http://www.cyberciti.biz/tips This is a Linux sys admin journal by Vivek about sys admin work, Linux tips & tricks, hacks, news and more. Wed, 24 Apr 2013 18:50:55 +0000 en-US hourly 1 http://wordpress.org/?v=3.5.1 http://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html http://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html#comments Tue, 03 Apr 2012 19:53:01 +0000 nixCraft http://www.cyberciti.biz/tips/?p=8768 Wake-on-LAN (WOL) is an Ethernet networking standard that allows a server to be turned on by a network message. You need to send 'magic packets' to wake-on-lan enabled ethernet adapters and motherboards, in order to switch on the called systems. Make sure you connect the NIC (eth0 or eth1) with the motherboard, and enable the WOL function in the BIOS. This is a quick guide to enable WOL under RHEL / Fedora / CentOS / Debian / Ubuntu Linux. ]]> http://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html/feed 10 http://www.cyberciti.biz/tips/vbulletin-cdn-content-delivery-network-configuration.html http://www.cyberciti.biz/tips/vbulletin-cdn-content-delivery-network-configuration.html#comments Fri, 11 Jun 2010 14:09:01 +0000 nixCraft http://www.cyberciti.biz/tips/?p=7029 The last time I wrote about CDN, I wrote about how to configure CDN for wordpress to speed up your wordpress blog to display content to users faster and more efficiently. However, a few regular readers like to know how to configure the Amazon CDN or other CDN network to use with Vbulletin forum software. In this quick tutorial, I will explains how to configure Vbulletin, Apache/Lighttpd webserver, Bind dns server to use a CDN to distribute your common files such as css, js, user uploaded files and lighten load on your web server.]]> http://www.cyberciti.biz/tips/vbulletin-cdn-content-delivery-network-configuration.html/feed 24 http://www.cyberciti.biz/tips/wordpress-cdn-content-delivery-network-configuration.html http://www.cyberciti.biz/tips/wordpress-cdn-content-delivery-network-configuration.html#comments Fri, 02 Apr 2010 09:44:39 +0000 nixCraft http://www.cyberciti.biz/tips/?p=6644 Research shows that if your web pages take longer than 5 seconds to load, you lose 50% of your viewers and sales. You can speed up your wordpress blog by using a CDN to display content to users faster and more efficiently. You can distributes common files or content such as css, javascript, uploaded images, videos and much more through a CDN, which serves the content from the closest cdn edge server to the end-user. In this tutorial, I will explains how to configure Wordpress, Apache/Lighttpd webserver, Bind dns server to use a CDN to distribute your common files such as css, js, user uploaded files and lighten load on your web server.]]> http://www.cyberciti.biz/tips/wordpress-cdn-content-delivery-network-configuration.html/feed 43 http://www.cyberciti.biz/tips/identifying-linux-bottlenecks-sar-graphs-with-ksar.html http://www.cyberciti.biz/tips/identifying-linux-bottlenecks-sar-graphs-with-ksar.html#comments Tue, 15 Dec 2009 06:33:21 +0000 nixCraft http://www.cyberciti.biz/tips/?p=6165 The sar command collect, report, or save UNIX / Linux system activity information. It will save selected counters in the operating system to the /var/log/sa/sadd file. From the collected data, you get lots of information about your server:

1. CPU utilization
2. Memory paging and its utilization
3. Network I/O, and transfer statistics
4. Process creation activity
5. All block devices activity
6. Interrupts/sec etc.

