System Admin Simplified

Hide server details from potential online threats in a few easy steps. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 3. Find and uncomment the following Apache directive. # BEGIN CODE # ... Include etc/apache24/extra/httpd-default.conf # Default config for the Apache web server. # ... # END CODE 4. Open the Apache default settings configuration file. root@host: # ee /usr/local/etc/apache24/extra/httpd-default.conf 5. Find and modify the following Apache directives. # BEGIN CODE # ... ServerTokens Prod # "Prod" reduces Apache info sent by the server in its HTTP response header. # ... ServerSignature Off # "Off" removes info on server, host, and port from error pages and other auto-generated docs. # ... # END CODE 6. Open the PHP configuration file. root@host: # ee /usr/local/etc/ph...

The following procedure disables some caching features in Drupal 8 that prevent changes in the site from taking effect immediately. If  Drupal is chosen as the user interface , instances where its caching might be undesirable include (1) web-based Supervisory Control and Data Acquisition (SCADA) applications in engineering , and (2) real-time computational reports for scientific telemetry . ========== 1. In the Drupal folder, open the file that handles the Drupal settings. sites/default/settings.php 2. Scroll to the bottom of the file and add the lines marked "Drupal8" as follows. // BEGIN CODE // ... // Disable some Drupal caching. $settings['container_yamls'][] = DRUPAL_ROOT.'/sites/development.services.yml'; //Drupal8 $settings['cache']['bins']['render'] = 'cache.backend.null'; //Drupal8 $settings['cache']['bins']['dynamic_page_cache'] = 'cache.backend.null'; //Drupal8 // END...

If an existing Drupal 8 encounters the error "The provided host name is not valid for this server" when using a different domain name or IP address, then the following steps may help resolve the issue. ========== 1. In the Drupal folder, open the file that handles the Drupal settings. sites/default/settings.php 2. Find the "Trusted host configuration" section and add the lines marked "TRUSTED" as follows. // BEGIN CODE /**  * Trusted host configuration.  ...  */ $settings['trusted_host_patterns'] = [          '^localhost$', // TRUSTED loopback host name         '^localhost\:', // TRUSTED loopback port nums         '^127\.', // TRUSTED loopback IPv4 addresses          '^\[\:\:1\]', // TRUSTED loopback IPv6 address         '\.local$', // TRUSTED  mDNS  top-level domain name for  LAN          '\.local\:'...

After upgrading PHP, some scripts such as those used in old Drupal systems may report the fatal error "undefined function split()" due to the function's deprecation and removal. Simply replace it with preg_split() to solve the problem. ========== 1. Find the split() function. split($pattern, $subject); 2. Convert it to the preg_match() function as shown. preg_split( "/".$pattern."/" , $subject); ==========

After upgrading PHP, some scripts such as those used in old Drupal systems may report an error on preg_replace() that "the /e modifier is no longer supported" due to the modifier's deprecation and removal for being a security risk. Replace it with preg_replace_callback() to solve the problem. ========== 1. Find the preg_replace() function. preg_replace ("/".$pattern."/e", $replacement, $subject); 2. Convert it to the preg_replace_callback() function as shown. preg_replace_callback( "/".$pattern."/" ,         function ($args) { return nameOfCallback($args); } ,         $subject ); ==========

After upgrading PHP, some scripts such as those used in old Drupal systems may report the fatal error "undefined function ereg()" due to the function's deprecation and removal. Simply replace it with preg_match() to solve the problem. ========== 1. Find the ereg() function. ereg($pattern, $subject, $matches); 2. Convert it to the preg_match() function as shown. preg_match( "/".$pattern."/" , $subject, $matches); ==========

Whenever errors are encountered, content management systems (CMS) like Drupal just stop working without displaying anything, commonly referred to as the "White Screen of Death" (WSOD). Applications that use CMS are usually accessible to the general public, so it is a security risk to allow such systems to always spit out error reports that may give attackers an idea of how a site is configured. An administrator with command-line access can simply look into the server logs to figure out what went wrong, but this may not always be the case in some shared-hosting services. Alternatively, the administrator can just enable the debugging feature of PHP to determine the error and copy the report, then disable it a few seconds later. The probability that attackers can gain any useful insight in that small time frame is very low. The following procedure shows how the PHP debugging feature can be enabled in Drupal temporarily. ========== 1. In the Drupal folder, open the file ...

If an existing Drupal 6 site encounters the Unicode library error "Multibyte string input conversion in PHP is active and must be disabled" after upgrading PHP, then the following steps may help resolve the issue. ========== 1. In the Drupal folder, open the file that handles the Drupal settings. sites/default/settings.php 2. Scroll to the bottom of the file and add the lines marked "After PHP upgrade" as follows. // BEGIN CODE // ... ini_set('mbstring.http_input', 'pass'); //After PHP upgrade ini_set('mbstring.http_output', 'pass'); //After PHP upgrade // END CODE 3. Save the file and reload the page. ==========

If users are unable to log into an existing Drupal 6 site after upgrading PHP, then the following steps may help resolve the issue. ========== 1. In the Drupal folder, open the file that handles the user sessions. includes/session.inc 2. Find the sess_regenerate() function and add the lines marked "After PHP upgrade" as follows. // BEGIN CODE /**  * Called when an anonymous user becomes authenticated or vice-versa.  */ function sess_regenerate() {   global $user; //After PHP upgrade   $old_session_id = session_id();   // ...   if (isset($_COOKIE[session_name()])) {     setcookie(session_name(), '', time() - 42000, '/');   }   $temp = $user; //After PHP upgrade   session_regenerate_id();   $user = $temp; //After PHP upgrade   db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); } // END CODE 3. Save the file, reload the page and log in. =====...

Hide server details from potential online threats in a few easy steps. ========== 1. Open the Apache security configuration file. user@host: $ sudo nano /etc/apache2/conf-enabled/security.conf 2. Find and modify the following Apache directives. # BEGIN CODE # ... ServerTokens Prod # "Prod" reduces Apache info sent by the server in its HTTP response header. # ... ServerSignature Off # "Off" removes info on server, host, and port from error pages and other auto-generated docs. # ... # END CODE 3. List the PHP "x.y" versions available and open the configuration file of the appropriate version. user@host: $ ls -lha /etc/php user@host: $ sudo nano /etc/php/x.y/apache2/php.ini 4. Find and modify the following PHP config. ; BEGIN CODE ; ... expose_php = Off ; "Off" removes the PHP signature sent by the server in its HTTP response header. ; More info at https://php.net/expose-php ; ... ; END CODE 5. Restart the ser...