Tag: — tepezcuintle @ 16:36
The Most Common OpenSSL Commands
One of the most versatile SSL tools is OpenSSL which is an open source implementation of the SSL protocol. There are versions of OpenSSL for nearly every platform, including Windows, Linux, and Mac OS X. OpenSSL is commonly used to create the CSR and private key for many different platforms, including Apache. However, it also has hundreds of different functions that allow you to view the details of a CSR or certificate, compare an MD5 hash of the certificate and private key (to make sure they match), verify that a certificate is installed properly on any website, and convert the certificate to a different format.
Continua”The Most Common OpenSSL Commands”
Tag: — tepezcuintle @ 3:34
This week we had a major problem with one of our webserver. A roge IP address in Asia was sending hundreds of requests to our search page on our site. The UserAgent showed Mozilla but this could’ve been software that faked the user agent.
Basically these requests overwhelmed Apache and the server load got as hight as 150. I was able to parse the log files in apache and noticed the multiple connections coming from the IP address that I had already found using Netstat.
I firewalled the IP address and that solved the issue but I wanted to find a way to stop these attacks automatically.
I found this cool entry using google and here is a good idea that I am going to try to implement to stop these attacks.
It uses Ruby on Rails but I can use PHP and then use Bash to automatically firewall these IP addresses.
Continua”A Cool Idea to Stop Bad Robots Attacking Your Webserver”
Tag: — tepezcuintle @ 3:47
# ELITE HTACCESS FOR WEBDEVELOPERS
##############################################
AuthName “SiteName Administration”
AuthUserFile /home/sitename.com/.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from 24\.205\.23\.222
Allow from w3.org htmlhelp.com
Allow from googlebot.com
Satisfy Any
Each code snippet has been copied from htaccesselite. Additional and detailed info on each htaccess code snippet can be found at askapache.com
NOTE: Most of these snippets can be used with a Files or Filesmatch directive to only apply to certain files.
NOTE: Any htaccess rewrite examples should always begin with:
Continua”Elite htaccess hacks”
Tag: — tepezcuintle @ 17:00
Yesterday I wrote about increasing local port range with net.ipv4.ip_local_port_range proc file. There is also /proc/sys/kernel/pid_max file, which specifies the value at which PIDs wrap around (i.e., the value in this file is one greater than the maximum PID). The default value for this file, 32768, results in the same range of PIDs as on earlier kernels (<=2.4). The value in this file can be set to any value up to 2^22 (PID_MAX_LIMIT, approximately 4 million).
Increasing the value will help on large Linux system or clusters to ease process identification and process management. You can easily prevent fork() failures error message with this hack.
Display Current Process Identifiers Limit
Type the following command at shell prompt:
$ sysctl kernel.pid_max
OR
$ cat /proc/sys/kernel/pid_max
Output:
kernel.pid_max = 32768
Allow for more PIDs
Type the following command
# sysctl -w kernel.pid_max=4194303
You need to append the following to your /etc/sysctl.conf:
kernel.pid_max = 4194303
Please note that this hack is only useful for large and busy server, don’t try this on old kernel or desktop systems.
Tag: — tepezcuintle @ 16:31
This is a good table that tells you the differences between all the redhat versions.
good for job interviews.
Red Hat Enterprise Linux
Server Version comparison chart
| |
Version 3 |
Version 4 |
Version 5 |
| |
AS |
ES |
AS |
ES |
Advanced Platform |
base server |
| Server Architecture support |
| x86, AMD64, Intel64, Itanium2 |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| IBM POWER |
Yes |
No |
Yes |
No |
Yes |
Yes |
| *Note: For IBM zSeries and S/390 information please refer to the mainfame page |
| Server Support limits as defined by Red Hat Enterprise Linux Product Subscription |
| Maximum physical CPUs/sockets [1] |
Unlimited |
2 |
Unlimited |
2 |
Unlimited |
2 |
| Maximum memory |
Unlimited |
8GB |
Unlimited |
16GB |
Unlimited |
Unlimited |
| Maximum virtualized guests/instances |
N/A |
N/A |
N/A |
N/A |
Unlimited |
4 |
| Storage virtualization (with Red Hat GFS and Cluster Suite) |
N/A |
N/A |
N/A |
N/A |
Yes |
No |
| Included Red Hat Network modules |
Update Module |
Update Module |
Update Module |
Update Module |
Update Module |
Update Module |
Desktop Version comparison chart
| |
Version 3 |
Version 4 |
Version 5 |
| |
WS |
Desktop |
WS |
Desktop |
Desktop |
Desktop
with Workstation option |
Desktop
with Multi OS option |
| Desktop Architecture support |
| X86, AMD64, Intel64 |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
| Itanium2 |
Yes |
No |
Yes |
No |
No |
No |
No |
| Desktop Support limits as defined by Red Hat Enterprise Linux Product Subscription |
| Maximum physical CPUs/sockets [1] |
2 |
1 |
2 |
1 |
1 |
2 |
1 |
| Maximum memory |
Unlimited |
4GB |
Unlimited |
4GB |
4GB |
Unlimited |
4GB |
| Maximum virtualized guests/instances |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
4 |
