Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.
The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a “man in the middle” attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.
This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.
I’ve three nameserver load-balanced (LB) in three geo locations. Each LB has a front end public IP address and two backend IP address (one for BIND and another for zone transfer) are assigned to actual bind 9 server running Linux. So when a zone transfer initiates from slave server, all I get errors. A connection cannot be established, it tries again with the servers main ip or LB2 / LB3 ip. This is a problem because my servers are geo located and load balanced. However, there is a small workaround for this problem.
I’ve already written about setting the MTU (Maximum Transmission Unit) under Linux including Jumbo frames (FreeBSD specific MTU information is here).
With this quick tip you can increase MTU size to get a better networking performance.
Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.
FastCGI is a protocol for interfacing interactive programs with a web server. FastCGI’s main aim is to reduce the overhead associated with interfacing the web server and CGI programs, allowing a server to handle more web page requests at once.
Also, PHP is not recommended with multithreaded Apache2 (worker MPM) because of performance and some 3rd party PHP extensions are not not guaranteed thread-safe.
nginx and lighttpd has inbuilt support for FastCGI. For Apache web server you need to use either mod_fastcgi or mod_fcgid.
mod_fastcgi allows server and application processes to be restarted independently — an important consideration for busy web sites. It also facilitates per-application security policies — important for ISPs and web hosting companies.
In this quick tutorial, you will learn about Apache 2 + mod_fastcgi + PHP installation and configuration under Red Hat Enterprise Linux / CentOS Linux version 5.x+.
This is 3rd and the final installment for Apache Chroot Jail for CentOS / RHEL series. Once Apache is configured with mod_chroot, you may need to test and debug problems. This article will provide a few troubleshooting tips.
In this second part you will learn about creating user accounts, SKEL directory and virtual hosting configuration under chrooted Apache jail.
I’ve already written about creating a partition size larger than 2TB under Linux using GNU parted command with GPT. In this tutorial, I will provide instructions for booting to a flat 2TB or larger RAID array under Linux using the GRUB boot loader.
fold is really nifty command line utility to make a text file word wrap. This is useful for large number of text files processing. There is no need to write a perl / python code or use a word processor.
I’ve already written a small tutorial about finding out if a file exists or not under Linux / UNIX bash shell. However, couple of our regular readers like to know more about a directory checking using if and test shell command.