标签 php 下的文章

监测linux负载过高时重启php脚本

#!/bin/sh
TOP_SYS_LOAD_NUM=5
SYS_LOAD_NUM=`uptime | awk '{print $(NF-2)}' | sed 's/,//'`

echo $(date +"%y-%m-%d") `uptime`
if [ `echo "$TOP_SYS_LOAD_NUM < $SYS_LOAD_NUM"|bc` -eq 1 ]
then
echo "#0#" $(date +"%y-%m-%d %H:%M:%S") "pkill php-fpm" `ps -ef | grep php-fpm | wc -l`
/etc/init.d/php-fpm stop
sleep 8
pkill php-fpm
sleep 8
for i in 1 2 3
do
if [ `pgrep php-fpm | wc -l` -le 0 ]
then
/etc/init.d/php-fpm start
sleep 30
echo "#1#" $(date +"%y-%m-%d %H:%M:%S") "start php-fpm" `ps -ef | grep php-fpm | wc -l`
fi
done
else
if [ `pgrep php-fpm | wc -l` -le 0 ]
then
/etc/init.d/php-fpm start
sleep 30
echo "#2#" $(date +"%y-%m-%d %H:%M:%S") "start php-fpm" `ps -ef | grep php-fpm | wc -l`
fi
fi

定时执行

*/5 * * * * /root/check-php.sh >>/var/log/check-php.log

使用Snuffleupagus保护PHP

之前介绍了使用Suhosin保护PHP,由于Suhosin仅支持到php5.x,对于php7.x及以上版本可以试试Snuffleupagus

编译安装:

git clone https://github.com/jvoisin/snuffleupagus
cd snuffleupagus/src
phpize
./configure --with-php-config=/usr/local/php/bin/php-config --enable-snuffleupagus
make
make install

然后在php.ini中引用

[Snuffleupagus]
extension=snuffleupagus.so
sp.configuration_file=/usr/local/php/conf.d/snuffleupagus.rules

其中/usr/local/php/conf.d/snuffleupagus.rules为规则文件,内容可参考:

sp.eval_blacklist.list("base64_decode,system,exec,shell_exec,passthru,proc_open,proc_close, proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport, syslog,popen,show_source,highlight_file,dl,socket_listen,socket_create,socket_bind,socket_accept, socket_connect, stream_socket_server, stream_socket_accept,stream_socket_client,ftp_connect, ftp_login,ftp_pasv,ftp_get,sys_getloadavg,disk_total_space, disk_free_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname");sp.global.show_old_php_warning.disable();

和Suhosin一样,可以设置函数黑白名单。
更多使用方法参考官网:https://snuffleupagus.readthedocs.io/config.html

使用Suhosin保护PHP

1、下载
PHP 5.2.X:https://download.suhosin.org/suhosin-0.9.37.1.tar.gz
PHP 5.X:https://download.suhosin.org/suhosin-0.9.38.tar.gz
2、安装

wget http://download.suhosin.org/suhosin-0.9.37.1.tar.gz
tar zxvf suhosin-0.9.37.1.tar.gz
cd suhosin-0.9.37.1/
phpize
./configure  --with-php-config=/usr/local/php/bin/php-config
make
make install

编辑/usr/local/php/etc/php.ini文件,在最后一行下方插入:

[Suhosin]
extension=suhosin.so
suhosin.executor.eval.blacklist = base64_decode,system,exec,shell_exec,passthru,proc_open,proc_close, proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport, syslog,popen,show_source,highlight_file,dl,socket_listen,socket_create,socket_bind,socket_accept, socket_connect, stream_socket_server, stream_socket_accept,stream_socket_client,ftp_connect, ftp_login,ftp_pasv,ftp_get,sys_getloadavg,disk_total_space, disk_free_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
suhosin.log.file.name = /usr/local/php/logs/suhosin-alert.log

对于php7.x及以上版本,可以试试使用Snuffleupagus保护PHP

SeaCMS打开程序错误提示,输出报错信息

为了安全和方便运营,海洋cms默认屏蔽了所有报错系统,如有调试需要,可以手动修改打开报错提示。

第一步:修改文件 include/common.php 删除第2,3行代码

error_reporting(0);
require_once('webscan/360webscan.php');

第二步:编辑环境配置文件php.ini

;显示错误信息  
display_errors = On  
;显示php开始错误信息  
display_startup_errors = On  
;日志记录错误信息  
log_errors = On