Changing permissions for suPHP / FCGI setups
If you switch from mod_php (DSO) to suPHP or FastCGI or even LiteSpeed API if using CloudLinux you will notice issues with 500 errors on pages.
SuPHP doesn’t allow having files with permissions greater than 755. And usually everything that’s running with mod_php is 777. Both folders and file.
So what to …Read More
How to create an extra swap file
You added RAM after a while and now swap space isn’t enough ? You can add more space to it.
The rule is simple, old and sometimes a few people disagree: Swap = RAM + 25%. Anyway. Let’s see how to add a new swap file.
Need root so:
|
1 |
sudo su - |
Create a swap file …Read More
Nmap cheat sheet
Here is a compliation of the best Nmap cheat sheet
Nmap Target Selection
Scan a single IP nmap 192.168.1.1
Scan a host nmap www.testhostname.com
Scan a range of IPs nmap 192.168.1.1-20
Scan a subnet nmap 192.168.1.0/24
Scan targets from a text file nmap -iL list-of-ips.txt
These are all default scans, which will scan 1000 TCP ports. Host …Read More
Linux Basics – Static IP and Network Configuration in Debian Linux
This guide explains how to configure static IP address, dns configuration and hostname on debian based Linux distributions on the shell. It will be same in server & desktop.
Install LEMP Server (Nginx, MySQL or MariaDB, PHP And phpMyAdmin) On Ubuntu 14.10/14.04/13.10
LEMP is a combination of the operating system and open-source software stack. The acronym LEMP comes from the first letters of Linux, Nginx(engine-x) HTTP Server, MySQL database, and PHP/Perl/Python.
In this tutorial, let us see how to install Nginx, MySQL or MariaDB, PHP and phpMyAdmin on Ubuntu 14.10.
Install Nginx
Nginx (pronounced as …Read More
SELinux security
Anyone (including me) playing around with something more than default servers (cPanel, webmin/virtualmin/cloudmin, plesk, ispconfig…etc) knows that selinux = off. That’s the Law. But what about a minimum policy ? Targeted and mls can’t and shouldn’t work on environments like a web server with home users. But if you need …Read More
Securing /tmp and shm partitions
Securing /tmp and /dev/shm is a nice practice. Lots of programs and scripts have access in there. So you don’t want code, malicious or not to run in there, trying to get root permissions or snoop on you.
Temporary storage directories such as /tmp, /var/tmp and /dev/shm provide storage space for …Read More
Kernel hardering part 1
And then, kernel.exec-shield was born.
Exec Shield is a project that got started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel …Read More
Custom iptables rules with CSF Firewall
CSF (ConfigServer Filewall) is an iptables based firewall, provides easier way to implement iptables rules. Some times we need to add some specific rules (e.g. iptables rules not covered by csf) to add in CSF. If we add these rules using iptables command directly from shell, they will erased on next CSF-restart. After installing …Read More
Software Raid Grub issues
raid (mdadm / software raid) issues with grub
Playing around on my labrat I realized that sometimes EL/Centos (6.5 when writing this) messes up booting when using Software raid.
When typical stuff like grub-install from a rescue console doesn’t work:
|
1 2 3 4 5 |
# chroot /mnt/sysimage/ # grub-install /dev/sda /dev/md0 does not have any corresponding BIOS drive # grub-install --recheck /dev/sda /dev/md0 does not have any corresponding BIOS drive |
Or trying to boot from /boot (/dev/md0):
# grub-install /dev/md0
Let’s try something else:
grub> root (hd0,0)
root …Read More
Backup, Restore and Clone Partition table
Backup, Restore and Clone Partition table
The Problem
Experiment completed, I redefined the partitions using fdisk by entering the values shown in the original fdisk output. I used ntfsclone to restore the Windows Server 2008 partition. No problem with sda1 but linux couldn’t mount the NTFS filesystem in sda2. I tried the …Read More
First 5 Minutes Toubleshooting a server
Here are a few things we usually got started with.
Get some context
Don’t rush on the servers just yet, you need to figure out how much is already known about the server and the specifics of the issues. You don’t want to waste your time (trouble) shooting in the dark.
A few …Read More