| Storage virtualization (with Red Hat GFS and Cluster Suite) |
N/A |
N/A |
N/A |
N/A |
No |
No |
No |
| Included Red Hat Network modules |
Update Module |
Update Module |
Update Module |
Update Module |
Update, Management, & Provisioning modules |
Technology capabilities and limits (certified[/theoretical]) [3]
| |
Version 3 |
Version 4 |
Version 5 |
| Maximum logical CPUs [4] |
| x86 |
16 |
32 |
32 |
| Itanium2 |
8 |
64/512 |
64/1024 |
| AMD64/Intel64 |
8 |
64/64 |
64/255 |
| Power |
8 |
64/128 |
128/128 |
| zSeries |
8 |
8 |
8/64 |
| Maximum memory |
| X86 |
64GB [5] |
64GB [5] |
16GB [6] |
| Itanium2 |
128GB |
256GB/1024TB |
1TB/1024TB |
| AMD64/Intel64 |
128GB |
256GB/1TB |
256GB/1TB |
| Power |
64GB |
128GB/1TB |
512GB/1TB |
| zSeries |
64GB |
64GB |
64GB |
|
| Maximum filesize (Ext3) |
2TB |
2TB |
2TB |
| Maximum filesystem size (Ext3) |
2TB |
8TB |
8TB/16TB |
| Maximum filesize (GFS) |
2TB |
16TB/8EB |
16TB/8EB [7] |
| Maximum filesystem size (GFS) |
2TB |
16TB/8EB |
16TB/8EB [7] |
| Maximum x86 per-process virtual address space |
Approx 4GB |
Approx 4GB |
Approx 3GB [6] |
| Required minimums |
| X86 |
256MB |
256MB |
512MB |
| AMD64/Intel64 |
256MB |
256MB |
512MB |
| Itanium2 |
512MB |
512MB |
512MB |
| Power |
512MB |
512MB |
1GB minimum/
2GB recommended |
| Minimum diskspace |
800MB |
800MB |
1GB |
| Kernel and OS features |
| Kernel foundation |
Linux 2.4.21 |
Linux 2.6.9 |
Linux 2.6.18 |
| Compiler/toolchain |
GCC 3.2 |
GCC 3.4 |
GCC 4.1 |
| Languages supported |
10 |
15 |
19 |
| NIAP/CC certified |
Yes - 3+ |
Yes - 4+ |
Yes - 4+ |
| Compatibility libraries |
V2.1 |
V2.1 and V3 |
V3 and V4 |
| Common Operating Environment (COE) compliant |
Yes |
Yes |
N/A |
| LSB compliant |
Yes - 1.3 |
Yes -3 |
Yes -3.1 |
| GB18030 |
No |
Yes |
Yes |
| Client environment |
| Desktop GUI |
Gnome 2.2 |
Gnome 2.8 |
Gnome 2.16 |
| Graphics |
XFree86 |
X.org |
X.org 7.1.1 |
| OpenOffice |
V1.1 |
V1.1.2 |
V2.0.4 |
| Ximian Evolution |
V1.4 |
V2.0 |
V2.8.0 |
| Default browser |
Mozilla |
Firefox |
Firefox 1.5 |
Tag: — tepezcuintle @ 16:22
If your server is running out of file descriptors, or you want to know what your users are doing you can review the content of their open files using this command
lsof -u username | wc -l
Let’s check our user mongrel.
lsof -u mongrel
Continua”Counting open file descriptors per user”
Tag: — tepezcuintle @ 19:13
Command your box from command-line-interface. This is the power of unix/linux & this is the power of find.
——————————————————————————–
Find command is just like driving a car to the destination. If you can read & follow the instructions provided, you are destined to reach at proper address.
Location director boardings at signals & landmarks are the inputs/options provided by the users/yourself & finally the roads are the hierarchy/paths to follow to reach the desired destination.
Continua”Becoming an expert with the Find Command”
Tag: — tepezcuintle @ 18:03
Linux Scalability
Doing large scale grid work, we regularly press various limits of Linux and other systems. If you’re in a situation where you’re pushing various limits like open file descriptors and network sockets, here is how to ensure that the limits are large enough.
At several points I suggest making changes to the Linux kernel’s configuration by echoing data into the /proc filesystem. This changes are transient and the system will reset to the default values on an reboot. As a result, you’ll want to place these changes somewhere where they will be automatically reapplied on reboot. On many Linux systems, you can use the /etc/rc.d/rc.local script to do this. Depending on your particular configuration, you might also be able to the /etc/sysctl.conf, although you’ll need to check the documentation for sysctl for the correct format.
Continua”How to increase Linux Scalability for Condor”
Tag: — tepezcuintle @ 20:20
The following is an extremely simplified view of how SSL is
implemented and what part the certificate plays in the entire process.
Continua”Installing a Self Signed SSL certificate on Apache”
Tag: — tepezcuintle @ 20:20
HOW I UPGRADED MY IMAP SERVER ON PENGUINCARES
So my email server was running an RPM that provided imap service but it was slow.
I figured i can speed up my server if I install a new imap server, I decided to go
with dovecot server so I removed the old rpm file
Release : 10 Build Date: Wed 17 Apr 2002 06:44:15 PM EDT
Install date: Tue 07 Jun 2005 10:57:45 PM EDT Build Host: stripples.devel.redhat.com
Group : System Environment/Daemons Source RPM: imap-2001a-10.src.rpm
Size : 2303900 License: University of Washington Free-Fork License
Packager : Red Hat, Inc.
URL : http://www.washington.edu/imap/
Summary : Server daemons for IMAP and POP network mail protocols.
Description :
The imap package provides server daemons for both the IMAP (Internet
Message Access Protocol) and POP (Post Office Protocol) mail access
protocols. The POP protocol uses a “post office” machine to collect
mail for users and allows users to download their mail to their local
machine for reading. The IMAP protocol allows a user to read mail on a
remote machine without downloading it to their local machine.
Continua”HOW I UPGRADED MY IMAP SERVER ON PENGUINCARES DOVECOT”
Next Page »
