Anyone who has never made a mistake has never tried anything new. -- Albert Einstein.
Here
are a few mistakes that I made while working at UNIX prompt. Some
mistakes caused me a good amount of downtime. Most of these mistakes are
from my early days as a UNIX admin.
Showing posts with label Linux server. Show all posts
Showing posts with label Linux server. Show all posts
Friday, 27 December 2013
20 tutorial:Sure Unix / Linux Configuration Files From Syntax Errors
In Linux and UNIX in general, services
are configured using various text files,in the /etc/ directory trees. A
typical server system could have dozens of configuration files. It is
important that you check the validity of the configuration file. In some
cases it is possible to to check the sanity of the special data (such
as keys) or directories (such as /var/lib/cache/). Text files are easier
to manage remotely. You can use ssh and a text editor. If there is an
error in configuration, server may not start. This may result into a
disaster. In this article I will explains howto find out a syntax error
for popular servers and test configuration file for syntax errors.
Top 20 Nginx WebServer Best Security
Nginx is a lightweight, high
performance web server/reverse proxy and e-mail (IMAP/POP3) proxy. It
runs on UNIX, GNU/Linux, BSD variants, Mac OS X, Solaris, and Microsoft
Windows. According to Netcraft, 6% of all domains on the Internet use
nginx webserver. Nginx is one of a handful of servers written to address
the C10K problem. Unlike traditional servers, Nginx doesn't rely on
threads to handle requests. Instead it uses a much more scalable
event-driven (asynchronous) architecture. Nginx powers several high
traffic web sites, such as WordPress, Hulu, Github, and SourceForge.
This page collects hints how to improve the security of nginx web
servers running on Linux or UNIX like operating systems.
Linux: 20 Iptables Examples
Linux comes with a host based firewall called Netfilter. According to the official project site:
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.
20 Linux Server Hardening Security Tips
#1: Encrypt Data Communication
All data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or using keys / certificates.- Use scp, ssh, rsync, or sftp for file transfer. You can also mount remote server file system or your own home directory using special sshfs and fuse tools.
- GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories.
- Fugu is a graphical frontend to the commandline Secure File Transfer application (SFTP). SFTP is similar to FTP, but unlike FTP, the entire session is encrypted, meaning no passwords are sent in cleartext form, and is thus much less vulnerable to third-party interception. Another option is FileZilla - a cross-platform client that supports FTP, FTP over SSL/TLS (FTPS), and SSH File Transfer Protocol (SFTP).
- OpenVPN is a cost-effective, lightweight SSL VPN.
- Lighttpd SSL (Secure Server Layer) Https Configuration And Installation
- Apache SSL (Secure Server Layer) Https (mod_ssl) Configuration And Installation
Tutorial Linux: 25 PHP Security Best Practices For System Administrator
PHP is an open-source server-side
scripting language and it is a widely used. The Apache web server
provides access to files and content via the HTTP OR HTTPS protocol. A
misconfigured server-side scripting language can create all sorts of
problems. So, PHP should be used with caution. Here are twenty-five php security best practices for sysadmins for configuring PHP securely.
Tutorial 30 Handy Bash Shell Aliases For Linux - Unix - Mac OS
An alias is nothing but shortcut to
commands. The alias command allows user to launch any command or group
of commands (including options and filenames) by entering a single word.
Use alias command to display list of all defined aliases. You can add
user defined aliases to ~/.bashrc file. You can cut down typing time with these aliases, work smartly, and increase productivity at the command prompt.
Configure and Install With IPv6 Networking Support on Nginx
Compile Nginx With IPv6 Support
You need to pass the --with-ipv6 option to configure command. Type the following command to compile it, enter:# cd /path/to/nginx-src-code/
# ./configure --without-http_autoindex_module --without-http_userid_module \
--without-http_auth_basic_module --without-http_geo_module \
--without-http_fastcgi_module --without-http_empty_gif_module \Block And Deny IP Address OR Network Subnets on Nginx
Nginx comes with a simple module called ngx_http_access_module to allow or deny access to IP address. The syntax is as follows:
deny IP; deny subnet; allow IP; allow subnet; # block all ips deny all; # allow all ips allow all;Note rules are checked in the order of their record to the first match.
HowTo Block User Agent on Nginx
How do I block a http user agent or a software agent using Nginx web server under Linux or Unix like operating systems?
You can block any http user agents with GET / POST requests that scrape your content or try to exploit software vulnerability. Use the following syntax. Edit /usr/local/nginx/conf/nginx.conf file, enter:
You can block any http user agents with GET / POST requests that scrape your content or try to exploit software vulnerability. Use the following syntax. Edit /usr/local/nginx/conf/nginx.conf file, enter:
Nginx Redirect URL With HTTP/1.1 301 Moved Permanently Header
How do I redirect old ugly urls such as
http://example.com/store/view.jsp?product=foo with clean url -
http://example.com/store/view/product/foo using nginx reverse proxy?
