Systems Admin Simplified

After upgrading PHP, some scripts such as those used in old Drupal systems may report the fatal error "undefined function split()" due to the function's deprecation and removal. Simply replace it with preg_split() to solve the problem. ========== 1. Find the split() function. split($pattern, $subject); 2. Convert it to the preg_match() function as shown. preg_split( "/".$pattern."/" , $subject); ==========

After upgrading PHP, some scripts such as those used in old Drupal systems may report an error on preg_replace() that "the /e modifier is no longer supported" due to the modifier's deprecation and removal for being a security risk. Replace it with preg_replace_callback() to solve the problem. ========== 1. Find the preg_replace() function. preg_replace ("/".$pattern."/e", $replacement, $subject); 2. Convert it to the preg_replace_callback() function as shown. preg_replace_callback( "/".$pattern."/" ,         function ($args) { return nameOfCallback($args); } ,         $subject ); ==========

After upgrading PHP, some scripts such as those used in old Drupal systems may report the fatal error "undefined function ereg()" due to the function's deprecation and removal. Simply replace it with preg_match() to solve the problem. ========== 1. Find the ereg() function. ereg($pattern, $subject, $matches); 2. Convert it to the preg_match() function as shown. preg_match( "/".$pattern."/" , $subject, $matches); ==========

Whenever errors are encountered, content management systems (CMS) like Drupal just stop working without displaying anything, commonly referred to as the "White Screen of Death" (WSOD). Applications that use CMS are usually accessible to the general public, so it is a security risk to allow such systems to always spit out error reports that may give attackers an idea of how a site is configured. An administrator with command-line access can simply look into the server logs to figure out what went wrong, but this may not always be the case in some shared-hosting services. Alternatively, the administrator can just enable the debugging feature of PHP to determine the error and copy the report, then disable it a few seconds later. The probability that attackers can gain any useful insight in that small time frame is very low. The following procedure shows how the PHP debugging feature can be enabled in Drupal temporarily. ========== 1. In the Drupal folder, open the file

The following procedure shows how to apply self-signed certificates to the Apache web server in Debian-based Linux distributions. After creating and installing  the TLS/SSL certificate/key pair, they can be utilized to  secure Debian-based Linux web services  with encryption during the development and testing process. It is important to keep in mind that self-signing may be deemed UNTRUSTWORTHY in a production environment. ========== 1. Go to the directory containing the Apache site configuration files. user@host: $ cd /etc/apache2/sites-available 2.  BACK UP the default HTTPS configuration file for the secure site. user@host: $ sudo cp default-ssl.conf default-ssl-conf.back 3. Open the default HTTPS configuration file. user@host: $ sudo nano default-ssl.conf 4. Find and modify the following Apache directives. # BEGIN CODE # ... SSLCertificateFile /etc/ssl/certs/myserver.crt # The self-signed certificate. SSLCertificateKeyFile /etc/ssl/private/myserver.key # Th

The need for TLS/SSL certificates may arise when developing server projects that need encryption, like the Apache web server on  Debian-based  or Red Hat-based Linux distributions, on the  FreeBSD  operating system, and the Home Assistant  home automation system. The following procedure shows how to create and install self-signed certificates, if acquiring them from a Certificate Authority (CA) is either too expensive or too complicated. It is important to keep in mind, however, that self-signing may be deemed UNTRUSTWORTHY in a production environment. ========== 1. Create the certificate and key. 1.1.  [OPTION A] One-step process, skipping the Certificate Signing Request (CSR). user@host: $  openssl req -new -x509 -days 36500 -nodes -keyout server.key -out server.crt 1.2.  [OPTION B] Separate CSR for submission to CAs, if planning to legitimize later on. 1.2.1. Generate keys for the CSR. user@host: $ openssl genrsa -des3 -out server.key 2048 1.2.2. Generate the C

