Category: "LAMP"
![](https://web-notes.wirehopper.com/media/users/mushrooms/profile_pictures/.evocache/bb.jpg/crop-64x64.jpg?mtime=1692585013)
Ibexa 4.6 on Rocky 9 - PHP packages
Jul 13th
Apologies for the short post. I had trouble with GD - the issue was that I had php-gd instead of php82-gd
php82-8.2-5.el9.remi.x86_64
php82-php-8.2.21-1.el9.remi.x86_64
php82-php-cli-8.2.21-1.el9.remi.x86_64
php82-php-common-8.2.21-1.el9.remi.x86_64
php82-php-fpm-8.2.21-1.el9.remi.x86_64
php82-php-gd-8.2.21-1.el9.remi.x86_64
php82-php-intl-8.2.21-1.el9.remi.x86_64
php82-php-mbstring-8.2.21-1.el9.remi.x86_64
php82-php-mysqlnd-8.2.21-1.el9.remi.x86_64
php82-php-opcache-8.2.21-1.el9.remi.x86_64
php82-php-pdo-8.2.21-1.el9.remi.x86_64
php82-php-sodium-8.2.21-1.el9.remi.x86_64
php82-php-xml-8.2.21-1.el9.remi.x86_64
php82-runtime-8.2-5.el9.remi.x86_64
Error messages:
[2024-07-13T20:46:04.111489+00:00] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Validator\Exception\LogicException: "Corrupted images detection requires installed and enabled GD extension."
[2024-07-13T21:54:31.829868+00:00] request.CRITICAL: Gd driver not installed {"exception":"[object] (Imagine\\Exception\\NotSupportedException(code: 0): Gd driver not installed
![](https://web-notes.wirehopper.com/media/users/mushrooms/profile_pictures/.evocache/bb.jpg/crop-64x64.jpg?mtime=1692585013)
Rocky Linux 9 - wkhtmltopdf
Jul 7th
I kept getting a divide by zero error (Signal 8) with wkhtmltopdf under Rocky Linux
RPM in use: wkhtmltox-0.12.6.1-2.almalinux9.x86_64.rpm (credit to: https://forums.rockylinux.org/t/need-to-install-wkhtmltopdf-for-rocky-linux-9-how/6758/2)
This was running under Ibexa, with Symfony.
I stripped it down to test with the output of the application on the command line and isolated the issue to a <link> tag for Bootstrap 4.3 by commenting out tags until I found which one was causing the issue.
I don't care what the issue was - upgrading Bootstrap to 4.6 worked
I hope this helps someone - it was frustrating.
![](https://web-notes.wirehopper.com/media/users/mushrooms/profile_pictures/.evocache/bb.jpg/crop-64x64.jpg?mtime=1692585013)
Who is trying to log into my SSH?
Dec 17th
Who is trying to log into my SSH?
grep -i 'from invalid user' secure | sed "s/.* invalid user \([^ ]\+ [^ ]\+\) port .*/\1/i" | cut -f1 -d' ' | sort -u
and where are they coming from?
grep -i 'from invalid user' secure | sed "s/.* invalid user \([^ ]\+ [^ ]\+\) port .*/\1/i" | cut -f2 -d' ' | sort -u
![](https://web-notes.wirehopper.com/media/users/mushrooms/profile_pictures/.evocache/bb.jpg/crop-64x64.jpg?mtime=1692585013)
CentOS 7 - Fail2Ban with Apache ModSecurity
Oct 16th
One of the tools I am using to secure a server is Fail2ban. It was working well for SSH and I wanted to extend it to provide more protection for Apache.
I installed it and enabled it.
jail.d/apache-modsecurity.conf
[apache-modsecurity]
enabled = true
backend = auto
port = http,https
filter = apache-modsecurity
logpath = %(apache_error_log)s
bantime = 19200
maxretry = 2
findtime = 3600
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
filter.d/apache-modsecurity.conf
# Fail2Ban apache-modsec filter
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# apache-common.local
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s(?: \[client [\d\.:]+\])? ModSecurity:\s+(?:\[(?:\w+ \"[^\"]*\"|[^\]]*\]\s*)*Access denied with code [45]\d\d (?:.*)$
ignoreregex =
# https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats
# Author: Daniel Black
# Sergey G. Brester aka sebres (review, optimization)
Helpful commands
- firewall-cmd --permanent --zone=public --add-service=http - allow HTTP through (add https as well)
- fail2ban-client reload apache-modsecurity - reload the Apache ModSecurity configuration
- fail2ban-client status apache-modsecurity - check the status of Apache ModSecurity configuration
- fail2ban-client get apache-modsecurity failregex - get the regex which will cause fail2ban to ban entries (if maxretries)
- fail2ban-regex /var/log/httpd/error_log '^\[\]\s\[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client (?:\[?(?:(?:::f{4,6}:)?(?P
(?:\d{1,3}\.){3}\d{1,3})|(?P (?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)))\]?|(?P [\w\-.^_]*\w))(:\d{1,5})?\](?: \[client [\d\.:]+\])? ModSecurity:\s+(?:\[(?:\w+ \"[^\"]*\"|[^\]]*)\]\s*)*Access denied with code [45]\d\d (?:.*)$' - check the regex - h-rules | grep http - list the current http (and https) - there's probably a better way to do this
![](https://web-notes.wirehopper.com/media/users/mushrooms/profile_pictures/.evocache/bb.jpg/crop-64x64.jpg?mtime=1692585013)
Find the PHP session files that are older than 24 minutes
Jul 21st
sudo find /var/lib/php/session -mmin +24 -type f -exec ls -l {} \;
Yes, that's the whole post