Jump to content


Photo

Uniform Server - Services as Administrator


  • Please log in to reply
32 replies to this topic

#21 Clint Payton

Clint Payton

    Newbie

  • Member
  • Pip
  • 6 posts
  • Main OS: Windows 7

Posted 01 February 2012 - 10:06 PM

I certainly don't know what you have done in your installation and maybe some information on your part will help us. I can confirm that denying everything to Uniserver Group on C:\ does not break apache.

As I type this I have a Server 2008R2 running. Are you running Uniserver on its own dedicated partition as the guide states or are you running it on the same OS drive?



Hey Yoni,

I completely agree, I'm only giving feedback to try and improve the guide/thread. Absolutely not trying to be negative, I appreciate any effort people put into helping each other out.

My installation happens to be a Hyper-V FM running 2008R2. I have a C: drive for OS and an E: drive for uniserver. I followed the guide exactly, like I mentioned. I can reliably/repeatedly break apache by denying 'Read' on the C: drive. Could you post a screenshot of you exact "advanced" OS drive security properties?

#22 Yoni

Yoni

    Support Team Member

  • Support Team
  • PipPip
  • 97 posts
  • Gender:Male
  • Main OS: Other

Posted 01 February 2012 - 10:19 PM

Here you go:

Attached File  screenshot.png   174.81KB   82 downloads

I don't know if you feel comfortable with this but if possible I could remote in and take a look at it. Otherwise I can let you remote in into that server so you can take a look around o the configuration and try to figure out the issue yourself. that's the test server so there is nothing to worry about.

Yoni


#23 z2z

z2z

    Junior Member

  • Member
  • Pip
  • 14 posts
  • Main OS: Windows XP

Posted 15 March 2012 - 03:11 AM

Your article has been very useful, Thanks Yoni.

Maybe this approach can be built inside UniServer for production mode.

#24 BobS

BobS

    Project Helper

  • Super Moderator
  • PipPipPip
  • 334 posts
  • Location:Santiago Chile
  • Interests:Retiring, computer systems, system design, model railroads....
  • Wiki ID: BobS
  • Main OS: Windows 7

Posted 16 March 2012 - 08:27 AM

Coral doesn't even work out of the box under server 2008 R2.

Fortunately, I believe this has been resolved as of Coral_8.4.0.

Maybe this approach can be built inside UniServer for production mode.

Since there are two separate aspects to this hardening process, that can't be done completely within The Uniform Server.

What should probably happen is to have a set of procedures and a checklist for the OS updates (accounts, permissions, etc.), and a plugin to modify the configuration files in The Uniform Server.

Regards,
BobS

#25 MADLAX

MADLAX

    Newbie

  • Member
  • Pip
  • 9 posts
  • Main OS: Windows 7

Posted 12 April 2012 - 07:02 PM

After getting a hart-attack after using security test php, I add some security measures..
Now I run 8.5.1 and its works with all the new security measures, but i do get some stuff when I load a page in my error.log

