背景描述:
最近集團在做安全掃描,掃出了http的漏洞,一看是監控nagios涉及到的httpd,于是就考慮将httpd更新到最新的版本,在更新的過程中,真是遇到了很多的坑,弄了2天終于搞定了,現在梳理下相應的錯誤處理過程及解決的方法。
環境資訊:
apache httpd版本:Apache/2.2.15
OS版本:Red Hat Enterprise Linux Server release 6.6 (Santiago)
httpd 2.2 更新到 2.4的過程【采用重新安裝一個最新版本,然後加載原配置的方法】:
1.下載下傳最新的httpd軟體包,此處用的軟體包版本
httpd-2.4.39.tar.gz
下載下傳位址:http://httpd.apache.org/download.cgi
2.将軟體上傳到伺服器上(注意使用root使用者上傳)
3.解壓,檢查環境配置
[root@hadoop1 softwares]# tar -zxf httpd-2.4.39.tar.gz
[root@hadoop1 softwares]# cd httpd-2.4.39
[root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39 有如下報錯資訊:
[root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
configure:
configure: Configuring Apache Portable Runtime library...
configure:
checking for APR... configure: WARNING: APR version 1.4.0 or later is required, found 1.3.9
configure: WARNING: skipped APR at apr-1-config, version not acceptable
no
configure: error: APR not found. Please read the documentation. 通過以上的報錯資訊知道,缺少apr的包,下載下傳apr相關的包
4.下載下傳apr對應軟體包,下載下傳以下2個包
5.将apr及apr-util的包解壓到httpd解壓之後的目錄中,放到srclib目錄下
[root@hadoop1 httpd-2.4.39]# pwd
/opt/softwares/httpd-2.4.39
[root@hadoop1 httpd-2.4.39]# ls
ABOUT_APACHE apache_probes.d BuildBin.dsp config.layout configure.in httpd.dsp INSTALL libhttpd.dsp Makefile.win os ROADMAP test
acinclude.m4 ap.d buildconf config.log docs httpd.mak InstallBin.dsp libhttpd.mak modules README server VERSIONING
Apache-apr2.dsw build CHANGES config.nice emacs-style httpd.spec LAYOUT LICENSE NOTICE README.cmake srclib
Apache.dsw BuildAll.dsp CMakeLists.txt configure httpd.dep include libhttpd.dep Makefile.in NWGNUmakefile README.platforms support
[root@hadoop1 httpd-2.4.39]# cd srclib/
[root@hadoop1 srclib]# ll
total 4
-rw-r--r-- 1 root dip 121 Feb 11 2005 Makefile.in 将apr及apr-util解壓到該目錄下
[root@hadoop1 softwares]# tar -zxf apr-1.7.0.tar.gz -C ./httpd-2.4.39/srclib/
[root@hadoop1 softwares]# tar -zxf apr-util-1.6.1.tar.gz -C ./httpd-2.4.39/srclib/
[root@hadoop1 softwares]# cd httpd-2.4.39/srclib/
[root@hadoop1 srclib]# ls
apr-1.7.0 apr-util-1.6.1 Makefile.in
[root@hadoop1 srclib]# mv apr-1.7.0/ apr
[root@hadoop1 srclib]# mv apr-util-1.6.1/ apr-util
[root@hadoop1 srclib]# ls
apr apr-util Makefile.in 6.重新檢查httpd的配置
[root@hadoop1 httpd-2.4.39]# ./configure --prefix=/usr/local/httpd-2.4.39 出現以下結果:
... ...省略
configure: summary of build options:
Server Version: 2.4.39
Install prefix: /usr/local/httpd-2.4.39
C compiler: gcc -std=gnu99
CFLAGS: -g -O2 -pthread
CPPFLAGS: -DLINUX -D_REENTRANT -D_GNU_SOURCE
LDFLAGS:
LIBS:
C preprocessor: gcc -E 以上提示,表示檢查配置沒有問題。
7.進行編譯,安裝
make 此處出現如下錯誤:
/apr-util/include -I/opt/softwares/httpd-2.4.39/srclib/apr-util/include/private -I/opt/softwares/httpd-2.4.39/srclib/apr/include -o xml/apr_xml.lo -c xml/apr_xml.c && touch xml/apr_xml.lo
xml/apr_xml.c:35:19: error: expat.h: No such file or directory
xml/apr_xml.c:66: error: expected specifier-qualifier-list before ‘XML_Parser’
xml/apr_xml.c: In function ‘cleanup_parser’:
xml/apr_xml.c:364: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:365: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c: At top level:
xml/apr_xml.c:384: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token
xml/apr_xml.c: In function ‘apr_xml_parser_create’:
xml/apr_xml.c:401: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:402: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:410: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:411: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:412: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:424: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:424: error: ‘default_handler’ undeclared (first use in this function)
xml/apr_xml.c:424: error: (Each undeclared identifier is reported only once
xml/apr_xml.c:424: error: for each function it appears in.)
