MySQL memory usage

Recently i have briefed few possibilities to increase MySQL response time and overall performance, so let’s talk how we can tweak configuration file of MySQL to bridge the gap between blazingly fast CPUs and comparatively slow disks, certainly “the memory”. By adjusting how much memory MySQL uses, you can often realize significant performance improvements, but before that we need to understand how MySQL uses memory. As MySQL is extensively tested for any memory leakage, we can focus our concern to any miss configuration and hence miss utilization of memory. MySQL provides different default configuration file that you can configure further, according to your server hardware and traffic. (more…)

Optimizing MySQL performance

Performance of any web application depends on several aspects, some times web server alone can cause a lot of performance diminution if not configured properly but the major concern for any web application performance degradation are the database. Lots of applications are constantly being developed and deployed using the LAMP (Linux, Apache, MySQL, PHP) architecture. Certainly the server administrator has little control over the application itself because it’s written by someone else but they still play a major role for any web application performance. Today i’m going to discuss another major performance issue, MySQL memory bottleneck.

Let’s start with estimating your web site response time, using curl
curl -o /dev/null -s -w %{time_connect}:%{time_starttransfer}:%{time_total} http://www.google.com/ (more…)

Advance Apache Security – mod_proxy,mod_security and mod_evasive

Earlier to this post we have talked ’bout apache server installation for best performance and securing the server using tcp wrappers and iptables filrewall, let’s take the whole discussion one step further and talk ’bout application security hosted on your web server.

As more and more attacks are being carried out over the HTTP layer there is a growing need to push the envelope and bring Web security to new levels. Most existing tools work on the TCP/IP level, failing to use the specifics of the HTTP protocol in their operation. The need for increased security has lead to the creation of application gateways, tools that are essentially reverse proxies with the added capability of protocol analysis. Apache web server it self provides solution of the problem to a great extent, provided it’s loaded with some specific modules. (more…)

Configure Linux Box as Internet Gateway

My last few post were ’bout Linux firewall and Network address translation using iptables. For me iptables is a very dynamic tool to configure things with Linux box, like free Linux firewall, transparent proxy and Linux router to share internet connection. So this post is ’bout configuring Linux box as a secure and safe internet gateway using iptables and squid.

You don’t need a hi-fi machine for the task, any low end machine could do good enough with two Network Interface Card installed on it. I’m always comfortable with fedora core so i used it again however any destro could do but then the steps here might need same changes, anyways i’ve used fedora core 6 i.e. latest kernel with iptables support. Once installed you are ready to configure Linux router on the system. (more…)

Linux Firewall – iptables and NAT

Earlier to this we have talked ’bout iptables filtering, a simple firewall and filtering rules to secure your Linux box. To understand IPtables a little more then just blocking and filtering, we are going to talk ’bout Network Address Translation.

NAT, Network Address translation basically is of two types SNAT and DNAT.

SNAT, Source NAT is when you alter the source address of the first packet: i.e. you are changing where the connection is coming from. Source NAT is always done post-routing, just before the packet goes out onto the wire. Masquerading is a specialized form of SNAT.

DNAT, Destination NAT is when you alter the destination address of the first packet: i.e. you are changing where the connection is going to. Destination NAT is always done before routing, when the packet first comes off the wire. Port forwarding, load sharing, and transparent proxying are all forms of DNAT. (more…)

Linux firewall – iptables filtering

So after few basic steps about server security, let’s come to the real action part of the story, IPTABLES.

Iptables is a generic table structure that defines rules and commands as part of the netfilter framework that facilitates Network Address Translation (NAT), packet filtering, and packet mangling in the Linux 2.4 and later operating systems.

NAT is the process of converting an Internet Protocol address (IP address) into another IP address. Packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols. Packet mangling is the ability to alter or modify packets before and/or after routing. (more…)

Securing Your Linux Servers- TCP Wrappers.

Server security, when a system is used as a server on a public network, it becomes a target for attacks. For this reason, hardening the system and locking down services is of paramount importance for the system administrator. Although security is a vast issue to deal with, it’s a common saying that “nothing is 100% secure in this world” but i believe there is always a reason to take care of it. Here we are going to talk ’bout the step ensuring basic server security, however we would be exploring firewall through iptables, in little depth.

There are few common attacks, that could possibly by avoided taking care of few things. First of all i’m going to talk ’bout the ssh brute force attack. This event is generated when an attacker attempts to login to an SSH server by guessing usernames and passwords. By default, the ssh access to the server is blocked however if someone needs to open the ssh access, few things should be taken care of. (more…)

Apache Log Rotation

The Apache access log file typically grows 1 MB or more per 10,000 requests. It will consequently be necessary to periodically rotate the log files by moving or deleting the existing logs. This cannot be done while the server is running, because Apache will continue writing to the old log file as long as it holds the file open. Instead, the server must be restared after the log files are moved or deleted so that it will open new log files. By using a graceful restart, the server can be instructed to open new log files without losing any existing or pending connections from clients. However, in order to accomplish this, the server must continue to write to the old log files while it finishes serving old requests. It is therefore necessary to wait for some time after the restart before doing any processing on the log files. A typical scenario that simply rotates the logs and compresses the old logs to save space is: (more…)

Apache Performance Tuning

After having a word ’bout solving memory leak by apache, let’s digg more ’bout the various apache performance issues. Apache server performance can be improved by adding additional hardware resources such as RAM, faster CPU etc. But most of the time, the same result can be achieved by custom configuration of the server. (more…)

SOLVING APACHE MEMORY BOTTLENECK

Recently i have posted ’bout how to configure Apache, php and MySQL, as i have already talked, it’s quite common, we don’t bother ’bout the small details like ’cause of apache memory leak’ during configuring apache, php and MySQL in absence of which the performance of the server could really drop down to worst. The idea behind this post is to draw attention towards some of those important but commonly missed details during and after configuration of the server, obviously to avoid conflicts later on. (more…)