PURPOSE
In some environments, security scanning software may indicate that versions of Apache and PHP shipped with Uptime Infrastructure Monitor may contain vulnerabilities. Although a future version of Uptime Infrastructure Monitor will include updated versions of these applications, you may wish to manually update them using these instructions.
REQUIREMENTS
- The following steps can be used to upgrade Apache and PHP for Uptime Infrastructure Monitor 7.7+.
- Only minor upgrades are supported
- PHP can be upgraded to 5.4.x (not 5.5+)
INSTRUCTIONS
stop Uptime Infrastructure Monitor web service
/etc/init.d/uptime_httpd stop
back up apache directory
cd /usr/local/uptime mv apache apache_orig
download and install re2c (PHP dependency)
cd /tmp wget ftp://rpmfind.net/linux/dag/redhat/el6/en/x86_64/dag/RPMS/re2c-0.13.5-1.el6.rf.x86_64.rpm rpm -ivh re2c-0.13.5-1.el6.rf.x86_64.rpm
download and install install PCRE (Apache dependency)
cd /tmp wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.bz2 tar xvfj pcre-8.39.tar.bz2 cd pcre-8.39 ./configure make make install
install openssl devel package (Apache dependency), libxml, libxml2 devel package, mysql devel package (PHP dependency), and gcc (required for compiling)
yum install openssl-devel mysql-devel libxml2 libxml2-devel gcc
download and install Apache
cd /tmp wget http://apachemirror.ovidiudan.com//httpd/httpd-2.4.23.tar.bz2 tar xvfj httpd-2.4.23.tar.bz2 cd httpd-2.4.23/srclib wget http://apache.mirror.gtcomm.net//apr/apr-1.5.2.tar.bz2 tar xvfj apr-1.5.2.tar.bz2 mv apr-1.5.2 apr wget http://apache.mirror.gtcomm.net//apr/apr-util-1.5.4.tar.bz2 tar xvfj apr-util-1.5.4.tar.bz2 mv apr-util-1.5.4 apr-util cd .. ./configure --prefix=/usr/local/uptime/apache --with-mpm=worker --enable-so --enable-proxy --enable-proxy-connect --enable-proxy-ftp --enable-proxy-http --enable-headers --enable-rewrite --enable-status --enable-info --enable-deflate --enable-mem-cache --enable-cache --enable-disk-cache --enable-expires --enable-mods-shared=all --enable-ssl --enable-cgi --enable-xsendfile make make install
download and install xsendfile Apache module
cd /tmp wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.bz2 --no-check-certificate tar xvfj mod_xsendfile-0.12.tar.bz2 /usr/local/uptime/apache/bin/apxs -cia mod_xsendfile-0.12/mod_xsendfile.c
download and install php
wget http://ca2.php.net/get/php-5.4.45.tar.bz2/from/this/mirror tar xvfj php-5.4.45.tar.bz2 cd php-5.4.45 ./configure --prefix=/usr/local/uptime/apache --with-apxs2=/usr/local/uptime/apache/bin/apxs --with-mysql --with-libdir=lib64 make make install
move Uptime Infrastructure Monitor Apache config files into new Apache directory
cd /usr/local/uptime mv apache/conf apache/conf_orig cp -R apache_orig/conf apache
create tmp directory and set file ownerships
mkdir apache/tmp chown -R uptime:uptime apache
(optional) if PHP packages are required, use pear; examples below
cd apache/bin ./pear install MDB2 ./pear install pear/MDB2#mysql
start the Apache service and browse to the Uptime UI to verify the upgrade was successful
/etc/init.d/uptime_httpd start
- in the Uptime UI, click the down arrow beside the Help button in the top right corner and select "About Uptime"
- Roughly in the middle of the page that pops up, you can verify the current version of Apache, PHP, and OpenSSL
This completes the upgrade.