xml/apr_xml.c: In function ‘do_parse’:
xml/apr_xml.c:434: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:438: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c:442: error: ‘apr_xml_parser’ has no member named ‘xp_err’
xml/apr_xml.c:442: error: ‘apr_xml_parser’ has no member named ‘xp’
xml/apr_xml.c: In function ‘apr_xml_parser_geterror’:
xml/apr_xml.c:500: error: ‘apr_xml_parser’ has no member named ‘xp_err’
xml/apr_xml.c:500: error: ‘apr_xml_parser’ has no member named ‘xp_err’
make[3]: *** [xml/apr_xml.lo] Error 1
make[3]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib/apr-util'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib/apr-util'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/opt/softwares/httpd-2.4.39/srclib'
make: *** [all-recursive] Error 1 解決方法,安裝expdat-devel包
[root@hadoop1 httpd-2.4.39]# yum install expat-devel
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package expat-devel.x86_64 0:2.0.1-13.el6_8 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================================================================
Installing:
expat-devel x86_64 2.0.1-13.el6_8 base 119 k
Transaction Summary
===============================================================================================================================================================================================
Install 1 Package(s)
Total download size: 119 k
Installed size: 476 k
Is this ok [y/N]: y
Downloading Packages:
expat-devel-2.0.1-13.el6_8.x86_64.rpm | 119 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : expat-devel-2.0.1-13.el6_8.x86_64 1/1
Verifying : expat-devel-2.0.1-13.el6_8.x86_64 1/1
Installed:
expat-devel.x86_64 0:2.0.1-13.el6_8
Complete!
再次進行編譯,出現以下資訊,表示編譯成功
... ... 省略
mod_rewrite.lo
make[4]: Leaving directory `/opt/softwares/httpd-2.4.39/modules/mappers'
make[3]: Leaving directory `/opt/softwares/httpd-2.4.39/modules/mappers'
make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/modules'
make[2]: Entering directory `/opt/softwares/httpd-2.4.39/support'
make[2]: Leaving directory `/opt/softwares/httpd-2.4.39/support'
make[1]: Leaving directory `/opt/softwares/httpd-2.4.39' 執行安裝
[root@hadoop1 httpd-2.4.39]# make install 8.建立配置檔案目錄conf.d,并且将原httpd配置檔案拷貝到新版本配置目錄下
[root@hadoop1 httpd-2.4.39]# cd /usr/local/httpd-2.4.39/
[root@hadoop1 httpd-2.4.39]# mkdir conf.d
[root@hadoop1 httpd-2.4.39]# ls -l
total 64
drwxr-xr-x 2 root root 4096 Jul 3 10:26 bin
drwxr-xr-x 2 root root 4096 Jul 3 10:26 build
drwxr-xr-x 2 root root 4096 Jul 3 10:26 cgi-bin
drwxr-xr-x 4 root root 4096 Jul 3 10:26 conf
drwxr-xr-x 2 root root 4096 Jul 3 10:27 conf.d
drwxr-xr-x 3 root root 4096 Jul 3 10:26 error
drwxr-sr-x 2 root root 4096 Mar 27 23:05 htdocs
drwxr-xr-x 3 root root 4096 Jul 3 10:26 icons
drwxr-xr-x 2 root root 4096 Jul 3 10:26 include
drwxr-xr-x 3 root root 4096 Jul 3 10:26 lib
drwxr-xr-x 2 root root 4096 Jul 3 10:26 logs
drwxr-xr-x 4 root root 4096 Jul 3 10:26 man
drwxr-sr-x 14 root root 12288 Mar 27 23:05 manual
drwxr-xr-x 2 root root 4096 Jul 3 10:26 modules
[root@hadoop1 httpd-2.4.39]# cd conf
[root@hadoop1 conf]# cp httpd.conf httpd.conf.bak
[root@hadoop1 conf]# cd ../conf.d/
[root@hadoop1 conf.d]# cp /etc/httpd/conf.d/nagios.conf . 9.關閉原有httpd服務,啟動新的服務
[root@hadoop1 httpd-2.4.39]# service httpd stop
Stopping httpd: [ OK ]
