My Online Log

What is eAccelerator ?

is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.

When i heard that then in my mind why didn’t try to install it on my blog server, i feel that my blog performance was not fast enough and i think eaccelerator maybe the solution for it.

I assume you have already installed php on your server and checked your php version

root@monitor-ubuntu:~# php -v

PHP 5.2.4-2ubuntu5.5 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 11 2009 20:09:52)

Copyright (c) 1997-2007 The PHP Group

Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

or you can checked it on your phpinfo, just create a file named test.php then add this

<? phpinfo(); ?>

then checked it on your browser http://localhost/test.php

Prerequisites

The installation of eAccelerator on Ubuntu 8.04 will require that several program packages be installed on your system.  php5-dev is required to get the program phpize.  make is required for the program make

 # install php5-dev
 # install make
Installation

get the latest eaccelarator source code on http://eaccelerator.net/
# wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
# tar xvjf eaccelerator-0.9.5.3.tar.bz2
# cd eaccelerator-0.9.5.3
# phpize
# ./configure --enable-eaccelerator=shared
# make
# make install
Installing shared extensions:     /usr/lib/php5/20060613+lfs/
Now  you need to edit /etc/php5/apache2/php.ini and add the following line 
at the beginning of the file after the [PHP] tag:
[PHP]

; eAccelerator configuration
; Note that eAccelerator may also be installed as a PHP extension or as a zend_extension
; If you are using a thread safe build of PHP you must use
; zend_extension_ts instead of zend_extension
;extension                       = "/usr/lib/php5/20060613+lfs/eaccelerator.so"
zend_extension                  = "/usr/lib/php5/20060613+lfs/eaccelerator.so"
eaccelerator.shm_size           = "16"
eaccelerator.cache_dir          = "/var/cache/eaccelerator"
eaccelerator.enable             = "1"
eaccelerator.optimizer          = "1"
eaccelerator.check_mtime        = "1"
eaccelerator.debug              = "0"
eaccelerator.filter             = ""
eaccelerator.shm_max            = "0"
eaccelerator.shm_ttl            = "0"
eaccelerator.shm_prune_period   = "0"
eaccelerator.shm_only           = "0"
eaccelerator.compress           = "1"
eaccelerator.compress_level     = "9"
eaccelerator.allowed_admin_path = "/var/www/control.php"
NOTE: If you install Zend Optimizer and/or ionCube Loader you should be sure that 
ionCube loads before Zend Optimizer and eAccelerator installs before both for proper operation 
of all three extensions.    

[PHP]

; eAccelerator configuration
; Note that eAccelerator may also be installed as a PHP extension or as a zend_extension
; If you are using a thread safe build of PHP you must use
; zend_extension_ts instead of zend_extension
;extension                       = "/usr/lib/php5/20060613+lfs/eaccelerator.so"
zend_extension                  = "/usr/lib/php5/20060613+lfs/eaccelerator.so"
eaccelerator.shm_size           = "16"
eaccelerator.cache_dir          = "/var/cache/eaccelerator"
eaccelerator.enable             = "1"
eaccelerator.optimizer          = "1"
eaccelerator.check_mtime        = "1"
eaccelerator.debug              = "0"
eaccelerator.filter             = ""
eaccelerator.shm_max            = "0"
eaccelerator.shm_ttl            = "0"
eaccelerator.shm_prune_period   = "0"
eaccelerator.shm_only           = "0"
eaccelerator.compress           = "1"
eaccelerator.compress_level     = "9"
eaccelerator.allowed_admin_path = "/var/www/control.php"
; ionCube Loader configuration zend_extension=/usr/local/lib/ioncube/ioncube_loader_lin_5.2.so  ; Zend Optimizer configuration zend_extension=/usr/local/lib/Zend/ZendOptimizer.so zend_optimizer.optimization_level=15

Create and change permissions of the eAccelerator cache directory
# mkdir -p /var/cache/eaccelerator
# chmod 0777 /var/cache/eaccelerator
Control panel
eAccelerator provides a "control panel" of sorts that is useful to
see what pages are being cached and usage of shared memory. To install
the control panel, first copy file control.php into the web server
document root:
# cd /root/eaccelerator-0.9.5.3
# cp control.php /var/www/eaccelerator/
Edit control.php to change the $user and $pw settings to a user name and password of your choosing. 
Don’t leave them as the default or attackers will be able to disrupt the cache.
View the control panel at http://your-server-url/control.php
Note: if you rename or move control.php you must update the eaccelerator.allowed_admin_path setting in php.ini


