PURPOSE

In some environments, security scanning software may indicate that versions of Apache and PHP shipped with Uptime Infrastructure Monitor may contain vulnerabilities.  Although a future version of Uptime Infrastructure Monitor will include updated versions of these applications, you may wish to manually update them using these instructions.

REQUIREMENTS

  • The following steps can be used to upgrade Apache and PHP for Uptime Infrastructure Monitor 7.7+.  
  • Only minor upgrades are supported
    • PHP can be upgraded to 5.4.x (not 5.5+)

INSTRUCTIONS

  1. stop Uptime Infrastructure Monitor web service

    /etc/init.d/uptime_httpd stop

  2. back up apache directory

    cd /usr/local/uptime
mv apache apache_orig

  3. download and install re2c (PHP dependency)

    cd /tmp
wget ftp://rpmfind.net/linux/dag/redhat/el6/en/x86_64/dag/RPMS/re2c-0.13.5-1.el6.rf.x86_64.rpm
rpm -ivh re2c-0.13.5-1.el6.rf.x86_64.rpm

  4. download and install install PCRE (Apache dependency)

    cd /tmp
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.bz2
tar xvfj pcre-8.39.tar.bz2
cd pcre-8.39
./configure
make 
make install

  5. install openssl devel package (Apache dependency), libxml, libxml2 devel package, mysql devel package (PHP dependency), and gcc (required for compiling)

    yum install openssl-devel mysql-devel libxml2 libxml2-devel gcc

  6. download and install Apache

    cd /tmp
wget http://apachemirror.ovidiudan.com//httpd/httpd-2.4.23.tar.bz2
tar xvfj httpd-2.4.23.tar.bz2
cd httpd-2.4.23/srclib
wget http://apache.mirror.gtcomm.net//apr/apr-1.5.2.tar.bz2
tar xvfj apr-1.5.2.tar.bz2
mv apr-1.5.2 apr
wget http://apache.mirror.gtcomm.net//apr/apr-util-1.5.4.tar.bz2
tar xvfj apr-util-1.5.4.tar.bz2
mv apr-util-1.5.4 apr-util
cd ..
./configure --prefix=/usr/local/uptime/apache --with-mpm=worker --enable-so --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-headers --enable-rewrite --enable-status --enable-info --enable-deflate --enable-mem-cache --enable-cache --enable-disk-cache --enable-expires --enable-mods-shared=all --enable-ssl --enable-cgi --enable-xsendfile
make 
make install

  7. download and install xsendfile Apache module

    cd /tmp
wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.bz2 --no-check-certificate
tar xvfj mod_xsendfile-0.12.tar.bz2
/usr/local/uptime/apache/bin/apxs -cia mod_xsendfile-0.12/mod_xsendfile.c

  8. download and install php

    wget http://ca2.php.net/get/php-5.4.45.tar.bz2/from/this/mirror 
tar xvfj php-5.4.45.tar.bz2
cd php-5.4.45
./configure --prefix=/usr/local/uptime/apache --with-apxs2=/usr/local/uptime/apache/bin/apxs --with-mysql --with-libdir=lib64
make 
make install

  9. move Uptime Infrastructure Monitor Apache config files into new Apache directory

    cd /usr/local/uptime
mv apache/conf apache/conf_orig
cp -R apache_orig/conf apache

  10. create tmp directory and set file ownerships

    mkdir apache/tmp
chown -R uptime:uptime apache

  11. (optional) if PHP packages are required, use pear; examples below

    cd apache/bin
./pear install MDB2
./pear install pear/MDB2#mysql

  12. start the Apache service and browse to the Uptime UI to verify the upgrade was successful

    /etc/init.d/uptime_httpd start
    1. in the Uptime UI, click the down arrow beside the Help button in the top right corner and select "About Uptime"
    2. Roughly in the middle of the page that pops up, you can verify the current version of  Apache, PHP, and OpenSSL

This completes the upgrade.

 

  • No labels