Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)

Posted on in Categories CentOS, Debian Linux, fedora linux, Gentoo Linux, GNU/Open source, Linux, Linux distribution, Networking, RedHat/Fedora Linux, Security, Slackware, Suse Linux, Ubuntu Linux last updated June 18, 2009

Linux kernel is the central component of Linux operating systems. It is responsible for managing the system’s resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience.

Poll: Common Causes Of Downtime In Your Data Center

Posted on in Categories Business, data center, Hardware, High performance computing, Linux, Poll, Storage, UNIX last updated June 18, 2009

Unplanned downtime may be the result of a software bug, human error, equipment failure, power failure, and much more. Last week was a bad one. We faced three different downtime:

  • First, there was a fiber cut for one of our data center resulting into routing anomalies due BGP reroute. Traffic was rerouted but updating those BGP tables took some time to update.
  • Someone from networking team failed to follow proper maintenance procedures for network device resulted into 55 minutes downtime.
  • One of our SAN hardware failure – Many internal UNIX / Linux web applications use SAN to store data including file server, tracking apps, R&D apps, IT help desk, LAN and WAN servers failed. This one lasted for 12 hrs. It was stared around midnight. The vendor replaced entire SAN hardware. Now we have dual stacked SAN as a backup device for internal usage.

Note: There is a poll embedded within this post, please visit the site to participate in this post’s poll.

Lighttpd mod_rrdtool: Monitor The Load, Requests Per Seconds and Traffic

Posted on in Categories CentOS, Debian Linux, fedora linux, Hardware, Howto, lighttpd, Linux, Monitoring, RedHat/Fedora Linux, Ubuntu Linux last updated June 18, 2009

The round-robin database tool aims to handle time-series data like network bandwidth, temperatures, CPU load etc. The data gets stored in round-robin database so that system storage footprint remains constant over time. Lighttpd comes with mod_rrdtool to monitor the server load and other details. This is useful for debugging and tuning lighttpd / fastcgi server performance.

Red Hat / CentOS VSFTPD FTP Server Configuration

Posted on in Categories CentOS, FTP Server, Howto, Iptables, Linux, RedHat/Fedora Linux, Security, User Management last updated November 16, 2013

Vsftpd (Very Secure FTP Daemon) is an FTP server for UNIX-like systems, including CentOS / RHEL / Fedora and other Linux distributions. It supports IPv6, SSL, locking users to their home directories and many other advanced features.

In this guide you will learn:

  1. Setup vsftpd to provide FTP service.
  2. Configure vsftpd.
  3. Configure Firewalls to protect the FTP server.
  4. Configure vsftpd with SSL/TLS.
  5. Setup vsftpd as download only anonymous internet server.
  6. Setup vsftpd with virtual users and more.

Linux HugeTLBfs: Improve MySQL Database Application Performance

Posted on in Categories CentOS, Hardware, High performance computing, Howto, MySQL, RedHat/Fedora Linux last updated May 20, 2009

Applications that perform a lot of memory accesses (several GBs) may obtain performance improvements by using large pages due to reduced Translation Lookaside Buffer (TLB) misses. HugeTLBfs is memory management feature offered in Linux kernel, which is valuable for applications that use a large virtual address space. It is especially useful for database applications such as MySQL, Oracle and others. Other server software(s) that uses the prefork or similar (e.g. Apache web server) model will also benefit.

The CPU’s Translation Lookaside Buffer (TLB) is a small cache used for storing virtual-to-physical mapping information. By using the TLB, a translation can be performed without referencing the in-memory page table entry that maps the virtual address. However, to keep translations as fast as possible, the TLB is usually small. It is not uncommon for large memory applications to exceed the mapping capacity of the TLB. Users can use the huge page support in Linux kernel by either using the mmap system call or standard SYSv shared memory system calls (shmget, shmat).

FreeBSD 7.2 Review: Improved Virtualization

Posted on in Categories FreeBSD, Hardware, News, package management last updated May 4, 2009

FreeBSD is just plain old good UNIX with rock solid networking stack. It is quite popular amongst hosting companies, ISPs, portals (such as Yahoo) and a few large financial institutions because of its reliability, robustness and performance.

A new version of the FreeBSD is scheduled for release next week (4-May-2009). A beta 2 was made available for download few weeks ago for final round of testing before the official launch.