Server Monitoring Tools

Your web and mobile applications are expected run flawlessly round the clock. To make sure they run as expected you need server monitoring tools to watch your servers and applications. Also, you need people and process in place to address alerts from these tools any time of the day or week.

Open source tools are sometimes too basic to monitor a system on which a business relies. On the other hand, they can be useful toolkits that a development team can use to build exactly the type of monitoring tool they need. Of course, that team would have to have one or more members willing to manage and maintain the monitoring system they build.

Continue reading…

IBM’s New Data Transfer Device Overcomes Cloud Migration Hurdles

ibm

One of the barriers for enterprises storing data in the cloud is data migration, a process that has traditionally been slow and costly, hindered by network limitations. IBM wants to remove this barrier for its customers with a new cloud migration solution designed for moving massive amounts of data to the cloud.

IBM Cloud Mass Data Migration is a shippable storage device, which offers 120 TB and uses AES 256-bit encryption. The device also uses RAID-6 to ensure data integrity and is shock-proof. The device is flat-rate and includes overnight round-trip shipping.

Continue reading…

GhostHook: A Kernel-Level Threat in 64-Bit Windows Systems

ghosthook

GhostHook is a new attack technique which allow hackers to bypass kernel protections of Windows 10 PatchGuard and plant rootkits within systems. PatchGuard is a software tool that has been designed to forbid the kernel of 64-bit versions of Windows operating systems from being patched, preventing attackers from executing malicious code or running rootkits at the kernel level.

According to the researchers at CyberArk, GhostHook is neither an elevation nor an exploitation technique but a post-exploitation attack where the attacker has control over the compromised system. It provides the hacker with the ability to hook almost any piece of code running on the system.

How does GhostHook work?

The GhostHook target only those systems that running Intel PT (Processor Trace), which are designed to provide support in debugging operations and hunting malicious code.

The attacker makes use of a hacking exploit or malware first to compromise a target machine and then deploy GhostHook. Once compromised, the attacker can install a rootkit in the machine’s kernel, which would be completely undetectable to 3rd party anti-virus and security products and invisible to Microsoft’s PatchGuard itself.

Is there a patch for this?

CyberArk researchers believes that the GhostHook may be extremely difficult for Microsoft to patch, as the technique uses hardware to gain control of critical kernel structures. According to Microsoft, this technique involved hackers present on an already compromised system, it would not treat it as a security flaw.

“The engineering team has finished their analysis of this report and determined that it requires the attacker already be running kernel code on the system. As such, this doesn’t meet the bar for servicing in a security update however it may be addressed in a future version of Windows.”   – Microsoft

Microsoft has not yet discovered a patch for this, but told that they may address in a future version of Windows.

 

PHP-7 for EasyApache3

850_c37ba64941e8a0a2b41ac71074cbbbbb

The latest versions of cPanel come with EasyApache 4 which provides a lot of new features like PHP 7 support, native support for multiple PHP versions, etc. So it is recommended to migrate to EasyApache 4 to utilize these features. However, if you cannot migrate EasyApache 4 due to some reason (Example: Tomcat support), you will have to compile the PHP 7 manually from source to use it with EasyApache3.

PHP7 manual installation

Note: The PHP handler should be SuPHP to get this working.

1. Download the required PHP-7 distribution Go to php.net site to find the latest version.
2. Unpack the downloaded file.
3. Now build it.

In order to compile PHP from source, you should provide the ./configure options and choose which modules do you want to install.

For example,

# ./configure –enable-bcmath –with-bz2 –enable-calendar –with-curl –enable-exif –enable-ftp –with-gd –with-jpeg-dir –with-png-dir –enable-gd-native-ttf –with-imap –with-imap-ssl –with-kerberos –enable-mbstring –with-mcrypt –with-mhash –with-mysql –with-mysqli –with-openssl –with-pdo-mysql –with-zlib-dir –with-regex –enable-sockets –with-xmlrpc –enable-zip –with-zlib –enable-mbregex –enable-fpm –prefix=/usr/local/php

The above command will enable basic extensions like ftp, GD, ftp, IMAP, PDO, MySQL etc

Then execute the below commands:

# make
# make install

4. After compiling from source, copy the default PHP configuration file to the installation directory.
5. Verify the installation:

# /usr/local/php70/bin/php -v
PHP 7.0.22 (cli) (built: Aug 5 2017 01:56:23) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.22, Copyright (c) 1999-2017, by Zend Technologies

6. Now link our new PHP 7 installation with Apache web server by generating a new PHP config for PHP7 and adding handler to SuPHP.
7. Add our custom PHP configuration file to EasyApache list so that the changes will not be lost future in EasyApache builds.
8. Restart Apache.

You are done!

In order to configure your website to use PHP7, add the following code to the .htaccess file located within the site’s document root.

AddType application/x-httpd-php7 .php7 .php

Do note that the PHP handler should be SuPHP for the above steps to work.