ServerBuddies Support Blog

Error: “PEAR: command not found”

If you build PHP with PEAR, and the script pear does not exist on your server, this is what happened:

At some point, /usr/local/bin/pear and/or /usr/bin/pear were manually removed.

The directories /usr/local/lib/php/.registry and/or /usr/lib/php/.registry exist.

During PHP’s make install, the existence of those .registry directories cause the PEAR shell archive to think PEAR is already installed, so it skips the remainder of the PEAR build. Therefore, the bin/ files are not rebuilt.

However, if you move or delete the .registry files so that the build will complete, you lose the data about PEAR modules installed on the system.

How to resolve this issue.

The best course of action is to download the PEAR tarball from http://pear.php.net/package/PEAR/download to obtain the bin/ that is missing on your server, and place it in the proper location on your system.

Reference : http://cpanel.net & http://pear.php.net/

More about phpextensionmgr

phpextensionmgr [options] [action] [extension]

Options:

–help Help message
–prefix Installation prefix for PHP (normally /usr/local or /usr/local/php4)

Actions:

install Install or update the extension
uninstall Uninstall the extension
status Display the installation status of the extension
list Show available extensions

How to list available extensions:

Cpanel php extensionmgr

EasyApache has the ability to install, uninstall, and update several popular PHP extensions as part of the build process. When EasyApache runs, it will automatically determine which extensions are active in the main php.ini file at /usr/local/lib/php.ini. Active extensions will automatically be selected in the EasyApache interface.

Rerunning EasyApache is not required in order to enable or disable the standard PHP extensions. cPanel now provides a tool called /scripts/phpextensionmgr that can also be used for the installation or removal of PHP extensions. For detailed information about this tool, run the following command:

Example: Install

Example: Uninstall

Reference : http://cpanel.net/

Run PHP as user instead of as the web server user nobody.

suPHP is a tool for executing PHP scripts with the permissions of their owners.

It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

You can run PHP as the user (like CGI scripts do with Apache’s suEXEC), with EasyApache’s PHP As User option. This will enable suPHP, greatly improving the permissions situation.

Vulnerable scripts will be limited to the user in question, and are less likely to affect other users. It also changes how PHP interacts with Apache; for example, directives like php_$value are not valid for mod_suphp.

mod_suphp is considerably slower than mod_php.

PHP runs as part of the web server so that, among other things, certain tasks can be done once and held in memory instead of repeated with each request. This helps to speed the server’s performance, and requires that PHP run as the web server’s user “nobody.”

Since that is the case, PHP and directory permissions generally need to be very loose, so PHP can manipulate things. This can allow any user to employ a PHP script to read and write other users’ data. At times, a flaw in PHP can even allow a PHP script to gain root access or take over data in requests on other users’ PHP scripts.

Reference : http://www.suphp.org/
: http://cpanel.net/

keep up with known vulnerabilities

keep up with known vulnerabilities. Here are some examples of sites that regularly post an updated list of isolated vulnerabilities:

http://www.hardened-php.net/advisories.15.html

http://www.milw0rm.com/

http://www.twitter.com/milw0rm

One of the most common methods an attacker will use is to use a search engine to isolate sites running content management systems with known security holes and using the known exploit to gain access to your system. Keeping a watchful eye on matters such as this is a very important task as system administrator.