Content management systems like Drupal require specific web server directives in order to work properly. The following steps enable Apache to recognize .htaccess files containing those specific web server directives. The steps outlined here require the use HTTPS for better security on both Debian-based Linux distributions and the FreeBSD operating system . ========== 1. DEBIAN-BASED LINUX DISTRIBUTIONS 1.1. Go to the directory containing the Apache site configuration files. user@host: $ cd /etc/apache2/sites-available 1.2.  BACK UP the default HTTPS configuration file for the secure site. user@host: $ sudo cp default-ssl.conf default-ssl-conf.back 1.3. Open the default HTTPS configuration file. user@host: $ sudo nano default-ssl.conf 1.4. Find the "DocumentRoot" section and add the "Directory" block marked "For Drupal" as follows. # BEGIN CODE <IfModule mod_ssl.c>         <VirtualHost _default_:443> # ...                 Do

Once HTTPS is enabled on the web server, remote users can be redirected to this secure protocol by automatically rewriting the URL. ========== 1. Enable the Rewrite module. user@host: $  sudo a2enmod rewrite 2. Change the current working directory to the Apache site configuration files. user@host: $ cd /etc/apache2/sites-available 3.  BACK UP the default HTTP configuration file for the non-secure site. user@host: $ sudo cp 000-default.conf 000-default-conf.back 4. Open the default HTTP configuration file. user@host: $ sudo nano 000-default.conf 5. Replace all contents in the default HTTP configuration with the following code. # BEGIN CODE RewriteEngine On # Enables directives for rewriting. RewriteCond %{HTTPS} !=on # Verifies that the connection is not yet in HTTPS. RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] # Redirects to the current location but in HTTPS. # END CODE 6. Restart the web server. user@host: $ sudo /etc/init.d

The following procedure activates HTTPS for the Apache web server in Debian-based Linux distributions. This secure protocol uses TLS/SSL certificates to encrypt the data transferred between the remote user and the web server. Sensitive information is protected from being captured by malicious actors using sniffing tools along the network route. ========== 1. Enable the SSL module. user@host: $ sudo a2enmod ssl 2. Enable the default configuration for the secure site. user@host: $ sudo a2ensite default-ssl.conf 3. Restart the web server. user@host: $ sudo /etc/init.d/apache2 restart 4. Test the secure site by accessing localhost with a simple browser. user@host: $ lynx https://localhost ==========

Uncomplicated Firewall (UFW) is a convenient command-line tool for handling Debian-based Linux firewall policies. The following procedure will set up UFW to block unauthorized remote access to any unsecured ports on the server. And if remote attackers do manage to break in through some authorized incoming ports, the outgoing restrictions will prevent unauthorized massive data exfiltration, stopping intruders dead in their tracks. A similar technique can be applied on the FreeBSD operating system using IPFW . ========== 1. STRICT CONFIGURATION 1.1. Update the package list and upgrade the existing packages. user@host: $ sudo apt-get update && sudo apt-get dist-upgrade -y 1.2. Install UFW. user@host: $ sudo apt-get install ufw 1.3. Check the firewall settings. The firewall is usually disabled by default. user@host: $ sudo ufw status verbose 1.4. Open the port for incoming SSH. This ensures that administrators will not be locked out of the server when the firewall is ena

If an existing Drupal 6 site encounters the Unicode library error "Multibyte string input conversion in PHP is active and must be disabled" after upgrading PHP, then the following steps may help resolve the issue. ========== 1. In the Drupal folder, open the file that handles the Drupal settings. sites/default/settings.php 2. Scroll to the bottom of the file and add the lines marked "After PHP upgrade" as follows. // BEGIN CODE // ... ini_set('mbstring.http_input', 'pass'); //After PHP upgrade ini_set('mbstring.http_output', 'pass'); //After PHP upgrade // END CODE 3. Save the file and reload the page. ==========

The following steps provide all directories and files in the www folder with the appropriate ownership and permissions to ensure smooth operation of the web server. This also prevents unauthorized users from viewing and modifying them. ========== 1. Change ownership of all items to user "root" and group "www-data". user@host: $  sudo chown -R root:www-data /var/www 2. Change permission modes to 750 for directories only. User "root" can (r)ead, (w)rite, and e(x)ecute directories. Users included in the group "www-data" can (r)ead and e(x)ecute but NOT write to directories. All other users are excluded. user@host: $  sudo find /var/www -type d -exec chmod 750 {} + 3. Change permission modes to 640 for files only. User "root" can (r)ead and (w)rite but NOT execute files. Users included in the group "www-data" can (r)ead but NEITHER write NOR execute files. All other users are excluded. user@host: $  sudo fi