[Fri Apr 13 01:41:35.151499 2012] [mpm_winnt:notice] [pid 5160:tid 600] AH00428: Parent: child process exited with status 255 -- Restarting.
[Fri Apr 13 01:41:35.207502 2012] [auth_digest:notice] [pid 5160:tid 600] AH01757: generating secret for digest authentication ...
[Fri Apr 13 01:41:35.235504 2012] [mpm_winnt:notice] [pid 5160:tid 600] AH00455: Apache/2.4.1 (Win32) PHP/5.4.0 configured -- resuming normal operations
[Fri Apr 13 01:41:35.235504 2012] [mpm_winnt:notice] [pid 5160:tid 600] AH00456: Server built: Feb 14 2012 19:15:37
[Fri Apr 13 01:41:35.235504 2012] [core:notice] [pid 5160:tid 600] AH00094: Command line: 'D:\\UniServer\\usr\\local\\apache2\\bin\\httpd1.exe -d D:/UniServer/usr/local/apache2'
[Fri Apr 13 01:41:35.236504 2012] [mpm_winnt:notice] [pid 5160:tid 600] AH00418: Parent: Created child process 5580
[Fri Apr 13 01:41:35.706531 2012] [auth_digest:notice] [pid 5580:tid 204] AH01757: generating secret for digest authentication ...
[Fri Apr 13 01:41:35.747533 2012] [mpm_winnt:notice] [pid 5580:tid 204] AH00354: Child: Starting 64 worker threads.
[Fri Apr 13 01:41:38.763706 2012] [mpm_winnt:notice] [pid 5160:tid 600] AH00428: Parent: child process exited with status 255 -- Restarting.
[Fri Apr 13 01:41:38.830709 2012] [auth_digest:notice] [pid 5160:tid 600] AH01757: generating secret for digest authentication ...
[Fri Apr 13 01:41:38.859711 2012] [mpm_winnt:notice] [pid 5160:tid 600] AH00455: Apache/2.4.1 (Win32) PHP/5.4.0 configured -- resuming normal operations
[Fri Apr 13 01:41:38.859711 2012] [mpm_winnt:notice] [pid 5160:tid 600] AH00456: Server built: Feb 14 2012 19:15:37
[Fri Apr 13 01:41:38.859711 2012] [core:notice] [pid 5160:tid 600] AH00094: Command line: 'D:\\UniServer\\usr\\local\\apache2\\bin\\httpd1.exe -d D:/UniServer/usr/local/apache2'
[Fri Apr 13 01:41:38.859711 2012] [mpm_winnt:notice] [pid 5160:tid 600] AH00418: Parent: Created child process 2456
[Fri Apr 13 01:41:39.340739 2012] [auth_digest:notice] [pid 2456:tid 204] AH01757: generating secret for digest authentication ...
[Fri Apr 13 01:41:39.380741 2012] [mpm_winnt:notice] [pid 2456:tid 204] AH00354: Child: Starting 64 worker threads.

For now its all works, but have no idea what the problem is.. :) maybe someone here knows?
Tomorrow I will setup my local dev server an see if its a bug in 8.5.1 or the new rights..

PS, I use windows 7 sp1 x64 ultimate is up to date..

#26 Yoni

Yoni

    Support Team Member

  • Support Team
  • PipPip
  • 97 posts
  • Gender:Male
  • Main OS: Other

Posted 13 April 2012 - 11:41 AM

For now its all works, but have no idea what the problem is.. :) maybe someone here knows?
Tomorrow I will setup my local dev server an see if its a bug in 8.5.1 or the new rights..

PS, I use windows 7 sp1 x64 ultimate is up to date..

There is no problem whatsoever. That is just Apache logging the re-cycling process. It does it on every shutdown/start :)

Yoni


#27 MADLAX

MADLAX

    Newbie

  • Member
  • Pip
  • 9 posts
  • Main OS: Windows 7

Posted 13 April 2012 - 03:16 PM

Yeah I dont get it, re-cycling process happens with each page load?

I also get this \/, in my windows app log, when the page loading is a bit slower..
And sometime img or css is not loading..

(app error)
Name of application with error: httpd1.exe, version 2.4.1.0, time stamp: 0x4f3aa5c8
Name of error module: libhttpd.dll, version 2.4.1.0, time stamp: 0x4f3aa4c9
Exception Code: 0xc0000005
Fault offset: 0x000217cc
Error process id: 0x834
Start time of application with error: 0x01cd19afea2b15f4
Path to application with error: D: \ Uniserver \ usr \ local \ apache2 \ bin \ httpd1.exe
Path module with error: D: \ Uniserver \ usr \ local \ apache2 \ bin \ libhttpd.dll
Report ID: 284e8fea-85a3-11e1-a783-005056c00008

I think is maybe the cms im using, cmsms an yes did apply right to it..
Still I do feel the server is a bit lower now, with locking down rights

#28 Yoni

Yoni

    Support Team Member

  • Support Team
  • PipPip
  • 97 posts
  • Gender:Male
  • Main OS: Other

Posted 13 April 2012 - 03:29 PM

From your latest post I can see Apache errors. I haven't moved my installation from apache 2.2. That was included with 8.0 Coral. Every other release that I tested newer than 8.0 Coral left me some to be desired, specially apache.

