setting up a postgreSQL user for testing in Rails
When testing a Rails app backed by a postgreSQL DB, rake db:test:load and the unit tests drop and re-creates the entire database. As such, the database user used in the testing environment needs to be able to drop and create databases. In postgres, you do that by assigning the CREATEDB privilege directly to the testing [...]
PHP5 with FastCGI and suexec in Debian
Wanna speed up those php apps, while reducing your server’s memory footprint, and improve your security model all at once? Of course you do! All you have to do, is ditch the defaults and run PHP5 through fastcgi and suexec on Apache2. This is a fairly straightforward task, but there are several gotchas. This setup [...]
Multi-staging capistrano deployment with rvm, git and passenger
Here is an object lesson in the old philosophy of simple, convenient tools that focus on doing one thing, and one thing well, and also combine and inter-operate well with other tools, to create one monster flying space robot with laserbeam eyes that crushes everything. Here is what we want to do in a typical [...]
Simple LDAP authentication domain server and client
Here, I’ll admit it. One of the things I’ve always been a little scared of, in terms of Linux server administration, is LDAP. It’s obviously incredibly useful in many ways, not the least of which, it’s the most current and secure way of centralizing user, group and system configuration information, even across the web. And [...]
Set up NIS client and server systems with autofs home
NIS is a bit of an old-school solution on UNIX systems for sharing user information, including logins, across systems. This allows administrators to centralize all user account information, as well as home directories, across any number of physical machines. There are some security implications (like having to disable iptables on the server, see below), and [...]
exporting NFS shares from Linux to OS X with iptables
This seems to be a very popular subject to write about for those of us with the fix-it-and-forget-it mentality. But everything I dug up either contained outdated information or set up too unnecessary hoops (like this Redhat KB article for instance). So as my attempt to better the world today (and make a record for [...]
How to setup a SSL certificate for use by courier-imap and qmail in Plesk
lifted from here This howto will show you how to setup an SSL certificate on a Plesk server so that it will be used when people connect through secure pop, smtp and imap. To do the following, you need a certificate. It can be self signed or CA signed. Using a self-signed cert will of [...]
jail time: chroot’ed sftp with rssh
Installing rssh to allow scp/sftp sessions only for user accounts is a breeze. Getting them into a chroot jail took a bit more reseach, but in the end turned out to be pretty easy. This is on CentOS 4.6, but this technique should work almost identically for any Linux system thanks to the l2chroot script.
installing mod_security on CentOS 5
Installation of mod_security from source is very easy, but did not quite go according to the published documentation on CentOS 5. Following is a brief detail on steps required.
how to stop FTP brute-force attacks with DenyHosts
We use DenyHosts on several servers to keep the annoying kids in the neighborhood from banging on the ssh door all day. This has been working fine for years. But getting it working for FTP or other authenticated services was thought to be impossible by some. It isn’t impossible – but it is a little [...]
