In Linux and UNIX system services are configured using various text files located in /etc/ or /usr/local/etc/ directory tree. A typical server system could have dozens of configuration files.You can check your configuration files for syntax errors without starting the server and validate all settings. In some cases, it is possible to to check the sanity of the specific data (such as keys) or directories (such as /var/lib/cache/). Text files are easier to manage remotely. You can use ssh and a text editor. If there is an error in configuration, the server may not start. It may result in a disaster. This post explains how to quickly find out a syntax error for popular servers and test configuration file for syntax errors.
Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.
Internet has revolutionized the way online users can shop and avail banking services like internet Banking from anywhere, anytime without visiting bank. But, how safe is your money with online net-banking which allows to carry out money transfer? Companies and in some case individuals lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. The cyber crooks are targeting innocent MS-Windows user. If you are concerned about how best to protect yourself from this type of fraud, use Linux LiveCD for online banking and avoid Microsoft Windows at all cost.
OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.
As a system admin, I need to use additional hard drives for to provide more storage space or to separate system data from user data. This procedure, adding physical block devices to virtualized guests, describes how to add a hard drive on the host to a virtualized guest using VMWare software running Linux as guest.
It is possible to add or remove a SCSI device explicitly, or to re-scan an entire SCSI bus without rebooting a running Linux VM guest. This how to is tested under Vmware Server and Vmware Workstation v6.0 (but should work with older version too). All instructions are tested on RHEL, Fedora, CentOS and Ubuntu Linux guest / hosts operating systems.
A redundant array of inexpensive disks (RAID) allows high levels of storage reliability. RAID is not a backup solution. It is used to improve disk I/O (performance) and reliability of your server or workstation. A RAID can be deployed using both software and hardware. But the real question is whether you should use a hardware RAID solution or a software RAID solution.
I’ve Windows Vista installed as a guest under Ubuntu Linux using VMWARE Workstation 6.0. This is done for testing purpose and browsing a few site that only works with Internet Explorer. Since I only use it for testing I made 16GB for Vista and 5GB for CentOS and 5GB in size for FreeBSD guest operating systems. However, after some time I realized I’m running out of disk space under both CentOS and Vista. Adding a second hard drive under CentOS solved my problem as LVM was already in use. Unfortunately, I needed to double 32GB space without creating a new D: drive under Windows Vista. Here is a simple procedure to increase your Virtual machine’s disk capacity by resizing vmware vmdk file.
From my mailbag:
How do I find out if a given PCI hardware is supported of by the current CentOS / Debian / RHEL / Fedora Linux kernel?
You can easily find out find out if a given piece of PCI hardware such as RAID, network, sound, graphics card is supported or not by the current Linux kernel using the following utilities under any Linux distributions.
The Blue Screen of Death (BSoD) is used for the error screen displayed by Microsoft Windows, after encountering a critical system. Linux / UNIX like operating system may get a kernel panic. It is just like BSoD. The BSoD and a kernel panic generated using a Machine Check Exception (MCE). MCE is nothing but feature of AMD / Intel 64 bit systems which is used to detect an unrecoverable hardware problem.
Program such mcelog decodes machine check events (hardware errors) on x86-64 machines running a 64-bit Linux kernel. It should be run regularly as a cron job on any x86-64 Linux system. This is useful for predicting server hardware failure before actual server crash.
The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:
- All TCP sockets.
- All UDP sockets.
- All established ssh / ftp / http / https connections.
- All local processes connected to X server.
- Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
- All the tcp sockets in state FIN-WAIT-1 and much more.