Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

PHP and Apache compliance

https://support.nagios.com/forum/viewtopic.php?t=48450

Page 1 of 1

PHP and Apache compliance

Posted: Thu May 03, 2018 5:05 am
by dlukinski
Hello XI Support

(also opening similar topic in LOG)

We have to upgrade PHP and Apache on XI (CentOS 6.9 / Nagios VM template) due to security vulnerabilities found in stock versions.
To which versions we could safely upgrade PHP and Apache on XI?
- How to do this safely?

Thank you

Re: PHP and Apache compliance

Posted: Thu May 03, 2018 1:13 pm
by tgriep
The newest version on PHP that is supported on XI 5.4.13 is PHP version 5.6.xx as long as they come from the standard Centos6 or Redhat6 repositories.
There are issues with the PHP packages from other repositories so not all of them work.

If you do upgrade PHP from an earlier version, you will have to upgrade the SourceGuardian loader as well to match the PHP version and the following instructions are how to do that.

Code: Select all

cd /tmp
wget https://www.sourceguardian.com/loaders/download/loaders.linux-x86_64.zip
unzip loaders.linux-x86_64.zip
cp ixed.5.6.lin /usr/lib64/php/modules/
Create the sourcegrardian.ini file using vi by running the following

Code: Select all

vi /etc/php.d/sourceguardian.ini
Put this line in it

Code: Select all

extension=ixed.5.6.lin
Save the file and restart the following daemons

Code: Select all

service crond restart
service httpd restart

FYI, for the most part, a lot of the security issues have been back ported to the earlier versions of PHP so as long as they are updated, they should be patched.

Re: PHP and Apache compliance

Posted: Fri May 04, 2018 9:00 am
by dlukinski
tgriep wrote:The newest version on PHP that is supported on XI 5.4.13 is PHP version 5.6.xx as long as they come from the standard Centos6 or Redhat6 repositories.
There are issues with the PHP packages from other repositories so not all of them work.

If you do upgrade PHP from an earlier version, you will have to upgrade the SourceGuardian loader as well to match the PHP version and the following instructions are how to do that.

Code: Select all

cd /tmp
wget https://www.sourceguardian.com/loaders/download/loaders.linux-x86_64.zip
unzip loaders.linux-x86_64.zip
cp ixed.5.6.lin /usr/lib64/php/modules/
Create the sourcegrardian.ini file using vi by running the following

Code: Select all

vi /etc/php.d/sourceguardian.ini
Put this line in it

Code: Select all

extension=ixed.5.6.lin
Save the file and restart the following daemons

Code: Select all

service crond restart
service httpd restart

FYI, for the most part, a lot of the security issues have been back ported to the earlier versions of PHP so as long as they are updated, they should be patched.

The newest version of PHP is 7.x (not 5.x)
- this means there is no corporate complaince for Nagios products?

Our PHP and Apache are fully patched from CentOS repositories, still there are multiple vulnerabilities

Re: PHP and Apache compliance

Posted: Fri May 04, 2018 9:32 am
by tgriep
If your requirements are to use PHP 7.x then you will have to wait for the next major release of XI where it will be supported.

Re: PHP and Apache compliance

Posted: Fri May 11, 2018 10:54 am
by dlukinski
tgriep wrote:If your requirements are to use PHP 7.x then you will have to wait for the next major release of XI where it will be supported.

Thank you, please close the case
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited