input name="file" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

Here is how it looks like:


Choose a file to upload:

It’s just a simple form that asks for a file to upload. When the form is filled, it is processed by upload.php. When the upload.php file is executed, the uploaded file is placed into a temporary storage area on the server. If the file is not moved to a different location it will be deleted! To save our file we are going to check whether it suits our needs (for example, we need to upload images only). Then we will use the $_FILES associative array.

We will need some elements of this array in order to process our file.

file – file is the reference we assigned in our HTML form. We will need this to tell the $_FILES array which file we want to play around with.
$_FILES[‘file’][‘name’] – name contains the original path of the user uploaded file.
$_FILES[‘file’][‘tmp_name’] – tmp_name contains the path to the temporary file.
$_FILES[“file”][“type”] describes the type of the file, and it is determined automatically, so there is no way for a user to upload a bad file.

In order to check our file for file type we will use several methods. The first one, as I have already told, is related to $_FILES array. I suppose we need just 3 types of images: jpg, gif and png. Here is the code:

switch($_FILES['file']['type'])
{
case "image/jpeg":
{
// Do something here
break;
}
case "image/gif":
{
// Do something with gif here
break;
}
case "image/png":
{
// Do something with png
}
default:
{
break;
}
}

This will allow you to determine whether your matches your desired type. There is another way to do this, using mime_content_type(). The code is almost the same.

switch (mime_content_type($_FILES['file']['tmp_name']))
{
case "image/jpeg":
{
// Do something here
break;
}
case "image/gif":
{
// Do something with gif here
break;
}
case "image/png":
{
// Do something with png
}
default:
{
break;
}
}

The examples above will let you know whether the file being uploaded is really the one you expect. Sometimes people check just file names for “.jpg”, and “.gif” and that’s a bad practice, as this way I will be able to upload file.jpg.exe and so on. Hope this post helps you to deal with files more securely.