You need to use HttpRewriteModule under nginx web server. This module makes it possible to change URI using regular expressions (PCRE), and to redirect and select configuration depending on variables. The syntax is as follows to chage URI in accordance with the regular expression and the replacement string.
You need to use HttpRewriteModule under nginx web server. This module makes it possible to change URI using regular expressions (PCRE), and to redirect and select configuration depending on variables. The syntax is as follows to chage URI in accordance with the regular expression and the replacement string.
Too Many Open Files Error And Solution on Nginx
I'm getting the following error in my nginx server error log file:
2010/04/16 13:24:16 [crit] 21974#0: *3188937 open() "/usr/local/nginx/html/50x.html" failed (24: Too many open files), client: 88.x.y.z, server: example.com, request: "GET /file/images/background.jpg HTTP/1.1", upstream: "http://10.8.4.227:81//file/images/background.jpg", host: "example.com"
Setup SSL Reverse Proxy (Load Balanced SSL Proxy) on Nginx
A reverse proxy is a proxy server that
is installed in a server network. Typically, reverse proxies are used in
front of Web servers such as Apache, IIS, and Lighttpd. How do I setup
nginx web server as SSL reverse proxy?
When you've multiple backend web servers, encryption / SSL acceleration can be done by a reverse proxy. Nginx can act as SSL acceleration software. It provided the following benefits:
Easy of use : Nginx is easy to setup and upgrade.
When you've multiple backend web servers, encryption / SSL acceleration can be done by a reverse proxy. Nginx can act as SSL acceleration software. It provided the following benefits:
mod_extforward: Lighttpd Log Clients Real IP Behind Reverse Proxy / Load Balancer
I've setup 5 lighttpd web servers
behind Nginx based reverse proxy / load balancer to distribute load for
busy e-commerce website. However, all web server nodes putting my load
balncers two IP address in access log file. How do I force lighttpd to
log a real IP (public IP) address of all client computers visiting our
website?
You need to use mod_extforward under Lighttpd to extract and log the client's real IP from "X-Forwarded-For" or "X-Real-IP" header which is added by reverse proxy server such as Nginx or Squid proxy server.
You need to use mod_extforward under Lighttpd to extract and log the client's real IP from "X-Forwarded-For" or "X-Real-IP" header which is added by reverse proxy server such as Nginx or Squid proxy server.
Create Custom 404 / 403 Error Page on NGINX
How do I create a custom static HTTP 404 or HTTP 403 error page under nginx web server?
First create 404.html in your document root. The default is location is /usr/local/nginx/html/. So create a HTML file as follows:
First create 404.html in your document root. The default is location is /usr/local/nginx/html/. So create a HTML file as follows:
Nginx Redirect All HTTP Request To HTTPS Rewrite Rules
have setup nginx as a secure reverse proxy server. How do I redirect all http://example.com/ requests (traffic) to https://example.com/ under nginx web server?
The syntax is as follows. You need to add the following in location or server directives:
The syntax is as follows. You need to add the following in location or server directives:
Fixed Nginx: 413 Request Entity Too Large Error and Solution
'm running nginx as a frond end to php
based Apache+mod_fastcgi server. My app lets user upload images upto 2MB
in size. When users trying to upload 1.5MB+ size image file using
nginx reverse proxy, they are getting the following error on screen:
You need to configure both nginx and php to allow upload size.
Nginx 413 Request Entity Too LargeHow do I fix this problem and allow image upload upto 2MB in size using nginx web-server working in reverse proxy or stand-alone mode on Unix like operating systems?
You need to configure both nginx and php to allow upload size.
MySQL ERROR 1018: Unable to Follow Symlink in Ubuntu
I recently had a issue getting MySQL to read a specific
database. Each time I tried to manually query a table in the database, I
received the following error message:
ERROR 1018 (HY000): Can't read dir of './default/' (errno: 13)I’ve seen this message before as it means that there is a permissions issue. I checked the ownerships and permissions, and everything seemed to be in order.
Fix WHM/cPanel cPHulk Brute Force Protection Lock Out Via SSH
message:
Brute Force Protection
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
How can I add an IP address to my Linux Server
Adding an IP address to a CentOS server is very easy.
- Go to the network configuration directory /etc/sysconfig/network-scripts
- Create a file with the name ifcfg-eth0:1 (This file increments, so if you already have several IP addresses you need to add the next increment, such as ifcfg-eth0:3 for the 4th IP)
- Paste the following contents into the file:
Subscribe to:
Posts (Atom)