Sign in to follow this  
Followers 0

Updating the PHP General-Purpose Scripting Language


Windows Intrusion Detection System - Companion Add-On Tutorial

ids.gif

Updating the Windows Intrusion Detection Systems (WinIDS)

PHP General-Purpose Scripting Language

Written by: Michael E. Steele



Introduction

During my research, and development I've found a lot of tutorials, and blogs describing the installation process for the UNIX environment. Yet, none of them specifically detailed setting this up in a Windows environment. I've been working on, and updating these tutorials for the past 12 plus years, and managed to get through the complete process in the Windows environment.

These tutorials gives all the basic instructions on how to either update major componets, or add-on componets to the Windows Intrusion Detection System (WinIDS).

Copyright Notice

This document is Copyright © 2002-2017 Michael Steele. All rights reserved. Permission to distribute this document is hereby granted providing that distribution is electronic, in it's original form, no money is involved, and this copyright notice is maintained. Other requests for distribution will be considered.

Use the information in this document at your own risk. Michael Steele disavows any potential liability of this document. Use of the concepts, examples, and/or other content of this document are entirely at your own risk.

This tutorial is written in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose.

All copyrights are owned by their owners, unless specifically noted otherwise. Third party trademarks or brand names are the property of their owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements.

Support Questions and Help

All support questions related to this specific tutorial MUST be directed to the specific forum for which this Windows Intrusion Detection System (WinIDS) tutorial resides!

By request, there is a premium fee service available for one on one support.

If you have not acquired this tutorial directly from the winsnort.com website, then you most likely do not have the latest revision of this tutorial!


Prepping for updating the Windows Intrusion Detection System (WinIDS) PHP G-P Scripting Language


Backing up the current PHP General-Purpose Scripting Language

Open a CMD window and type 'xcopy /E /I d:\winids\php d:\winids\php-old' (less the outside quotes), and tap the 'Enter' key.

Downloading The required software

For this tutorial the original files from the 'WinIDS - xxbit Core Software Support Pack' must be located in its original folder (d:\temp).
From a browser navigate to the PHP for windows downloads.

Pay attention to the 'Non Thread Safe' versions, the 'Thread Safe' versions.
  • Non Thread Safe - This is for the Internet Information Services (IIS) Web Server
  • Thread Safe - This is for the Apache2 Web Server
Make SURE the correct file below gets installed for the correct operating system, and hardware architecture being installed on...
All 32bit Windows running IIS: Scroll down to the section labeled PHP 5.6 (5.6.xx), in the sub section labeled VC11 x86 Non Thread Safe (Date time) left-click the Zip link, and download to the 'd:\temp' folder.

All 64bit Windows running IIS: Scroll down to the section labeled PHP 5.6 (5.6.xx), in the sub section labeled VC11 x64 Non Thread Safe (Date time) left-click the Zip link, and download to the 'd:\temp' folder.

All 32bit Windows running Apache2: Scroll down to the section labeled PHP 5.6 (5.6.xx), in the sub section labeled VC11 x86 Thread Safe (Date time) left-click the Zip link, and download to the 'd:\temp' folder.

All 64bit Windows running Apache2: Scroll down to the section labeled PHP 5.6 (5.5.xx), in the sub section labeled VC11 x64 Thread Safe (Date time) left-click the Zip link, and download to the 'd:\temp' folder.

The web browser can now be closed.


Updating the Windows Intrusion Detection Systems (WinIDS) PHP General-Purpose Scripting Language


Stopping the Web Server

Internet Information Services (IIS): At the CMD prompt type 'iisreset -stop' (less the outside quotes), and tap the 'Enter' key.

Apache2: At the CMD prompt type 'net stop apache2.4' (less the outside quotes), and tap the 'Enter' key.

Installing the PHP General-Purpose Scripting Language

For this update the PHP General-Purpose Scripting Language will be extracted over the top of the previous version so as to preserve the PEAR installation.
At the CMD prompt type 'unzip -oqq d:\temp\PHP-Filename.zip -d d:\winids\php' (less the outside quotes), and tap the 'Enter' key.

In the above procedure make SURE to replace the PHP-Filename.zip with the actual file name of the PHP General-Purpose Scripting Language that was downloaded to the 'd:\temp' folder.

Configuring the PHP General-Purpose Scripting Language

At the CMD prompt type 'copy /Y d:\winids\php\php.ini-production d:\winids\php\php.ini' (less the outside quotes), and tap the 'Enter' key.

Should display '1 file(s) copied.', and return to the CMD prompt.
At the CMD prompt type 'notepad2 d:\winids\php\php.ini' (less the outside quotes), and tap the 'Enter' key.

Use the Find option in Notepad2 to locate and change the variables below.
Original Line(s): max_execution_time = 30
Change to: max_execution_time = 60

Original Line(s): error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
Change to: ; error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

Original Line(s): ;include_path = ".;c:\php\includes"
Change to: include_path = "d:\winids\php;d:\winids\php\pear"

Original Line(s): ; extension_dir = "ext"
Change to: extension_dir = "d:\winids\php\ext"

The next line change is for Internet Information Services (IIS) Only:
Original Line(s):; cgi.force_redirect = 1
Change to:cgi.force_redirect = 0

Original Line(s): ; extension=php_gd2.dll
Change to: extension=php_gd2.dll

The next line change is for MySQL Only:
' Original Line(s): ; extension=php_mysql.dll
Change to: extension=php_mysql.dll

The next line change is for PostgresSQL Only:
Original Line(s): ; extension=php_pgsql.dll
Change to: extension=php_pgsql.dll

Original Line(s): ;date.timezone =
Change to: date.timezone = America/New_York

In the above date.timezone setting, America/New_York is only the default. Inserting the correct Timezone setting where the Windows Intrusion Detection System (WinIDS) will be located is essential. Check out the PHP website for the List of Supported Timezones.
Original Line(s): ;session.save_path = "/tmp"
Change to: session.save_path = "c:\windows\temp"

Save the file, and eXit Notepad2.

