Lighttpd Install mod_geoip For Country / City Level Geo Targeting

Posted on in Categories CentOS, Debian Linux, FreeBSD, Gentoo Linux, Howto, lighttpd, Linux, Networking, package management, RedHat/Fedora Linux, Suse Linux, Ubuntu Linux, UNIX last updated March 29, 2009

Geolocation software is used to get the geographic location of visitor using IP address. You can determine country, organization and guess visitors location. This is useful for:

a] Fraud detection.

b] Geo marketing and ad serving.

c] Target content.

d] Spam fighting.

e] And much more.

mod_geoip is a Lighttpd module for fast ip/location lookups. In this tutorial you will learn about mod_geoip installation and php server side examples to determine visitors country.

Firewall Builder: Generate The Web Server Firewall Cluster Running Linux or OpenBSD

Posted on in Categories Iptables, Linux, OpenBSD, Security last updated March 25, 2009
Firewall Builder Logo

This article continues mini-series started with the post Introduction to Firewall Builder 4.0. This article is also available as a section in the “Firewall Builder Cookbook” chapter of Firewall Builder Users Guide 4.0.

Firewall Builder 4.0 is currently in beta testing phase. If you find it interesting after reading this post, please download and try it out. Source code archives, binary deb and rpm packages for popular Linux distributions and commercially distributed Windows and Mac OS X packages are available for download here.

In this post I demonstrate how Firewall Builder can be used to generate firewall configuration for a clustered web server with multiple virtual IP addresses. The firewall is running on each web server in the cluster. This example assumes the cluster is built with heartbeat using “old” style configuration files, but which high availability software is used to build the cluster is not really essential. I start with the setup that consists of two identical servers running Linux but in the end of the article I am going to demonstrate how this configuration can be converted to OpenBSD with CARP.

This entry is part 1 of 4 in the series Linux Firewall Cluster Configuration with Firewall Builder v4.:

Firewall Builder: Convert Linux Iptables Configuration to OpenBSD and PF

Posted on in Categories Iptables, Linux, OpenBSD, Security last updated March 25, 2009

Lets see how much effort it is going to take to convert this configuration to entirely different firewall platform – PF on OpenBSD. There are different ways to do this. I could make a copy of each member firewall (linux-test-1 and linux-test-2), set platform and host OS in the copy to PF and OpenBSD and then create new cluster object. This would be a sensible way because it preserves old objects which helps to roll back in case something does not work out. However, to make the explanation shorter, I am going to make the changes in place by modifying existing objects.

Poll: Your Favorite Scripting Language?

Posted on in Categories Ask nixCraft, C Programming, Linux, Perl, php, Poll, programming, python, Shell scripting, Sys admin, UNIX last updated March 17, 2009

Like most sys admin, I’m lazy. I try to automate almost all things in order to save time. Inexperienced sys admin and help desk staff working under me finds all these tools useful. It saves their time and avoids security issues. Automation allows help desk staff to do things that they don’t have enough direct system knowledge to do themselves. However, selecting correct tool and applying correct methodology is very important.

Note: There is a poll embedded within this post, please visit the site to participate in this post’s poll.

Linux Proves – The Best Things In Life Are Free

Posted on in Categories Linux, Linux desktop, RedHat/Fedora Linux last updated March 16, 2009

They say – there’s no such thing as a free lunch. But, Linux and FOSS software can be used to start, run and grow your business for, you guessed it, free. February survey of IT managers by IDC indicated that hard times are accelerating the adoption of Linux. The open source operating system will emerge from the recession in a stronger data center position than before, concluded an IDC white paper.

Introduction to Firewall Builder 4.0

Posted on in Categories Iptables, PF Firewall, Security last updated March 16, 2009

This is the first article in the mini-series of two articles about Firewall Builder.

Systems administrators have a choice of modern Open Source and commercial firewall platforms at their disposal. They could use netfilter/iptables on Linux, PF, ipfilter, ipfw on OpenBSD and FreeBSD, Cisco ASA (PIX) and other commercial solutions. All these are powerful implementations with rich feature set and good performance. Unfortunately, managing security policy manually with all of these remains non-trivial task for several reasons. Even though the configuration language can be complex and overwhelming with its multitude of features and options, this is not the most difficult problem in my opinion. Administrator who manages netfilter/iptables, PF or Cisco firewall all the time quickly becomes an expert in their platform of choice. To do the job right, they need to understand internal path of the packet inside Linux or BSD kernel and its interaction with different parts of packet filtering engine. Things get significantly more difficult in the installations using different OS and platforms where the administrator needs to switch from netfilter/iptables to PF to Cisco routers and ASA to implement coordinated changes across multiple devices. This is where making changes get complicated and probability of human error increases. Unfortunately typos and more significant errors in firewall or router access list configurations lead to either service downtime or security problems, both expensive in terms of damage and time required to fix.

Missing Memory

Posted on in Categories Howto, Linux, RedHat/Fedora Linux, Sys admin, Troubleshooting, UNIX, Windows server last updated March 13, 2009

Today, I’ve upgraded total 8 servers from 4GiB to 8GiB to improve performance of system by inserting additional memory modules. We started each server and checked for memory count at console. All severs booted normally after the upgrade and services such as SMTP, NFS, CIFS, HTTP started as expected. Shortly, afterwords I got a call from help desk about pop3 server for slow performance.

Do You Blame Users For IT Security?

Posted on in Categories Linux, Linux desktop, Security, Sys admin, UNIX, Windows, windows vista last updated March 12, 2009

An interesting article published by security guru Bruce Schneier:

Blaming the victim is common in IT: users are to blame because they don’t patch their systems, choose lousy passwords, fall for phishing attacks, and so on. But, while users are, and will continue to be, a major source of security problems, focusing on them is an unhelpful way to think.

=> Blaming the user is easy – but it’s better to bypass them altogether