≡ Menu

fedora linux

BIND 9 Dynamic Update DoS Security Update

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.
[click to continue…]

Top 20 OpenSSH Server Best Security Practices

Don't tell anyone that I'm free

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.
[click to continue…]

Vmware Linux Guest Add a New Hard Disk Without Rebooting Guest

As a system admin, I need to use additional hard drives for to provide more storage space or to separate system data from user data. This procedure, adding physical block devices to virtualized guests, describes how to add a hard drive on the host to a virtualized guest using VMWare software running Linux as guest.

It is possible to add or remove a SCSI device explicitly, or to re-scan an entire SCSI bus without rebooting a running Linux VM guest. This how to is tested under Vmware Server and Vmware Workstation v6.0 (but should work with older version too). All instructions are tested on RHEL, Fedora, CentOS and Ubuntu Linux guest / hosts operating systems.
[click to continue…]

Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit)

If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.
[click to continue…]

Download Fedora 11 CD / DVD ISO

Fedora Linux version 11 has been released and available for download ( jump to download link ). Fedora Linux is a community-based Linux distribution. Fedora is sponsored by Red Hat, Inc.

One of Fedora's main objectives is not only to contain free and open source software, but also to be on the leading edge of such technologies.

Fedora 11, codenamed "Leonidas", was released on June 9, 2009. The features include ext4, a 20-second startup, and the latest GNOME, KDE and XFCE releases. Firefox 3.5 and Thunderbird 3's latest pre-releases are available as well.
[click to continue…]

Linux Find Out If PCI Hardware Supported or Not In The Current Running Kernel

A typical question from my mailbag:

How do I find out if a given PCI hardware is supported of by the current CentOS / Debian / RHEL / Fedora Linux kernel?

You can easily find out find out if a given piece of PCI hardware such as RAID, network, sound, graphics card is supported or not by the current Linux kernel using the following utilities under any Linux distributions.
[click to continue…]

Linux x86_64: Detecting Hardware Errors

The Blue Screen of Death (BSoD) is used by Microsoft Windows, after encountering a critical system error. Linux / UNIX like operating system may get a kernel panic. It is just like BSoD. The BSoD and a kernel panic generated using a Machine Check Exception (MCE). MCE is nothing but feature of AMD / Intel 64 bit systems which is used to detect an unrecoverable hardware problem. MCE can detect:

  • Communication error between CPU and motherboard.
  • Memory error - ECC problems.
  • CPU cache errors and so on.

[click to continue…]