Restart Apache
# /etc/init.d/apache2 restart

But strange thing happen to my server, when i try to checked the php version. 
eaccelerator hasn't installed yet
# php -v
PHP 5.2.4-2ubuntu5.5 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 11 2009 20:09:52)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
okay i try to locate php.ini configuration that being use by php
# php --ini
Configuration File (php.ini) Path: /etc/php5/cli
Loaded Configuration File:         /etc/php5/cli/php.ini
Scan for additional .ini files in: /etc/php5/cli/conf.d
Additional .ini files parsed:      /etc/php5/cli/conf.d/mysql.ini,
/etc/php5/cli/conf.d/mysqli.ini,
/etc/php5/cli/conf.d/pdo.ini,
/etc/php5/cli/conf.d/pdo_mysql.ini,
/etc/php5/cli/conf.d/snmp.ini
Okay as you can see it is pointing to /etc/php5/cli , okay i edit the /etc/php5/cli and add this
    

[PHP]

; eAccelerator configuration
; Note that eAccelerator may also be installed as a PHP extension or as a zend_extension
; If you are using a thread safe build of PHP you must use
; zend_extension_ts instead of zend_extension
;extension                       = "/usr/lib/php5/20060613+lfs/eaccelerator.so"
zend_extension                  = "/usr/lib/php5/20060613+lfs/eaccelerator.so"
eaccelerator.shm_size           = "16"
eaccelerator.cache_dir          = "/var/cache/eaccelerator"
eaccelerator.enable             = "1"
eaccelerator.optimizer          = "1"
eaccelerator.check_mtime        = "1"
eaccelerator.debug              = "0"
eaccelerator.filter             = ""
eaccelerator.shm_max            = "0"
eaccelerator.shm_ttl            = "0"
eaccelerator.shm_prune_period   = "0"
eaccelerator.shm_only           = "0"
eaccelerator.compress           = "1"
eaccelerator.compress_level     = "9"
eaccelerator.allowed_admin_path = "/var/www/control.php"
 
 

then i restart the apache
# /etc/init.d/apache2 restart
checked the php version
# php -v
PHP 5.2.4-2ubuntu5.5 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 11 2009 20:09:52)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
    with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
okay it is changes then i try to checked the phpinfo on my web but eAccelerator hasn't 
been added yet

Hmm, strange it is because the phpmyadmin are using Loaded 
Configuration File = /etc/php5/apache2/php.ini.
I try to create soft symlink on /etc/php5/, i changes the /etc/php5/apache 
to different name let say 
/etc/php5/apache_old,
then i create sysmlink for /etc/php5/cli
# ln -s /etc/php5/cli apache
# ls -al
total 20 
drwxr-xr-x  5 root root  4096 2009-04-01 17:55 . 
drwxr-xr-x 21 root root  4096 2008-12-22 12:24 .. 
lrwxrwxrwx  1 root root    13 2009-04-01 17:55 apache -> /etc/php5/cli 
drwxr-xr-x   2 root root 4096 2009-04-01 15:32 apache_old 
drwxr-xr-x   2 root root 4096 2009-04-01 15:35 cli 
drwxr-xr-x   2 root root 4096 2009-03-12 15:27 conf.d
Then i restart the apache
# /etc/init.d/apache2 restart
checked the phpinfo files on the web, it is changes

Okay is it is strange, i am curious what happen if i delete yhe symlink and changes back 
the /etc/php5/apache_old to /etc/php5/apache
# rm /etc/php5/apache
# mv /etc/php5/apache_old /etc/php5/apache
# ls -al
total 20
drwxr-xr-x   5 root root 4096 2009-04-01 16:42 .
drwxr-xr-x 102 root root 4096 2009-04-01 17:46 ..
drwxr-xr-x   2 root root 4096 2009-04-01 15:47 apache2
drwxr-xr-x   2 root root 4096 2009-04-01 15:35 cli
drwxr-xr-x   2 root root 4096 2009-03-12 15:27 conf.d
Then i restart the apache
# /etc/init.d/apache2 restart
 Both phpinfo and php -v show the eAccelerator
# php -v
PHP 5.2.4-2ubuntu5.5 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 11 2009 20:09:52)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
    with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
Okay i don't know it is because of cache or something but it is installed in the end 🙂



          

foremost is a forensics application to recover files based on their headers, footers, and internal data structures. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive

Currently foremost can recover the following file types:

jpg – Support for the JFIF and Exif formats including implementations used in modern digital cameras.

gif

png

bmp – Support for windows bmp format.

avi

exe – Support for Windows PE binaries, will extract DLL and EXE files along with their compile times.

mpg – Support for most MPEG files (must begin with 0×000001BA)

wav

riff – This will extract AVI and RIFF since they use the same file format (RIFF). note faster than running each separately.

wmv – Note may also extract -wma files as they have similar format.

mov

pdf

ole – This will grab any file using the OLE file structure. This includes PowerPoint, Word, Excel, Access, and StarWriter

doc – Note it is more efficient to run OLE as you get more bang for your buck. If you wish to ignore all other ole files then use this.

zip – Note is will extract .jar files as well because they use a similar format. Open Office docs are just zipâd XML files so they are extracted

as well. These include SXW, SXC, SXI, and SX? for undetermined OpenOffice files.

rar

htm

cpp – C source code detection, note this is primitive and may generate documents other than C code.

You can tweak /etc/foremost.conf to add support for more file types.