Testing the PHP General-Purpose Scripting Language installation

Internet Information Services (IIS): At the CMD prompt type 'copy d:\temp\test.php d:\winids\inetpub\wwwroot\base' (less the outside quotes), and tap the 'Enter' key.

Apache2: At the CMD prompt type 'copy d:\temp\test.php d:\winids\apache24\htdocs\base' (less the outside quotes), and tap the 'Enter' key.

Should display '1 file(s) copied.', and return to the CMD prompt.
Internet Information Services (IIS): At the CMD prompt type 'iisreset -start' (less the outside quotes), and tap the 'Enter' key.

Apache2: At the CMD prompt type 'net stop apache2.4 & net start apache2.4' (less the outside quotes), and tap the 'Enter' key.

Open a web-browser and type 'http://winids/test.php' (less the outside quotes) into the URL Address box, and tap the 'Enter' key.

Several sections of information concerning the status and install of PHP should be displayed.

In the first section of information make SURE that the item labeled 'Loaded Configuration File' is pointing to 'd:\winids\php\php.ini' (less the outside quotes).

In the section labeled 'Configuration - PHP Core' (less the outside quotes) make SURE that the item labeled 'extension_dir' is pointing to 'd:\winids\php\ext' (less the outside quotes) in columns 'Local Values' (less the outside quotes) and 'Master Values' (less the outside quotes).

In the section labeled 'Configuration - PHP Core' (less the outside quotes) make SURE that the item labeled 'include_path' is pointing to 'd:\winids\php;d:\winids\php\pear' (less the outside quotes) in columns 'Local Values' (less the outside quotes) and 'Master Values' (less the outside quotes).

In the section labeled 'session' (less the outside quotes) make SURE that the item labeled 'session.save_path' is pointing to 'c:\windows\temp' (less the outside quotes) in columns 'Local Values' (less the outside quotes) and 'Master Values' (less the outside quotes).
Do not proceed until all the above paths are correct!
eXit the web-browser.

Internet Information Services (IIS): At the CMD prompt type 'del d:\winids\inetpub\wwwroot\base\test.php' (less the outside quotes), and tap the 'Enter' key.

Apache2: At the CMD prompt type 'del d:\winids\apache24\htdocs\base\test.php' (less the outside quotes), and tap the 'Enter' key.

At the CMD prompt type 'exit' (less the outside quotes), and tap the 'Enter' key.

As an emergency backup the original PHP General-Purpose Scripting Language installation folder was mirrored to the 'd:\winids\php-old' folder. If this update was a complete failure all that is needed to revert back to the original PHP General-Purpose Scripting Language installation is to stop the web server, delete the new 'd:\winids\php' folder, rename the 'd:\winids\php-old' folder to 'd:\winids\php', return to the section labeled 'Testing the PHP General-Purpose Scripting Language installation', and complete.
If the updating process has been successful and the backup is no longer needed the below process will scrub the backup folder.
Open a CMD window and type 'rd d:\winids\php-old /S /Q' (less the outside quotes), and tap the 'Enter' key.

At the CMD prompt type 'exit' (less the outside quotes), and tap the 'Enter' key.

In Conclusion

Congratulations, you have just completed updating the Windows Intrusion Detection Systems (WinIDS) PHP General-Purpose Scripting Language.

I encourage you to perform some post-installation tasks if still needed to get a fully production-ready Windows Intrusion Detection System (WinIDS).

This includes:
  • Tuning your rules and preprocessors.
  • Tuning Snort thresholds and limit values.
  • Securing your host (Maybe changing the default database user access, disabling unneeded services, etc.).
  • Adding user authentication to the Windows Intrusion Detection Systems (WinIDS) Security Console.
  • Configure a system, such as PulledPork to auto-update the Windows Intrusion Detection Systems (WinIDS) rules and signatures.

Optional Companion Documents

Be SURE to check out the available 'Companion Add-on Documents' to enhance the Windows Intrusion Detection System (WinIDS) experience.
  • How to install MySQL Tools into a MySQL enabled Windows Intrusion Detection System (WinIDS)
    This tutorial will show how to install the 'MySQL System Tray Monitor' as a service to monitor the condition of the MySQL database in real time, on an existing Windows Intrusion Detection System (WinIDS). This will allow starting and stopping of the database. The 'MySQL System Tray Monitor' has two tools associated with it that can be accessed directly from the 'MySQL System Tray Monitor'. These tools will allow editing, maintaining, and repairing of the MySQL database. Use extreme caution using these tools.

Updating the Windows Intrusion Detection Systems (WinIDS) Major components


Debugging Installation errors

Check the Event Viewer as most of the support programs will throw FATAL errors into the Application log.

General problems

For general help, left-click the support button at the top of this tutorial, or manually navigate to the correct forum.

Michael E. Steele | Microsoft Certified System Engineer (MCSE)
Email Support: support@winsnort.com
Snort: Open Source Network IDS - www.snort.org