Yoni


#29 MADLAX

MADLAX

    Newbie

  • Member
  • Pip
  • 9 posts
  • Main OS: Windows 7

Posted 13 April 2012 - 03:36 PM

Yeah I will wait for your Uniserver with FastCGI tutorial, and say bye bye to Apache 2.4.1..
I cant test Uniserver all the time..

#30 MADLAX

MADLAX

    Newbie

  • Member
  • Pip
  • 9 posts
  • Main OS: Windows 7

Posted 14 April 2012 - 10:05 AM

I had to downgrade to 8.1.2 coral, i was getting too many errors an load problems
Coral 8.1.2 works without any errors.. :) so it seems it was apache 2.4, withs feels like a beta to me..

Your right Yoni, about newer Coral version with apache 2.4 feel all like beta because of 2.4 on it..
RIC should make a stable version with apache 2.2 an maybe wait a bit with apache 2.4..
Maybe a production version of uniform server, were stability is key not updating to all the new stuff?? :)

#31 Yoni

Yoni

    Support Team Member

  • Support Team
  • PipPip
  • 97 posts
  • Gender:Male
  • Main OS: Other

Posted 14 April 2012 - 10:22 PM

I had to downgrade to 8.1.2 coral, i was getting too many errors an load problems
Coral 8.1.2 works without any errors.. :) so it seems it was apache 2.4, withs feels like a beta to me..

Your right Yoni, about newer Coral version with apache 2.4 feel all like beta because of 2.4 on it..
RIC should make a stable version with apache 2.2 an maybe wait a bit with apache 2.4..
Maybe a production version of uniform server, were stability is key not updating to all the new stuff?? :)

UniServer is great as it is. I don't believe the course needs to be changed since this is a wonderful tool for testing proposes. I have sent you a PM to offer you a package for production under very specific circumstances.

Even though, I do believe that Uniserver needs to stick to its root and consider not to release packages that are not 100% usable. My personal experiences with the latest releases (8.2 and up) have not been very pleasant. Then again, it will all come down to preferences and opinions...

Yoni


#32 Yoni

Yoni

    Support Team Member

  • Support Team
  • PipPip
  • 97 posts
  • Gender:Male
  • Main OS: Other

Posted 15 April 2012 - 07:25 AM

Maybe a production version of uniform server, were stability is key not updating to all the new stuff?? :)

I have the package up there for download. I hope you enjoy this package as much as I do :)

Mod Security is amazing but you have to be really careful with it. I recommend everyone to start with 'SecRuleEngine DetectionOnly' that way you can log and detect if anything will be blocked in your site as a flase-positive. This happens a lot and mod_security requires time, understanding and patience.

You may have several questions for me in relation to this package. Please, I'll try to document everything I can WITH TIME. Everything should be working out of the box and you shouldn't have any major problems to find your whereabouts if you have ran a UniServer WAMP package before.

Download from here: http://turbo.icctek....r/UniServer.exe

Defaults:
CGI/FastCGI
Wincache 1.1
Default Storage Engine=InnoDB
MyISAM is enabled too just not default. As such, I have configured InnoDB settings a little beefier than MyISAM.
Mod_security with based rules.
(All rules can be applied/removed just by dragging and dropping in/out of the D:\UniServer\usr\local\apache2\conf\crs\activated_rules folder. (Apache restart required, of course).

Don't expect to run this package with less than 100MB RAM! I have tried hard to keep it low in memory consumption but remember that this is suppose to be your "production package". You are going to need to throw RAM at it one way or another.

In my server, the package alone it is currently using @ 600-700MB RAM. I have assigned Wincache 255MB RAM, beefier InnoDB memory assignment plus apache cache/disk-cache.

You should definitely note a performance increase running this package and it feels solid as a rock. I have it in production with @50-70 guests/minute and it seems to hold strong :)

Good luck.

Yoni


#33 Dirty Snipe

Dirty Snipe

    Newbie

  • Member
  • Pip
  • 2 posts
  • Main OS: Windows 7

Posted 25 April 2012 - 03:26 AM

Is this version compatible with Windows Server 2008 R2 64bit?

I just installed the latest uniform server and have an intranet website I need hosted on a reliable server. This latest version is far from that (constant apache crashing and page cannot be found errors).

I need to find a solution and fast as this needs to go live this week.

Thanks

Paul




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users