Important: Openssl Security Update [CVE-2008-5077]

Posted on in Categories CentOS, Debian Linux, fedora linux, FreeBSD, GNU/Open source, Howto, Linux, News, RedHat/Fedora Linux, Security Alert, Slackware, Suse Linux, Sys admin last updated January 8, 2009

Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.

The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a “man in the middle” attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.

BIND Named: Set a Zone Transfer IP Address For Master DNS Server

Posted on in Categories BIND Dns, CentOS, data center, fedora linux, FreeBSD, High performance computing, Linux Scalability, RedHat/Fedora Linux, Troubleshooting last updated January 8, 2009

I’ve three nameserver load-balanced (LB) in three geo locations. Each LB has a front end public IP address and two backend IP address (one for BIND and another for zone transfer) are assigned to actual bind 9 server running Linux. So when a zone transfer initiates from slave server, all I get errors. A connection cannot be established, it tries again with the servers main ip or LB2 / LB3 ip. This is a problem because my servers are geo located and load balanced. However, there is a small workaround for this problem.

XEN Virtualization Set The MTU For xenbr0 Interface

Posted on in Categories CentOS, Debian Linux, fedora linux, Gentoo Linux, High performance computing, kernel, Linux, Linux Virtualization, Networking, RedHat/Fedora Linux, xen last updated December 31, 2008

I’ve already written about setting the MTU (Maximum Transmission Unit) under Linux including Jumbo frames (FreeBSD specific MTU information is here).

With this quick tip you can increase MTU size to get a better networking performance.

Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port

Posted on in Categories Apache, CentOS, fedora linux, Howto, lighttpd, Networking, php, RedHat/Fedora Linux, Security, Tips, Troubleshooting, Tuning last updated December 30, 2008

Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.

Red Hat / CentOS Apache 2 FastCGI PHP Configuration

Posted on in Categories Apache, CentOS, Howto, Networking, package management, php, RedHat/Fedora Linux, Security, Tips last updated December 30, 2008

FastCGI is a protocol for interfacing interactive programs with a web server. FastCGI’s main aim is to reduce the overhead associated with interfacing the web server and CGI programs, allowing a server to handle more web page requests at once.

Also, PHP is not recommended with multithreaded Apache2 (worker MPM) because of performance and some 3rd party PHP extensions are not not guaranteed thread-safe.

nginx and lighttpd has inbuilt support for FastCGI. For Apache web server you need to use either mod_fastcgi or mod_fcgid.

mod_fastcgi allows server and application processes to be restarted independently — an important consideration for busy web sites. It also facilitates per-application security policies — important for ISPs and web hosting companies.

In this quick tutorial, you will learn about Apache 2 + mod_fastcgi + PHP installation and configuration under Red Hat Enterprise Linux / CentOS Linux version 5.x+.

Linux: Boot a 2TB+ partition or Larger Array Using Grub

Posted on in Categories CentOS, data center, fedora linux, File system, Gentoo Linux, Hardware, High performance computing, Howto, kernel, Linux, Linux Scalability, Linux Virtualization, RedHat/Fedora Linux, Storage, Tips, vmware, xen last updated December 4, 2008

I’ve already written about creating a partition size larger than 2TB under Linux using GNU parted command with GPT. In this tutorial, I will provide instructions for booting to a flat 2TB or larger RAID array under Linux using the GRUB boot loader.

Linux / UNIX: Find Out If a Directory Exists or Not

Posted on in Categories CentOS, Debian Linux, File system, Gentoo Linux, Howto, Linux, Open source coding, programming, RedHat/Fedora Linux, Shell scripting, Suse Linux, Sys admin, Ubuntu Linux, UNIX last updated November 16, 2008

I’ve already written a small tutorial about finding out if a file exists or not under Linux / UNIX bash shell. However, couple of our regular readers like to know more about a directory checking using if and test shell command.