nixCraft » package management

20 Linux Server Hardening Security Tips

nixCraft — Fri, 30 Oct 2009 07:52:11 +0000

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

How To: Upgrade Red Hat Enterprise Linux 5.3 to v5.4

nixCraft — Wed, 02 Sep 2009 18:22:59 +0000

Red Hat Enterprise Linux v5.4 has been released and available via RHN for immediate update. The new version includes the kernel-based virtual machine (KVM) virtualization, next generation of developer features and tools including GCC 4.4, a new malloc(). Also included clustered, high-availability filesystem to support Microsoft Windows storage needs on Red Hat Enterprise Linux.

BIND 9 Dynamic Update DoS Security Update

nixCraft — Wed, 29 Jul 2009 15:47:12 +0000

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.

Top 20 OpenSSH Server Best Security Practices

nixCraft — Fri, 24 Jul 2009 21:49:43 +0000

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.

Download Fedora 11 CD / DVD ISO

nixCraft — Wed, 10 Jun 2009 07:06:24 +0000

Fedora Linux version 11 has been released and available for download ( jump to download link ). Fedora Linux is a community-based Linux distribution. Fedora is sponsored by Red Hat, Inc.

One of Fedora's main objectives is not only to contain free and open source software, but also to be on the leading edge of such technologies. Fedora 11, codenamed "Leonidas", was released on June 9, 2009. The features include ext4, a 20-second startup, and the latest GNOME, KDE and XFCE releases. Firefox 3.5 and Thunderbird 3's latest pre-releases are available as well.

Linux x86_64: Detecting Hardware Errors

nixCraft — Tue, 02 Jun 2009 21:54:58 +0000

The Blue Screen of Death (BSoD) is used for the error screen displayed by Microsoft Windows, after encountering a critical system. Linux / UNIX like operating system may get a kernel panic. It is just like BSoD. The BSoD and a kernel panic generated using a Machine Check Exception (MCE). MCE is nothing but feature of AMD / Intel 64 bit systems which is used to detect an unrecoverable hardware problem.

Program such mcelog decodes machine check events (hardware errors) on x86-64 machines running a 64-bit Linux kernel. It should be run regularly as a cron job on any x86-64 Linux system. This is useful for predicting server hardware failure before actual server crash.

FreeBSD 7.2 Review: Improved Virtualization

nixCraft — Sat, 02 May 2009 08:40:26 +0000

FreeBSD is just plain old good UNIX with rock solid networking stack. It is quite popular amongst hosting companies, ISPs, portals (such as Yahoo) and a few large financial institutions because of its reliability, robustness and performance.

A new version of the FreeBSD is scheduled for release next week (4-May-2009). A beta 2 was made available for download few weeks ago for final round of testing before the official launch.

Lighttpd Install mod_geoip For Country / City Level Geo Targeting

nixCraft — Sun, 29 Mar 2009 04:35:28 +0000

Geolocation software is used to get the geographic location of visitor using IP address. You can determine country, organization and guess visitors location. This is useful for:

a] Fraud detection.

b] Geo marketing and ad serving.

c] Target content.

d] Spam fighting.

e] And much more.

mod_geoip is a Lighttpd module for fast ip/location lookups. In this tutorial you will learn about mod_geoip installation and php server side examples to determine visitors country.

Tips To Protect Linux Servers Physical Console Access

nixCraft — Thu, 12 Mar 2009 19:09:31 +0000

This is an user contributed article.

Linux computer console is a physical device to operate a computer / server. Here are few steps which, if taken, make it more difficult for an attacker to quickly modify a system from its console.

How To Tail (View) Multiple Files on UNIX / Linux Console

nixCraft — Mon, 09 Feb 2009 19:28:32 +0000

tail is one of the best tool to view log files in a real time (tail -f /path/to/log.file). The program MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). This is one of those dream come true program for UNIX sys admin job. You can browse through several log files at once and do various operations like search for errors and much more.

Vsftpd FTP Server With Virtual Users ( Berkeley DB + PAM )

nixCraft — Wed, 21 Jan 2009 17:17:45 +0000

VSFTPD supports virtual users with PAM (pluggable authentication modules). A virtual user is a user login which does not exist as a real login on the system in /etc/passwd and /etc/shadow file. Virtual users can therefore be more secure than real users, because a compromised account can only use the FTP server but cannot login to system to use other services such as ssh or smtp.