sar output can be used for identifying server bottlenecks. However, analyzing information provided by sar can be difficult, so use kSar, which can take sar output and plot a nice easy to understand graph over period of time. ]]> http://www.cyberciti.biz/tips/identifying-linux-bottlenecks-sar-graphs-with-ksar.html/feed 32 http://www.cyberciti.biz/tips/google-public-dns-servers-launched.html http://www.cyberciti.biz/tips/google-public-dns-servers-launched.html#comments Thu, 03 Dec 2009 19:43:55 +0000 nixCraft http://www.cyberciti.biz/tips/?p=6122 Today, Google has announced the launch of their free DNS resolution service. Many ISPs and 3rd party provider such as OpenDNS snoops around or send traffic to ad servers. However, Google promises not to play with end users and send the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user's browsing experience. In other words Google will not hijacking your traffic on non-existent domain name and it will follow strict RFC standard. ]]> http://www.cyberciti.biz/tips/google-public-dns-servers-launched.html/feed 33 http://www.cyberciti.biz/tips/linux-security.html http://www.cyberciti.biz/tips/linux-security.html#comments Fri, 30 Oct 2009 07:52:11 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5687 Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.]]> http://www.cyberciti.biz/tips/linux-security.html/feed 116 http://www.cyberciti.biz/tips/bind-dynamic-update-dos.html http://www.cyberciti.biz/tips/bind-dynamic-update-dos.html#comments Wed, 29 Jul 2009 15:47:12 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5570 BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.]]> http://www.cyberciti.biz/tips/bind-dynamic-update-dos.html/feed 7 http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html#comments Fri, 24 Jul 2009 21:49:43 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5489 OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.]]> http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html/feed 134 http://www.cyberciti.biz/tips/open-source-project-management-software.html http://www.cyberciti.biz/tips/open-source-project-management-software.html#comments Sun, 19 Jul 2009 19:18:10 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5477 Project management software is not just for managing software based project. It can be used for variety of other tasks too. The web-based software must provide tools for planning, organizing and managing resources to achieve project goals and objectives. A web-based project management software can be accessed through an intranet or WAN / LAN using a web browser. You don't have to install any other software on the system. The software can be easy of use with access control features (multi-user). I use project management software for all of our projects (for e.g. building a new cluster farm) for issue / bug-tracking, calender, gantt charts, email notification and much more.

Obviously I'm not the only user, the following open source software is used by some of the biggest research organizations and companies world wild. For e.g. NASA's Jet Propulsion Laboratory uses track software or open source project such as lighttpd / phpbb use redmine software to keep track of their projects.]]> http://www.cyberciti.biz/tips/open-source-project-management-software.html/feed 85 http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html#comments Sat, 27 Jun 2009 02:26:39 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4934 Need to monitor Linux server performance? Try these built-in command and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as:

1. Finding out bottlenecks.
2. Disk (storage) bottlenecks.
3. CPU and memory bottlenecks.
4. Network bottlenecks.

]]> http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html/feed 316 http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html#comments Sun, 21 Jun 2009 00:02:13 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5148 If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.]]> http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html/feed 15 http://www.cyberciti.biz/tips/apache-http-dos-tool-released.html http://www.cyberciti.biz/tips/apache-http-dos-tool-released.html#comments Fri, 19 Jun 2009 14:50:39 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5138 Apache Security Update - a flaw In Apache can be used to carry out DoS. Slowloris is a new Apache DoS tool which can use slow Internet links to bring down Apache servers, rather than flooding networks. Most D/DoS tool requires faster net connections but this tool works with minimal bandwidth. This tool can lead to a DoS attack on Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid, while MS IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable to this attack.]]> http://www.cyberciti.biz/tips/apache-http-dos-tool-released.html/feed 9 http://www.cyberciti.biz/tips/linux-server-predicting-hardware-failure.html http://www.cyberciti.biz/tips/linux-server-predicting-hardware-failure.html#comments Tue, 02 Jun 2009 21:54:58 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4951 The Blue Screen of Death (BSoD) is used for the error screen displayed by Microsoft Windows, after encountering a critical system. Linux / UNIX like operating system may get a kernel panic. It is just like BSoD. The BSoD and a kernel panic generated using a Machine Check Exception (MCE). MCE is nothing but feature of AMD / Intel 64 bit systems which is used to detect an unrecoverable hardware problem.

