PHP5 with FastCGI and suexec in Debian
Wanna speed up those php apps, while reducing your server’s memory footprint, and improve your security model all at once? Of course you do! All you have to do, is ditch the defaults and run PHP5 through fastcgi and suexec on Apache2. This is a fairly straightforward task, but there are several gotchas. This setup [...]
Simple LDAP authentication domain server and client
Here, I’ll admit it. One of the things I’ve always been a little scared of, in terms of Linux server administration, is LDAP. It’s obviously incredibly useful in many ways, not the least of which, it’s the most current and secure way of centralizing user, group and system configuration information, even across the web. And [...]
Set up NIS client and server systems with autofs home
NIS is a bit of an old-school solution on UNIX systems for sharing user information, including logins, across systems. This allows administrators to centralize all user account information, as well as home directories, across any number of physical machines. There are some security implications (like having to disable iptables on the server, see below), and [...]
exporting NFS shares from Linux to OS X with iptables
This seems to be a very popular subject to write about for those of us with the fix-it-and-forget-it mentality. But everything I dug up either contained outdated information or set up too unnecessary hoops (like this Redhat KB article for instance). So as my attempt to better the world today (and make a record for [...]
How to setup a SSL certificate for use by courier-imap and qmail in Plesk
lifted from here This howto will show you how to setup an SSL certificate on a Plesk server so that it will be used when people connect through secure pop, smtp and imap. To do the following, you need a certificate. It can be self signed or CA signed. Using a self-signed cert will of [...]
cloudy with chance of persistent elasticity
The cloud is good. The cloud is new. We like cloud. Now that that’s settled, AWS engineers are well underway in making persistent, durable storage available to EC2 instances. This opens up a whole new world of possiblilty to those of use who have been intrigued by running AMIs, but put off by the fact [...]
how to stop FTP brute-force attacks with DenyHosts
We use DenyHosts on several servers to keep the annoying kids in the neighborhood from banging on the ssh door all day. This has been working fine for years. But getting it working for FTP or other authenticated services was thought to be impossible by some. It isn’t impossible – but it is a little [...]
Blocked but not beaten
As of today, the local cable utility monopoly has decided to block outgoing port 25 in our neighborhood. Strange it took them this long – but it means sending email suddenly became a bit of a problem this morning, because we are in that “technically savvy” minority that owns their own off-site mail server. I [...]
bringing backgroundrb out of the dark ages
Due to voracious memory consumption issues that were bringing down the server, I had to upgrade the backgroundrb plugin inside a certain Rails app from version 0.2.1 (from Nov 06) to the latest svn trunk, which uses fork() and exec() properly, and seems to be a near-total rewrite. There were a lot of changes needed. [...]
