Out of memory during PHP scripts run-time ?

Facing the following error when running any PHP scripts ?

PHP Fatal error: Out of memory (allocated xxxxx, tried to allocate xxxx bytes)

Tried increasing the memory limit from php.ini file and still getting the above error ?

Initially, we might think this issue is with the memory limit factor
seen in php.ini file. But if we analyze the error we get we can see that the issue is not directly related with the PHP configuration settings.

Usually, when a PHP script does not have enough memory to execute itself, the error message seen would indicate the amount of memory exhausted, something like :

=========
Fatal error: Allowed memory size of xxxx bytes exhausted (tried to allocate xxxxxx bytes)
=========

When we analyse things further, we can see that the real issue lies within the Apache configuration. Apache have memory limits of its own set in the configuration files. This value is referred to as ‘RLimitMEM’

Explanation of RLimitMEM from the official documentation of Apache :

RLimitMEM Directive

It sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. It indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.

This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs. Memory resource limits are expressed in bytes per process.

-> So, increase this value/limit from your httpd configuration file, to get around the issue.

Install Ubuntu inside Windows.

Ubuntu Logo

Ubuntu is the most popular Debian-based desktop Linux distribution with Unity as its default desktop environment. So today we’re going to see how to install Ubuntu inside Windows.

Dual boot the easiest way

Multi-booting is the act of installing multiple operating systems on a computer and being able to choose which one to boot when starting the computer. Dual-booting refers to the common configuration of specifically two operating systems on the same machine.

Windows can stay on your computer, when you install Ubuntu! It’s handy to turn your computer into a dual-boot machine. That way you can choose each time you turn on your computer, what operating system you want to boot: Ubuntu or Windows.

Dual Boot Windows 8 and Ubuntu
Dual Boot Windows 8 and Ubuntu

You can do this either by using a separate partition for Ubuntu or it’s also possible to install Ubuntu within Windows, basically as an application. This is done with an installer called Wubi (Windows-based Ubuntu Installer). I advise against this method, because it’s technically inferior to a normal dual-boot on a separate partition on the hard disk but this one is easy for the noobs as you will not harm anything on your computer.

With a Wubi installation of Ubuntu, you have lesser performance, dependence on Windows and its boot loader, less reliable file recovery and some security issues. In short: a separate partition for Ubuntu is much better.

Now a word about the Wubi.

Wubi (Windows-based Ubuntu Installer) is an official Windows-based free software installer for Ubuntu, which installs the software on an existing Windows partition, thus without need for partitioning. Wubi is an officially supported installer for Windows XP, Vista and 7 users that allows Ubuntu to be installed and uninstalled in a safe, easy way as with any other Windows application. Wubi was born as an independent project and as such versions 7.04 and 7.10 were unofficial releases. Since 8.04 the code has been merged within Ubuntu and  can be found in the Ubuntu Live CD. It was removed in 13.04. The project’s aim is to enable existing Windows users, unacquainted with Linux, to try Ubuntu without risking any data loss due to disk formatting or partitioning mistakes. It can also safely uninstall Ubuntu from within Windows through Uninstall a Program in Control Panel. It is not a virtual machine, but creates a stand-alone installation within a loopmounted device, also known as a disk image, like Topologilinux does. It is not a Linux distribution of its own, but rather an installer for Ubuntu.

Windows 7, Vista, XP, and 2000 are known to work with Wubi. Windows 98 should also work, but has not been thoroughly tested. Windows ME is not supported. Linux is supported through Lubi (Linux-based Ubuntu Installer).

So What about Windows 8?

At this time, Wubi does not work with Windows 8 default boot-loader.  You would be able to install, but not reboot into Ubuntu. If you have upgraded to Windows 8 and still using BIOS firmware, Wubi does work, but do not enable hybrid-sleep on Windows 8.

The WUBI installer is on the 14.04 ISO and works with windows up to 7. It works O.K. for all defined flavours i386/amd64 builds in BIOS mode. Windows 8 and Windows ME are not supported by WUBI. It is shipped on the CD to primarily function as a “cd autolauncher” for people who pop the cd into a Windows machine, at that time it says “You need to reboot, to try ubuntu! [reboot now]” or some such.

Wubi Normal autorun
Wubi Normal Autorun

Officially it is still supported – to be precise, it has 3 more years of support, and wubi has not yet been removed from any isos and is present to download for all releases and is present on all released .isos. (14.04 , 13.04, 13.10, 12.04  and 12.10 point releases)

The Easy installation Part

You can download the latest version of Ubuntu from Ubuntu Download Section.

You can either burn the iso to a CD/DVD or mount it on a virtual drive or just unzip the contents to a folder location and use it in the method below to force Wubi to install Ubuntu inside Windows.

For 14.04 they have simply restricted wubi.exe to not offer the option to install, which you can bypass with a command-line option e.g. if your CD drive is H: you can go to a command line and run:

H:\wubi.exe --force-wubi

Command Prompt Wubi Force
Command Prompt Wubi Force

Now the Wubi will run in forced mode so that you can install Ubuntu inside windows.

