Important: Openssl Security Update [CVE-2008-5077]

in Categories CentOS, Debian Linux, fedora linux, FreeBSD, GNU/Open source, Howto, Linux, News, RedHat/Fedora Linux, Security Alert, Slackware, Suse Linux, Sys admin last updated January 8, 2009

Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.

The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a “man in the middle” attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.

BIND Named: Set a Zone Transfer IP Address For Master DNS Server

in Categories BIND Dns, CentOS, data center, fedora linux, FreeBSD, High performance computing, Linux Scalability, RedHat/Fedora Linux, Troubleshooting last updated January 8, 2009

I’ve three nameserver load-balanced (LB) in three geo locations. Each LB has a front end public IP address and two backend IP address (one for BIND and another for zone transfer) are assigned to actual bind 9 server running Linux. So when a zone transfer initiates from slave server, all I get errors. A connection cannot be established, it tries again with the servers main ip or LB2 / LB3 ip. This is a problem because my servers are geo located and load balanced. However, there is a small workaround for this problem.

Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port

in Categories Apache, CentOS, fedora linux, Howto, lighttpd, Networking, php, RedHat/Fedora Linux, Security, Tips, Troubleshooting, Tuning last updated December 30, 2008

Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.

Linux: Boot a 2TB+ partition or Larger Array Using Grub

in Categories CentOS, data center, fedora linux, File system, Gentoo Linux, Hardware, High performance computing, Howto, kernel, Linux, Linux Scalability, Linux Virtualization, RedHat/Fedora Linux, Storage, Tips, vmware, xen last updated December 4, 2008

I’ve already written about creating a partition size larger than 2TB under Linux using GNU parted command with GPT. In this tutorial, I will provide instructions for booting to a flat 2TB or larger RAID array under Linux using the GRUB boot loader.

Download Fedora 10 CD / DVD ISO

in Categories Download of the day, fedora linux, GNU/Open source, Linux, Linux desktop, Linux distribution last updated November 25, 2008

Fedora Linux version 10 has been released and available for download. Fedora Linux is a community-based Linux distribution. Fedora is sponsored by Red Hat, Inc.

Fedora 10 Desktop

Fedora 10, codenamed “Cambridge”, was released on November 25, 2008. The features include a web-based package installer similar to Linux Mint’s, a faster startup using Plymouth instead of Red Hat Graphical Boot, better webcam support, GNOME 2.24, KDE 4.1, RPM 4.6 and many other features.

Linux: Should You Use Twice the Amount of Ram as Swap Space?

in Categories data center, Debian Linux, fedora linux, File system, FreeBSD, Gentoo Linux, kernel, Linux, Linux desktop, Linux laptop, OpenBSD, RedHat/Fedora Linux, Solaris, Storage, Suse Linux, Tuning, Ubuntu Linux, UNIX last updated June 8, 2017

Linux and other Unix-like operating systems use the term “swap” to describe both the act of moving memory pages between RAM and disk and the region of a disk the pages are stored on. It is common to use a whole partition of a hard disk for swapping. However, with the 2.6 Linux kernel, swap files are just as fast as swap partitions. Now, many admins (both Windows and Linux/UNIX) follow an old rule of thumb that your swap partition should be twice the size of your main system RAM. Let us say I’ve 32GB RAM, should I set swap space to 64 GB? Is 64 GB of swap space required? How big should your Linux / UNIX swap space be?

Linux tgtadm: Setup iSCSI Target ( SAN )

in Categories CentOS, data center, Debian Linux, fedora linux, File system, GNU/Open source, Hardware, Linux, Storage last updated November 11, 2008

Linux target framework (tgt) aims to simplify various SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation and maintenance. The key goals are the clean integration into the scsi-mid layer and implementing a great portion of tgt in user space.

The developer of IET is also helping to develop Linux SCSI target framework (stgt) which looks like it might lead to an iSCSI target implementation with an upstream kernel component. iSCSI Target can be useful:

a] To setup stateless server / client (used in diskless setups).
b] Share disks and tape drives with remote client over LAN, Wan or the Internet.
c] Setup SAN – Storage array.
d] To setup loadbalanced webcluser using cluster aware Linux file system etc.

In this tutorial you will learn how to have a fully functional Linux iSCSI SAN using tgt framework.

Security Alert: How To Stop Firefox Clickjacking Exploit Attack

in Categories CentOS, Debian Linux, fedora linux, Linux, Linux desktop, Mozilla, OS X, RedHat/Fedora Linux, Security, Security Alert, Windows, windows vista last updated September 26, 2008

Really scary exploit attack in wild, which affects all browsers under any desktop operating systems including MS IE, Linux, Apple safari, Opera, Firefox and Adobe flash. Any website that uses CSS and IFRAME (used to serve ads) can be used to attack on end users as attacker is able to take control of the links that your browser visits. In this article I will share few tips to stop this deadly attack until final patch is released by vendors.