Program such mcelog decodes machine check events (hardware errors) on x86-64 machines running a 64-bit Linux kernel. It should be run regularly as a cron job on any x86-64 Linux system. This is useful for predicting server hardware failure before actual server crash.]]> http://www.cyberciti.biz/tips/linux-server-predicting-hardware-failure.html/feed 7 http://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html http://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html#comments Tue, 02 Jun 2009 12:56:31 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4940 The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and much more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:

• All TCP sockets.
• All UDP sockets.
• All established ssh / ftp / http / https connections.
• All local processes connected to X server.
• Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
• All the tcp sockets in state FIN-WAIT-1 and much more.

]]> http://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html/feed 10 http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html#comments Wed, 27 May 2009 22:29:17 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4903 Linux kernel is the central component of Linux operating systems. It is responsible for managing the system's resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience. ]]> http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html/feed 18 http://www.cyberciti.biz/tips/linux-lighttpd-install-mod_geoip-tutorial.html http://www.cyberciti.biz/tips/linux-lighttpd-install-mod_geoip-tutorial.html#comments Sun, 29 Mar 2009 04:35:28 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4567 Geolocation software is used to get the geographic location of visitor using IP address. You can determine country, organization and guess visitors location. This is useful for:

a] Fraud detection.

b] Geo marketing and ad serving.

c] Target content.

d] Spam fighting.

e] And much more.

mod_geoip is a Lighttpd module for fast ip/location lookups. In this tutorial you will learn about mod_geoip installation and php server side examples to determine visitors country. ]]> http://www.cyberciti.biz/tips/linux-lighttpd-install-mod_geoip-tutorial.html/feed 10 http://www.cyberciti.biz/tips/linux-unix-bsd-mac-filtering.html http://www.cyberciti.biz/tips/linux-unix-bsd-mac-filtering.html#comments Tue, 17 Feb 2009 18:37:21 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4452 MAC Filtering (layer 2 address filtering) refers to a security access control methodology whereby the 48-bit address assigned to each network card is used to determine access to the network. Iptables, pf, and IPFW can block a certain MAC address on a network, just like an IP. One can deny or allow from MAC address like 00:1e:2a:47:42:8d using open source firewalls. MAC address filtering is often used to secure LAN or wireless network / devices. Is this technique effective? ]]> http://www.cyberciti.biz/tips/linux-unix-bsd-mac-filtering.html/feed 14 http://www.cyberciti.biz/tips/freebsd-72rc-released.html http://www.cyberciti.biz/tips/freebsd-72rc-released.html#comments Sun, 25 Jan 2009 15:08:30 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4676 http://www.cyberciti.biz/tips/freebsd-72rc-released.html/feed 0 http://www.cyberciti.biz/tips/centos-redhat-vsftpd-ftp-with-virtual-users.html http://www.cyberciti.biz/tips/centos-redhat-vsftpd-ftp-with-virtual-users.html#comments Wed, 21 Jan 2009 17:17:45 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4814 VSFTPD supports virtual users with PAM (pluggable authentication modules). A virtual user is a user login which does not exist as a real login on the system in /etc/passwd and /etc/shadow file. Virtual users can therefore be more secure than real users, because a compromised account can only use the FTP server but cannot login to system to use other services such as ssh or smtp.]]> http://www.cyberciti.biz/tips/centos-redhat-vsftpd-ftp-with-virtual-users.html/feed 48 http://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html http://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html#comments Wed, 21 Jan 2009 14:34:11 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4804 This example shows how you might set up a large internet facing FTP site for distributing file or software updates. The emphasis will be on security and performance. VSFTPD will make sure only world-readable files and directories are served to the world via anonymous / ftp account. You force to originates FTP port connections from a secure port - so users on the FTP server cannot try and fake file content. You will hide the FTP server user IDs and just display ftp in directory listings. This is also a performance boost. Set a 40000-60000 port range for passive connections. This will help firewall setup.]]> http://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html/feed 1