Wubi Forced mode
Wubi Forced mode

Click on Install inside Windows button and select the drive to which Ubuntu should be installed and installation size for Ubuntu. Select other options as you need, then click Install.

Wubi installation
Wubi installation

After copying necessary files and taking necessary actions Wubi will prompt you to restart windows. Click Finish and restart the system which will take you to the complete installation of Ubuntu. Connect internet if you want updates to be installed during OS installation. After successful installation the system will auto restart. Voila!!! Now during  boot time you will be presented with the Dual-Boot OS selection screen. Select Ubuntu from it and you will be booted into Ubuntu.

Ubuntu Desktop 14.04 "Trusty Tahr" with Unity 7.2
Ubuntu Desktop 14.04 “Trusty Tahr” with Unity 7.2

So happy installation Folks.

Error when flashing Samsung Note 2 with CyanogenMod?

CyanogenMod

When trying to flash your phone with CyanogenMod are you facing this error :

Error executing updater binary in zip (path to zip)

I got this error when trying to flash my Samsung Note 2 n7100 with Cyano 11. Was trying this on TWRP 2.6 recovery tool. I wasn’t able to flash successfully neither was able to get out of the bootloop.

It was some issue with TWRP, as it was not able to execute the binaries in the downloaded image.

If you receive this error, try flashing using ClockworkMod recovery tool. Using Odin, you can flash in ClockworkMod to your device, just like how you did it for TWRP.

Once your phone is connected via USB, run Odin as administrator and select the PDA archive and give the path to CWM file which you have downloaded.

odin-menu

 

Find this link useful to download CWM for note 2 :

http://downloadandroidrom.com/file/GalaxyNote2/CWM/Note2-CWM-6.0.4.3-GT-N7100.tar

Once the archive is selected click on start and wait till the installation is complete. Now you will be able to boot into CWM recovery instead of TWRP and you can flash CyanogenMod without any issues.

joee

🙂

Mount an NTFS partition on CentOS !

Whenever you try to access an NTFS partition in CentOS/RHEL for the first time, you might get the following message ( as of now ) :

Filesystem driver is not installed

To get over this, you might want to install the ntfs driver for the partitions to mount up.

If you are on a centOS box, give in the following :

# yum install fuse-ntfs-3g 

( You might need an  rpmforge repo for ^  package to be installed )

 
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6 1.el5.rf.i386.rpm (select the repo file for the correct system architecture )

# rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Once the repo is installed, install the driver using yum.

CyanogenMod 11.0 M7 based on Android 4.4.2 Released for supported devices

CyanogenMod

CyanogenMod, the popular open source OS for smartphones and tablet computers, based on the Android mobile platform is out with yet another milestone release. CyanogenMod pushes newer releases on a nightly, milestone, and “stable version” schedule.

CyanogenMod
CyanogenMod

CyanogenMod Team has started pushing the latest milestone release CyanogenMod 11.0 M7 to the download servers for the general public. The latest version of the CyanogenMod is based on Android 4.4.2 KitKat and is now available for download for all compatible devices.According to the team, the new release runs on Android 4.4.2 and the 4.4.3 based milestone release M8 will come sometime in July because the android 4.4.3 KitKat source was release only a week back and they didn’t want to rush it in the stable release. But the 4.4.3 source has been merged into CM for nightlies. You can try the CyanogenMod nightly builds if you’re interested in getting your hand on Android 4.4.3 right away.

In terms of the changes, the M7 builds include an overhaul of the theme chooser, revamped calculator app, improved performance on low memory devices, and many more. The team has also revealed the changelog for CyanogenMod 11.0 M7 which includes:

  • Common: Theme Chooser UI Overhaul
  • Common: Calculator app redesign
  • Common: Performance Profiles
  • Common: Improved theming performance on low memory devices (~512MB RAM or less)
  • Trebuchet: Move settings to new slide-out panel
  • Trebuchet: Consolidate settings for home and drawer options
  • Media: Add FFMPEG support (expanded media format support)
  • Bluetooth: Improved support for new car audio systems and docks
  • Various small bugfixes, global and device-specific

With the latest build, Cyanogen has announced support for new devices that include the HTC One M8, Samsung Galaxy Tab Pro 8.4 (mondrianwifi), Galaxy Note 8.0 LTE (n5120) and LG G2 Docomo (l01f).The CM Team also mentioned that the non-device specific code was branched on May 22nd and Device specific code was branched on May 31st. The team has also tipped those who jump between nightlies and M releases to pay attention to the May 22nd branch point.

Updated builds can be grabbed from CM Updater on your CM running device as an over-the-air update or directly from CyanogenMod website for manual flashing. CM 11.0 M7 is available for around 40 devices and is the most stable AOSP (Android Open Source Project) fork available.

So Happy flashing guys!

Source : CyanogenMod Blog

Securing your SSH server !

SSH is the most powerful tool with which you can access your server. As Uncle Ben says in Spiderman —

Remember, with great power, comes great responsibility.

If your service is not hardened, it can be exploited to a level directly proportional to the power of SSH. Let us now consider some of the ways in which you can secure/harden your SSH server.

