Debunking the "Linux is virus free" Myth

Posted on in Categories Debian Linux, Howto, Linux, Linux desktop, RedHat/Fedora Linux, Security, Shell scripting, Ubuntu Linux, Windows, windows vista last updated February 11, 2009

Is Linux is virus free? The author of foobar blog provides some insight about the same. Linux users can’t just catch a virus by email or downloading malware from the Internet, contrary to “those Windows users”. From the foobar blog post:

Then you save an email attachment under Linux, the execute flag is normally NOT set and thus, the file can’t be executed just by clicking on it. So, no luck?

Vsftpd FTP Server With Virtual Users ( Berkeley DB + PAM )

Posted on in Categories CentOS, FTP Server, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security last updated January 21, 2009

VSFTPD supports virtual users with PAM (pluggable authentication modules). A virtual user is a user login which does not exist as a real login on the system in /etc/passwd and /etc/shadow file. Virtual users can therefore be more secure than real users, because a compromised account can only use the FTP server but cannot login to system to use other services such as ssh or smtp.

Vsftpd Set Download Only Anonymous Internet Server

Posted on in Categories CentOS, fedora linux, Howto, Iptables, Linux, Networking, PF Firewall, RedHat/Fedora Linux, Security last updated January 21, 2009

This example shows how you might set up a large internet facing FTP site for distributing file or software updates. The emphasis will be on security and performance. VSFTPD will make sure only world-readable files and directories are served to the world via anonymous / ftp account. You force to originates FTP port connections from a secure port – so users on the FTP server cannot try and fake file content. You will hide the FTP server user IDs and just display ftp in directory listings. This is also a performance boost. Set a 40000-60000 port range for passive connections. This will help firewall setup.

CentOS / RHEL: Vsftpd SSL / TLS FTP Server Configuration

Posted on in Categories CentOS, FTP Server, Linux, Networking, RedHat/Fedora Linux, Security last updated January 21, 2009

Vsftpd FTP server supports secure connections via SSL / TLS, same encryption used with online banking and shopping. This applies to the control connection (including login) and also data connections. You will need a ftp client with SSL support too. In this post, I am going to show you how To configure vsftpd to yse SSL/TLS on a CentOS or Red Hat Enterprise Linux (RHEL) version 5.x/6.x to secure communication.

FreeBSD Turn On Process Accounting – Track System Resources Used By Users

Posted on in Categories FreeBSD, Howto, Monitoring, Security, Sys admin, Tips, Troubleshooting, Tuning last updated January 8, 2009

I’ve already written about Linux process accounting under Linux ( see how to keep a detailed audit trail of what’s being done on your Linux systems). You can easily setup process accounting under FreeBSD. This tutorial expalins how to enable and utilizing FreeBSD process accounting including many other useful options are explained to keep track of system resources used, and their allocation among users.

Top 10 Linux Virtualization Software

Posted on in Categories Linux, Linux desktop, Linux distribution, Linux Scalability, Linux Virtualization, Networking, RedHat/Fedora Linux, Security, Solaris, Storage, Ubuntu Linux, UNIX, vmware, Windows server, xen last updated December 31, 2008

Virtualization is the latest buzz word. You may wonder computers are getting cheaper every day, why should I care and why should I use virtualization? Virtualization is a broad term that refers to the abstraction of computer resources such as:

  1. Platform Virtualization
  2. Resource Virtualization
  3. Storage Virtualization
  4. Network Virtualization
  5. Desktop Virtualization

This article describes why you need virtualization and list commonly used FOSS and proprietary Linux virtualization software.

Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port

Posted on in Categories Apache, CentOS, fedora linux, Howto, lighttpd, Networking, php, RedHat/Fedora Linux, Security, Tips, Troubleshooting, Tuning last updated December 30, 2008

Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.

Red Hat / CentOS Apache 2 FastCGI PHP Configuration

Posted on in Categories Apache, CentOS, Howto, Networking, package management, php, RedHat/Fedora Linux, Security, Tips last updated December 30, 2008

FastCGI is a protocol for interfacing interactive programs with a web server. FastCGI’s main aim is to reduce the overhead associated with interfacing the web server and CGI programs, allowing a server to handle more web page requests at once.

Also, PHP is not recommended with multithreaded Apache2 (worker MPM) because of performance and some 3rd party PHP extensions are not not guaranteed thread-safe.

nginx and lighttpd has inbuilt support for FastCGI. For Apache web server you need to use either mod_fastcgi or mod_fcgid.

mod_fastcgi allows server and application processes to be restarted independently — an important consideration for busy web sites. It also facilitates per-application security policies — important for ISPs and web hosting companies.

In this quick tutorial, you will learn about Apache 2 + mod_fastcgi + PHP installation and configuration under Red Hat Enterprise Linux / CentOS Linux version 5.x+.