[root@hadoop1 httpd-2.4.39]# bin/apachectl -f conf/httpd.conf
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message 10.通過頁面進行通路最新的服務
發現無法通路,出現以下的錯誤:
就沒有這個nagios路徑,說明沒有加載到配置檔案,檢視發現沒有include,增加以下配置
include conf.d/*.conf 重新開機服務,再次重新整理頁面,變成是沒有權限通路了,如下:
檢視日志,報如下的錯誤:
以上資訊顯示沒有正常的生産索引,但是該目錄下php的檔案,應該能顯示才對,
檢查httpd中是否加載了php子產品,發現沒有php子產品
[root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep php
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message 然後又找了相應的解決方案,發現是需要單獨進行編譯,然後在httpd中配置子產品資訊
--1.上傳php包
[root@hadoop1 softwares]# ls -l php-7.3.6.tar.gz
-rw-r--r-- 1 root root 19449322 Jul 1 14:09 php-7.3.6.tar.gz --2.解壓,檢查配置,編譯
[root@hadoop1 softwares]# tar -zxf php-7.3.6.tar.gz
[root@hadoop1 softwares]# cd php-7.3.6
[root@hadoop1 php-7.3.6]# ./configure --prefix=/usr/local/php7 --with-apxs2=/usr/local/httpd-2.4.39/bin/apxs 發現有如下報錯:
Configuring extensions
checking for strings.h... (cached) yes
checking io.h usability... no
checking io.h presence... no
checking for io.h... no
checking for strtoll... yes
checking for atoll... yes
checking whether to enable LIBXML support... yes
checking libxml2 install dir... no
checking for xml2-config path...
checking for pkg-config... /usr/bin/pkg-config
configure: error: libxml2 not found. Please check your libxml2 installation. 安裝libxml2包
[root@hadoop1 php-7.3.6]# yum install -y libxml2 libxml2-devel 再次進行配置檢查,檢查通過
執行編譯
[root@hadoop1 php-7.3.6]# make && make install 編譯之後,在httpd目錄modules中生産php子產品檔案
[root@hadoop1 modules]# ls -l libphp7.so
-rwxr-xr-x 1 root root 35060633 Jul 3 11:42 libphp7.so --3.将php子產品加入到http配置中
LoadModule php7_module modules/libphp7.so 檢查配置是否加載
[root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep php
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message
php7_module (shared) 顯示,已經加載了。在實驗中發下,子產品資訊,在php make install之後會自動将配置加載到httpd.conf檔案中,并且動态加載。
再次通過頁面進行通路
仍然通路不了,報了相同的錯誤。
繼續修改httpd.conf,支援php
AddType application/x-httpd-php .php
<IfModule dir_module>
DirectoryIndex index.html index.php index.htm
</IfModule> 重新啟動http服務,再次通路頁面
首頁是可以通路的了,但是點選其他的頁面,就是下載下傳cgi檔案,無法執行
檢視是否有cgi子產品
[root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep cgi
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message 無該子產品,繼續修改httpd配置檔案開啟cgi子產品支援
LoadModule cgid_module modules/mod_cgid.so 取消注釋之後,再次檢查,已經加載,無需重新開機
[root@hadoop1 httpd-2.4.39]# bin/apachectl -t -D DUMP_MODULES | grep cgi
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.30.10. Set the 'ServerName' directive globally to suppress this message
cgid_module (shared) 經過驗證,需要重新開機,才能生效,再次通路頁面
正常,可以通路。更新完成。
另外,在更新中如果遇到以下報錯:
[Mon Jul 01 12:27:38.516704 2019] [core:error] [pid 7454:tid 139726203901696] (13)Permission denied: [client 10.253.7.100:59831] AH00035: access to /nagios/ denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path
[Mon Jul 01 12:27:45.786697 2019] [core:error] [pid 7454:tid 139726172432128] (13)Permission denied: [client 10.191.36.37:33553] AH00035: access to / denied (filesystem path '/mnt/aiprd/app') because search permissions are missing on a component of the path 解決:
修改cgisocket檔案路徑,顯示給個路徑:
ScriptSock /var/run/cgid.sock
原因:主要還是安全的問題考慮,2.4之後對安全有很多的考慮。相關問題可以參考下http的安全提示:
Security Tips - Apache HTTP Server Version 2.4
文檔建立時間:2019年7月3日12:40:52
特别提醒:
如果你想知道,如何輕松學習技術、快速賺取現金、鈔票的秘訣,
讓你的技術實作超高的收益,
讓你的技術獲得的收益是身邊朋友、周圍同僚的3倍、5倍。
請立即添加微信:13240133388