After setting appropriate permissions and "www-data" ownership to files and directories in the www folder, authorized users can be added as needed to the "www-data" group to enable viewing and editing. Such users can then be removed when the tasks are done. ========== 1. Add a user to the "www-data" group. user@host: $ sudo usermod -a -G www-data username 2. Check if such user has been added to the group. user@host: $ groups username 3. The added user needs to log out and log in again for the changes to take effect. Alternatively, such user can log in to the new group in the current command-line session, without logging out the user account, using the following command. user@host: $  newgrp www-data 4. Remove a user from the "www-data" group. user@host: $ sudo gpasswd -d username www-data ==========

If users are unable to log into an existing Drupal 6 site after upgrading PHP, then the following steps may help resolve the issue. ========== 1. In the Drupal folder, open the file that handles the user sessions. includes/session.inc 2. Find the sess_regenerate() function and add the lines marked "After PHP upgrade" as follows. // BEGIN CODE /**  * Called when an anonymous user becomes authenticated or vice-versa.  */ function sess_regenerate() {   global $user; //After PHP upgrade   $old_session_id = session_id();   // ...   if (isset($_COOKIE[session_name()])) {     setcookie(session_name(), '', time() - 42000, '/');   }   $temp = $user; //After PHP upgrade   session_regenerate_id();   $user = $temp; //After PHP upgrade   db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); } // END CODE 3. Save the file, reload the page and log in. ==========

The following command-line procedure makes a database in MariaDB (previously MySQL) and populates it with content from a backup file. ========== user@host: $  mariadb -u root -p -h localhost MariaDB > CREATE DATABASE dbname; MariaDB > USE dbname; MariaDB > SELECT database(); -- Checks if the intended database is the one being used. MariaDB > SOURCE dirname/filename; -- Location of the backup file. MariaDB > SHOW tables; -- Verifies if the tables uploaded are from the backup file. MariaDB > GRANT ALL ON dbname.* TO 'username'@'localhost' IDENTIFIED BY 'password'; MariaDB > QUIT; ==========

An easy way to secure the MariaDB (previously MySQL) server is to run the secure setup script in the command-line. ========== user@host: $  sudo mysql_secure_installation Remove anonymous users? (Press y|Y for Yes, any other key for No) : y -- The anonymous user, intended only for testing, allows anyone to log into the database. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y -- Allowing remote root login enables guessing of password from the network. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y -- The test database, also intended for testing, can be accessed by anyone. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y -- Reloading privileges implements the changes immediately. ==========

Hide server details from potential online threats in a few easy steps. ========== 1. Open the Apache security configuration file. user@host: $ sudo nano /etc/apache2/conf-enabled/security.conf 2. Find and modify the following Apache directives. # BEGIN CODE # ... ServerTokens Prod # "Prod" reduces Apache info sent by the server in its HTTP response header. # ... ServerSignature Off # "Off" removes info on server, host, and port from error pages and other auto-generated docs. # ... # END CODE 3. List the PHP "x.y" versions available and open the configuration file of the appropriate version. user@host: $ ls -lha /etc/php user@host: $ sudo nano /etc/php/x.y/apache2/php.ini 4. Find and modify the following PHP config. ; BEGIN CODE ; ... expose_php = Off ; "Off" removes the PHP signature sent by the server in its HTTP response header. ; More info at https://php.net/expose-php ; ... ; END CODE 5. Restart the ser

1. GENERAL PROVISIONS By accessing or using this website or any of its contents, you hereby agree to these terms and conditions, and consent to be bound by it. If you do not agree, you should not access or use this website. The authors of this website reserve the right to change these terms and conditions at any time without prior notice. Your continuance in accessing or using this website signifies your acceptance and agreement with these terms and conditions. The authors of this website reserve the right to change its contents, and to restrict, withdraw, cancel, disconnect, deactivate, suspend or discontinue any or all of its contents without prior notice. 2. COPYRIGHT AND FAIR USE This website is operated as a free service for the public. Some materials contained herein, however, are protected by copyright. You must abide by all the copyright notices or restrictions set by their respective copyright holders accordingly. 2.1. ORIGINAL WORKS The use and distribution,