–> Use  key based authentication instead of passwords. There are a lot of botnets trying brute force attacks against your SSH server. Using a password authentication system at the first place, gives them more opportunities. If you use password authentication system, it would mean any machine can connect to your server, if they are aware/have successfully brute forced the password. On the other hand, if you use public/private key based authentication system, not every machine around the world can get in access. Only the ones for which the private/public key pairs match can get-in. And brute-forcing such a system is currently impossible.

To set up key-based authentication, follow the steps given below :

ClientMachine # ssh-keygen

Generate a passphrase-protected SSH key 

ssh-keygen

 

Once this is complete, the private key gets stored to /root/.ssh/id_rsa and public key to /root/.ssh/id_rsa.pub.

Now you need to copy paste the contents of /root/.ssh/id_rsa.pub to your server or transfer this to your server. You can transfer this using :

# ssh-copy-id SERVERIP ( will prompt for root password as well )

or copy paste the contents of /root/.ssh/id_rsa.pub ( from ClientMachine) to the file /root/.ssh/authorized_keys found in the server.

Once this is complete, open your SSH configuration file ( /etc/ssh/sshd_config ) and give-in the below line and restart the service :

PasswordAuthentication no ( If its already commented, uncomment and make sure the argument passed is ‘no’

Now you can SSH from your ClientMachine without passing any passwords ( you might have to type your passphrase if it was given )

–> For a server with user’s around the world having to SSH in and the machines which they use are subject to changes, key based authentication can become a real headache.

Even when we are using Password based authentication, we can make it more secure. Disabling root login can be a big plus-point. Most of the brute force attacks are carried out with the username as ‘root’ in perpective. We can change that root user to be able to login, allow a system user and then sudo in to get the root privilages.

$  First create a system user for this purpose ( Ingnore this step if you already have one user in mind )

# adduser newusername
# passwd newusername

$ Now, we want to edit the sudo rights and grant administrative privilages to this user.

# visudo or # vi /etc/sudoers

Add the username which we just created, below the space

## Allow root to run any commands anywhere
root ALL=(ALL) ALL

root-etcsudo

 

After adding, it would look like :

newusername

 

Now save and close this file. Go to your ssh configuration file and give the setting :

PermitRootLogin no

This will make sure, root login is disabled and you can SSH as the newusercreated, then sudo in to get as root

newuser

 

–> You can also consider about changing the custom SSH port from 22 to any other.

–> If you have multiple IP’s, you can think about binding SSH server to just one IP.

^ These 2 options can be found from /etc/ssh/sshd_config file

portsip

–> If you have a defined networking environment, you can provide the range of IPs which can access the SSH service and deny all others. This can be done using TCP_Wrapper. Using the files /etc/hosts.deny and /etc/hosts.allow

=====================

/etc/hosts.deny
sshd:  ALL

/etc/hosts.allow
sshd: Trusted IPs/subnet

=====================

So, try these methods out !

Issue with parsing of PHP pages !

Are you facing the scenario in which the PHP page is getting downloaded to your local machine, instead of showing it ?

For example, when www.domain.com/index.php is  given in browser, the file index.php gets downloaded rather than displaying it.

This is an issue where PHP files are not properly parsed by the web-server.

To fix this issue :

— > Make sure the  php module is loaded.

 ‘LoadModule php5_module' must be passed in httpd.conf file

–> Make sure the proper PHP interpreter to handle files with a .php extension is mentioned. Something like,

'AddType application/x-httpd-php .php' is given in httpd.conf

If these lines are not found within your httpd configuration, PHP parsing can be an issue.

Too much denied named queries ?

When you have setup a production box, running with a DNS server ( named service, in this matter ), you get tones of queries. If you have disabled recursion, lesser the number of DNS workload.

While going through your /var/log/messages, have you found lots of query ( cache ) denied messages ? Something like this ?

Date host named[28251]: client IP#xxxxx: view external: query (cache) 'domain.com/A/IN' denied

Check whether the domains to which these queries are directed are present in the server or not.

If you find that these domains once existed in the server and not now, we can conclude that domains are still pointed to the DNS servers even though the sites went out of business or went offline. 

In other words, they no longer have a DNS or HTTP entry, but the domains still exists and have their DNS records pointed here.

Resolution to this issue is

Add the following lines to /etc/named.conf ( named config file )
( Add under the section ‘options’

additional-from-auth no;
additional-from-cache no;

Once these settings are given, BIND will not follow out-of-zone records even if it is in the cache.

How do I clear my DNS cache !

The local DNS cache in your machine will store the locations  of web-servers/websites that contain pages which you have recently viewed.

If the location of these pages have  changed, you will be unable to access them due to the local DNS cache ( the one cached by your local machine, which you use to access the webpages )

Following shows you on how to clear DNS cache on different platforms :

* On a system running in windows, navigate to cmd and run the following :

# ipconfig/flushdns

* On a system running on OS X Mountain Lion, type in the following from terminal :

# sudo killall -HUP mDNSResponder

* On a system running on linux distro’s, run the following :

# sudo /etc/init.d/nscd restart

Install nscd ( name service cache daemon ) if not present :

# sudo apt-get install nscd or yum install nscd