Nagios Support Forum

Hi,

Since PHP 5.4 is end of life our server has been condemned by our security team.

I can upgrade php to a higher version using webtatic repo but I would like to know how to upgrade the source guardian extensions say if we went to php 5.6.

Please treat this urgently.

Many Thanks
Arnab

You can certainly use the webtatic repo or Remi's, but this would be an unsupported setup. It's also worth mentioning that Red Hat is pretty prolific about tackling security issues in older PHP versions:
https://access.redhat.com/security/updates/backporting

Having said that, assuming all the correct PHP modules are installed and configured, you would just download and configure the SourceGuardian extension for PHP 5.6. Beyond that, there's probably a few PHP Pear packages you'll need to set up yourself. HTML_Template_IT comes to mind. We don't typically help set up custom PHP environments though as a matter of policy.

I've just completed this on all my XI & NLS servers. Vuln scanners will not leave you alone if you're using anything less than 5.6

The webtatic repo worked great for me. XI has many more PHP packages installed than NLS. Just check what packages you have installed (rpm -qa |grep php) and only remove the ones with 5.4.x versioning. There are some noarch packages which you'll need to leave.

Pull in the repo of your choice then make sure to install each package that you removed earlier. Just be sure to pull the right packages with the 5.6 naming (php56w-* for webtatic).

Once you restart apache, SourceGuardian will give you the link for ixed.5.6.lin, drop that in /usr/lib64/php/modules/ and update /etc/php.d/sourceguardian.ini to extension=ixed.5.6.lin

Should be good to go. I seem to think PHP 5.6 is a bit faster. No scientific measurements on that. YMMV.

vAJ wrote:I've just completed this on all my XI & NLS servers. Vuln scanners will not leave you alone if you're using anything less than 5.6

The webtatic repo worked great for me. XI has many more PHP packages installed than NLS. Just check what packages you have installed (rpm -qa |grep php) and only remove the ones with 5.4.x versioning. There are some noarch packages which you'll need to leave.

Pull in the repo of your choice then make sure to install each package that you removed earlier. Just be sure to pull the right packages with the 5.6 naming (php56w-* for webtatic).

Once you restart apache, SourceGuardian will give you the link for ixed.5.6.lin, drop that in /usr/lib64/php/modules/ and update /etc/php.d/sourceguardian.ini to extension=ixed.5.6.lin

Should be good to go. I seem to think PHP 5.6 is a bit faster. No scientific measurements on that. YMMV.

Thanks Andrew for this..any suggestions only openssl !! As you said "Vuln scanners will not leave you alone" its currently making my life pretty difficult at the moment!!

Any chance of XI supporting fedora , as it seems they are much better adopter for security patches

I doubt Fedora will be added in the future. It changes way too much to be able to support it due to the continual changes.