Aug.2008
in apache installation security
Installation of mod_security from source is very easy, but did not quite go according to the published documentation on CentOS 5. Following is a brief detail on steps required.
We use DenyHosts on several servers to keep the annoying kids in the neighborhood from banging on the ssh door all day. This has been working fine for years. But getting it working for FTP or other authenticated services was thought to be impossible by some. It isn’t impossible - but it is a little tricky. Here is how it is done.
As of today, the local cable utility monopoly has decided to block outgoing port 25 in our neighborhood. Strange it took them this long - but it means sending email suddenly became a bit of a problem this morning, because we are in that “technically savvy” minority that owns their own off-site mail server.
I initially thought this should motivate me to get SMTP running over SSL on my mail server (POP3 already is), but Plesk makes life more complicated for the admin, as usual. Then I came across a knowledgebase article at mediatemple that helped get xinetd to listen on a non-standard port that Comcast is not so concerned with, an inferior but much easier solution. It was so easy I felt I should write a blog entry to make up for saved time.
Due to voracious memory consumption issues that were bringing down the server, I had to upgrade the backgroundrb plugin inside a certain Rails app from version 0.2.1 (from Nov 06) to the latest svn trunk, which uses fork() and exec() properly, and seems to be a near-total rewrite. There were a lot of changes needed. Here is how it was done…