Please note that there’s no guarantee that foremost will succeed in recovering your files, but at least there’s a chance.

Okay i test the foremost on Ubuntu 8.04.2 Hardy, i will delete my pdf files

Setup

On Debian and Ubuntu, foremost can be installed as follows:

# apt-get install foremost

after installed you can checked the foremost version using this command

# dpkg -l | grep forem

ii  foremost                              1.5.3-1

Testing Foremost

To know more about foremost command you can use -help or man

# foremost -help

foremost version 1.5.3 by Jesse Kornblum, Kris Kendall, and Nick Mikus.

$ foremost [-v|-V|-h|-T|-Q|-q|-a|-w-d] [-t <type>] [-s <blocks>] [-k <size>]

[-b <size>] [-c <file>] [-o <dir>] [-i <file]

-V  – display copyright information and exit

-t  – specify file type.  (-t jpeg,pdf …)

-d  – turn on indirect block detection (for UNIX file-systems)

-i  – specify input file (default is stdin)

-a  – Write all headers, perform no error detection (corrupted files)

-w  – Only write the audit file, do not write any detected files to the disk

-o  – set output directory (defaults to output)

-c  – set configuration file to use (defaults to foremost.conf)

-q  – enables quick mode. Search are performed on 512 byte boundaries.

-Q  – enables quiet mode. Suppress output messages.

-v  – verbose mode. Logs all messages to screen

I will delete a pdf files to test the foremost:

root@test:~# ls -al

total 396

-rwxr-xr-x  1 root root 332575 2009-03-23 17:55 Setup-Guide.pdf

root@test:~# rm -rf Setup-Guide.pdf

Start recovering files using foremost: foremost  [-t <type>] [-i <file]

root@test:~# foremost -t pdf -T -i /dev/sda1

/dev/sda1 is where your partition located,  you can checked it using mount comand

root@test:~# mount

/dev/sda1 on / type ext3 (rw,errors=remount-ro)

tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)

proc on /proc type proc (rw,noexec,nosuid,nodev)

sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)

udev on /dev type tmpfs (rw,mode=0755)

tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)

devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)

nfsd on /proc/fs/nfsd type nfsd (rw)

root@test:~# foremost -t pdf -T -i /dev/sda1

|*******************************************************************************************|

After the foremost finished, you will find a folder called output in the directory from where you called foremost:

root@test:~# ls -la

total 36

drwxr-xr-x  5 root root 4096 2009-03-12 17:53 .

drwxr-xr-x 21 root root 4096 2009-02-16 13:10 ..

drwx——  2 root root 4096 2009-02-16 13:15 .aptitude

-rw——-  1 root root  377 2009-02-16 13:32 .bash_history

-rw-r–r–  1 root root  412 2004-12-15 23:53 .bashrc

drwxr-xr-x  2 root root 4096 2009-02-16 13:17 .debtags

drwxr-xr–  3 root root 4096 2009-03-12 17:53 output

-rw-r–r–  1 root root  140 2007-11-19 18:57 .profile

-rw——-  1 root root 3480 2009-03-12 17:06 .viminfo

root@test:~# cd output

root@test:~# ls -l

total 8

-rw-r–r– 1 root root  714 2009-03-12 18:02 audit.txt

drwxr-xr– 2 root root 4096 2009-03-12 17:57 jpg

The audit.txt contains a summary of what foremost has done:

cat output/audit.txt

root@test:~# cat output/audit.txt

Foremost version 1.5.4 by Jesse Kornblum, Kris Kendall, and Nick Mikus

Audit File

Foremost started at Thu Mar 23 18:00:48 2009

Invocation: foremost -t jpeg -i /dev/sda1

Output directory: /root/output

Configuration file: /etc/foremost.conf

——————————————————————

File: /dev/sda1

Start: Thu Mar 12 17:53:48 2009

Length: 28 GB (30836542464 bytes)

Num      Name (bs=512)         Size      File Offset     Comment

0:      11157504.pdf       320 KB      5712642048

1:      29556752.pdf         333 KB      15133057024

Finish: Thu Mar 12 18:02:10 2009

2 FILES EXTRACTED

pdf:= 2

——————————————————————

Foremost finished at Thu Mar 12 18:02:10 2009

root@test:~#

And the jpg/ subdirectory contains the jpg files that foremost has recovered:

ls -l output/jpg/

root@test:~# ls -l output/pdf/

total 660

-rw-r–r– 1 root root 328479 2009-03-12 17:55 11157504.pdf

-rw-r–r– 1 root root 332575 2009-03-12 17:57 29556752.pdf

the previous Setup-Guide.pdf size was 332575 and it is found by the name 29556752.pdf, Please note that there’s no guarantee that foremost will succeed in recovering your files, but at least there’s a chance.

Before you run foremost the next time from the same directory, you must either delete/rename the current output/ directory (because foremost will not start if there’s already an output/ directory) or use the -T switch (time stamp the output directory so you don’t have to delete the output/ dir when running multiple times)