Hello XI Support
(also opening similar topic in LOG)
We have to upgrade PHP and Apache on XI (CentOS 6.9 / Nagios VM template) due to security vulnerabilities found in stock versions.
To which versions we could safely upgrade PHP and Apache on XI?
- How to do this safely?
Thank you
PHP and Apache compliance
Re: PHP and Apache compliance
The newest version on PHP that is supported on XI 5.4.13 is PHP version 5.6.xx as long as they come from the standard Centos6 or Redhat6 repositories.
There are issues with the PHP packages from other repositories so not all of them work.
If you do upgrade PHP from an earlier version, you will have to upgrade the SourceGuardian loader as well to match the PHP version and the following instructions are how to do that.
Create the sourcegrardian.ini file using vi by running the following
Put this line in it
Save the file and restart the following daemons
FYI, for the most part, a lot of the security issues have been back ported to the earlier versions of PHP so as long as they are updated, they should be patched.
There are issues with the PHP packages from other repositories so not all of them work.
If you do upgrade PHP from an earlier version, you will have to upgrade the SourceGuardian loader as well to match the PHP version and the following instructions are how to do that.
Code: Select all
cd /tmp
wget https://www.sourceguardian.com/loaders/download/loaders.linux-x86_64.zip
unzip loaders.linux-x86_64.zip
cp ixed.5.6.lin /usr/lib64/php/modules/Code: Select all
vi /etc/php.d/sourceguardian.iniCode: Select all
extension=ixed.5.6.linCode: Select all
service crond restart
service httpd restartFYI, for the most part, a lot of the security issues have been back ported to the earlier versions of PHP so as long as they are updated, they should be patched.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: PHP and Apache compliance
tgriep wrote:The newest version on PHP that is supported on XI 5.4.13 is PHP version 5.6.xx as long as they come from the standard Centos6 or Redhat6 repositories.
There are issues with the PHP packages from other repositories so not all of them work.
If you do upgrade PHP from an earlier version, you will have to upgrade the SourceGuardian loader as well to match the PHP version and the following instructions are how to do that.
Create the sourcegrardian.ini file using vi by running the followingCode: Select all
cd /tmp wget https://www.sourceguardian.com/loaders/download/loaders.linux-x86_64.zip unzip loaders.linux-x86_64.zip cp ixed.5.6.lin /usr/lib64/php/modules/Put this line in itCode: Select all
vi /etc/php.d/sourceguardian.iniSave the file and restart the following daemonsCode: Select all
extension=ixed.5.6.linCode: Select all
service crond restart service httpd restart
FYI, for the most part, a lot of the security issues have been back ported to the earlier versions of PHP so as long as they are updated, they should be patched.
The newest version of PHP is 7.x (not 5.x)
- this means there is no corporate complaince for Nagios products?
Our PHP and Apache are fully patched from CentOS repositories, still there are multiple vulnerabilities
Re: PHP and Apache compliance
If your requirements are to use PHP 7.x then you will have to wait for the next major release of XI where it will be supported.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: PHP and Apache compliance
tgriep wrote:If your requirements are to use PHP 7.x then you will have to wait for the next major release of XI where it will be supported.
Thank you, please close the case