VMWare ESX4 and ESX3.5: SCSI timeout For Linux Guest

nixCraft — Sat, 17 Jan 2009 20:34:23 +0000

Recently, I noticed that the timeout values differ on CentOS v5.x and RHEL Linux 5.x guests on VMWare ESX4 and ESX3.5.

Red Hat / CentOS Apache 2 FastCGI PHP Configuration

nixCraft — Tue, 30 Dec 2008 10:31:32 +0000

FastCGI is a protocol for interfacing interactive programs with a web server. FastCGI's main aim is to reduce the overhead associated with interfacing the web server and CGI programs, allowing a server to handle more web page requests at once.

Also, PHP is not recommended with multithreaded Apache2 (worker MPM) because of performance and some 3rd party PHP extensions are not not guaranteed thread-safe.

nginx and lighttpd has inbuilt support for FastCGI. For Apache web server you need to use either mod_fastcgi or mod_fcgid.

mod_fastcgi allows server and application processes to be restarted independently -- an important consideration for busy web sites. It also facilitates per-application security policies -- important for ISPs and web hosting companies.

In this quick tutorial, you will learn about Apache 2 + mod_fastcgi + PHP installation and configuration under Red Hat Enterprise Linux / CentOS Linux version 5.x+.

How To Convert From a VMware Image To Virtualbox Image

nixCraft — Mon, 22 Dec 2008 20:24:43 +0000

VirtualBox is a virtual emulator like VMWare workstation. It has many of the features VMWare has, as well as some of its own.

I really like new Opensource VirtualBox from Sun. It is light on resources. Here is a quick tip - you can convert a VMware virtual machine (image) to a VirtualBox machine (image) using qemu-img utility, without reinstalling the GUEST operating system

Red Hat / CentOS: Chroot Apache 2 Web Server

nixCraft — Mon, 22 Dec 2008 05:55:52 +0000

A chroot on Red Hat / CentOS / Fedora Linux operating changes the apparent disk root directory for the Apache process and its children. Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache. You should never ever run a web server without jail. There should be privilege separation between web server and rest of the system. In this exclusive series, you will learn more about:

Securing an Apache 2 web server under Red Hat Enterprise Linux / CentOS Linux using mod_chroot
Virtual hosting configuration
Troubleshooting Chrooted Apache jail problem.

Download of The Day: Ubuntu Linux 8.10 RC (BETA) Intrepid Ibex

nixCraft — Fri, 24 Oct 2008 13:24:59 +0000

Ubuntu Linux 8.10 release candidate beta version has been released and available for download from mirrors. The final stable version will be released on October 30th, 2008. But, if you would like to test latest version try out Intrepid Ibex RC beta version.

Wikipedia Moving 400 Servers To Ubuntu Linux From Red Hat Linux

nixCraft — Fri, 10 Oct 2008 19:00:20 +0000

Wikipedia is ditching out a mix of Red Hat and Fedora for Ubuntu Linux. Wikipedia has 10 million articles in 250 languages and it is one of the 10 most visited websites in the world.

How to View Internet Explorer inside Firefox

nixCraft — Tue, 07 Oct 2008 15:23:15 +0000

I'm a devoted Firefox user like most of you. However, at work I use Internet Explorer for couple of web applications that works only on IE. Wouldn't it be nice to embed Internet Explorer inside Firefox as a tab to browse the websites that works only on IE? This is exactly what Firefox add-on IE Tab does as explained below. This is a great tool for web developers, since you can easily see how your web page displayed in IE with just one click and then switch back to Firefox.

Critical Red Hat Enterprise Linux Kernel Update

nixCraft — Wed, 01 Oct 2008 08:44:57 +0000

Red Hat issued an update version of Linux operating system core called kernel that plugs various security holes for RHEL 5.x. This update has been rated as having important security impact. All users are advised to upgrade kernel package.

Red Hat / CentOS Linux 5.x: Perl Performance Bug Fix Available

nixCraft — Sun, 21 Sep 2008 11:22:18 +0000

Perl version supplied with RHEL has bug, which will result code running at least 100 times slower than expected speed. Now, Red Hat updated perl packages that fix a performance issue. Earlier only solution was installing your own perl under /usr/local or other location. This fix will now take care of performance penalty.