Brilliant!!!

Here’s a more technical post way back from 2006 by Jan-Piet Mens on the same subject

http://jpmens.net/pages/checking-current-application-or-data-versions-using-dns/

tcpdump -s0 host x.x.x.x -w destination.pcap 

One of the first things I do, when configuring any new server is to restrict root user from logging into the server remotely. SSH is the default remote shell access method nowadays. Pls don’t tell me you are still using telnet .

And before restricting the root user for remote access, add a new user that you want to use for regular activities, add the user to sudo group and ensure you can login and sudo to root as this user. Here are the steps I follow to do this on a Ubuntu server

Add a new user

useradd xxxx 

Add user to sudo group

usermod -G sudo -a xxxx

Check user can sudo to gain root access

sudo su - xxxx
su - 

Now moving into the software installation part

Install Mysql

sudo apt-get install mysql-server 

you will be prompted to set the root user during this install. This is quite convenient, unlike the older installs, where you had to set the root password later on.

Install PHP

sudo apt-get install php5-mysql 

In addition to installing the PHP5-mysql, this will also install apache. I know, I mentioned, I would like to try out the new version of Apache. But it looks like Ubuntu, doesn’t have a package for it yet. And I am too lazy to compile from source .

With this you have all the basic software for wordpress. Next, we will tweak this software to use less system resources.

<code>route ADD IP_ADDRESS_OF_MAIL_SERVER MASK 255.255.255.255 127.0.0.1</code> 

I ran into a need to try it today and looks like the trick doesn’t work . So here is the right command if you want to route traffic to the loopback (or blackhole) destined to a particular IP address

sudo route add -host IP_ADDRESS_OF_HOST/NETWORK_MASK lo 

For example if I want to black-hole traffic destined to 74.205.216.2, I would do the following

 sudo route add -host 74.205.216.2/32 lo 

curl -cacert URL_ADDRESS 

Example : If you want to check the SSL certificate of GoDaddy

curl -cacert https://www.godaddy.com 

1. Move to a fresh VM with the latest kernel
2. Upgrade to the latest version of Apache. Initially, I wanted to move to nginx or lighttpd, but with the recent Apache upgrade, I hear good things about Apache working well in low memory situations.
3. Upgrade to latest version of MySQL and tune it for memory usage
4. Configure cloudflare to serve a static version of front page, in case the server goes down. Design the static page to point people to my other digital presences (Google+, LinkedIn, Flickr etc)

I plan to blog the progress and learnings as I implement this plan.

Steps to add new rule to existing configuration

• Check the list of rules and their corresponding sequence

sudo iptables -vL --line-numbers 

• Add the new rule at the required location/sequence

 sudo iptables -I INPUT LINE_NUMBER RULE 

Example :

iptables -I INPUT 8 -s X.X.X.X/24 -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT

• Save the configuration

 sudo serivce iptables save 

Thx to Sijis for helping with the commands. ]]> http://kudithipudi.org/2011/12/12/how-to-modify-iptables-rules/feed/ 0 http://kudithipudi.org/2011/10/31/how-to-check-web-services-using-curl/ http://kudithipudi.org/2011/10/31/how-to-check-web-services-using-curl/#comments Mon, 31 Oct 2011 20:36:40 +0000 Vinay http://kudithipudi.org/?p=1077 Quick note for myself to check web services using curl ([L/U]nix utility to play with http(s) traffic)

 curl https://URL_TO_TEST --insecure --trace-ascii debug.txt 

Comments on options :
–insecure is used if you are testing web services served over SSL using self signed certs
–trace-ascii dumps all traffic between the client (curl in this case) and the server in human readable format

If you ever run into errors like this

<pre>Starting httpd: Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
(13)Permission denied: httpd: could not open error log file /etc/httpd/logs/error_log.
Unable to open logs
                                                           [FAILED]

And you are scratching your head why Apache is throwing these errors, even when the said directory and files exist. And you have the right permissions!! Check if you have SELinux running and being enforced.
On RHEL, you can check if SELinux is running by

cat /selinux/enforce 

The two values are 0 and 1. 0 means, SELinux is not being enforced and 1 means it is.
You can quickly disable SELinux temporarily by

echo 0 >/selinux/enforce 

If you want to disable it permanently (i.e. survive reboots), you have to edit the file /etc/selinux/config and change the SELINUX line from enabled to disabled. ]]> http://kudithipudi.org/2011/08/22/how-to-apache-and-selinux/feed/ 2 http://kudithipudi.org/2011/07/20/how-to-export-and-import-certificates-using-keytool/ http://kudithipudi.org/2011/07/20/how-to-export-and-import-certificates-using-keytool/#comments Wed, 20 Jul 2011 19:55:51 +0000 Vinay http://kudithipudi.org/?p=990 Keytool is a java utility to manage SSL key databases (stores). Here are a couple of options for using this tool

• List the certificates in the keystore

keytool -list -keystore NAME_OF_KEYSTORE_FILE 

• Export a particular certificate from the keystore

keytool -export -alias ALIAS_NAME_OF_CERT -keystore NAME_OF_KEYSTORE_FILE 

• Import a certificate into the keystore

keytool -import -alias ALIAS_NAME_YOU_WANT -keystore NAME_OF_KEYSTORE_FILE -file NAME_OF_CERT_FILE_TO_IMPORT