Sachin’s Weblog

August 30, 2007

Linux firewall – iptables filtering

Filed under: General, IPtables, Linux, Security, firewall — sachin @ 12:21 pm

So after few basic steps about server security, let’s come to the real action part of the story, IPTABLES.

Iptables is a generic table structure that defines rules and commands as part of the netfilter framework that facilitates Network Address Translation (NAT), packet filtering, and packet mangling in the Linux 2.4 and later operating systems.

NAT is the process of converting an Internet Protocol address (IP address) into another IP address. Packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols. Packet mangling is the ability to alter or modify packets before and/or after routing. (more…)

August 24, 2007

Securing Your Linux Servers- TCP Wrappers.

Filed under: IPtables, Linux, Linux Router, Security, firewall — sachin @ 11:37 am

Server security, when a system is used as a server on a public network, it becomes a target for attacks. For this reason, hardening the system and locking down services is of paramount importance for the system administrator. Although security is a vast issue to deal with, it’s a common saying that “nothing is 100% secure in this world” but i believe there is always a reason to take care of it. Here we are going to talk ’bout the step ensuring basic server security, however we would be exploring firewall through iptables, in little depth.

There are few common attacks, that could possibly by avoided taking care of few things. First of all i’m going to talk ’bout the ssh brute force attack. This event is generated when an attacker attempts to login to an SSH server by guessing usernames and passwords. By default, the ssh access to the server is blocked however if someone needs to open the ssh access, few things should be taken care of. (more…)

August 19, 2007

Apache Log Rotation

Filed under: Apache, General, LAMP, Linux — sachin @ 7:47 am

The Apache access log file typically grows 1 MB or more per 10,000 requests. It will consequently be necessary to periodically rotate the log files by moving or deleting the existing logs. This cannot be done while the server is running, because Apache will continue writing to the old log file as long as it holds the file open. Instead, the server must be restared after the log files are moved or deleted so that it will open new log files. By using a graceful restart, the server can be instructed to open new log files without losing any existing or pending connections from clients. However, in order to accomplish this, the server must continue to write to the old log files while it finishes serving old requests. It is therefore necessary to wait for some time after the restart before doing any processing on the log files. A typical scenario that simply rotates the logs and compresses the old logs to save space is: (more…)

Apache Performance Tuning

Filed under: Apache, General, LAMP, Linux, Performance — sachin @ 7:29 am

After having a word ’bout solving memory leak by apache, let’s digg more ’bout the various apache performance issues. Apache server performance can be improved by adding additional hardware resources such as RAM, faster CPU etc. But most of the time, the same result can be achieved by custom configuration of the server. (more…)

August 18, 2007

SOLVING APACHE MEMORY BOTTLENECK

Filed under: Apache, LAMP, Performance — sachin @ 3:27 pm

Recently i have posted ’bout how to configure Apache, php and MySQL, as i have already talked, it’s quite common, we don’t bother ’bout the small details like ’cause of apache memory leak’ during configuring apache, php and MySQL in absence of which the performance of the server could really drop down to worst. The idea behind this post is to draw attention towards some of those important but commonly missed details during and after configuration of the server, obviously to avoid conflicts later on. (more…)

August 17, 2007

Configure php

Filed under: LAMP, php — sachin @ 11:46 am

Earlier to this section, i have talked ’bout how to configure MySQL and Apache. This section is a continued part of the my weblog Configuring Apache php and MySQL, and could be useful for any php configuration. In this section i’m going to talk ’bout php installation according the web application needs. As i have already described default compilation of php doesn’t include some of the modules that could be required for most of the web 2.0 rich applications like for most of the social networking platforms. (more…)

Configure Apache

Filed under: Apache, LAMP — sachin @ 9:34 am

This section describes how to configure Apache. This section is a continued part of the my previous weblog Configuring Apache php and MySQL, and could be useful for any apache configuration. In this section i’m going to talk ’bout various configuration options that we could use with apache installation according the application needs. As i have already describes default compilation of apache doesn’t include some of the modules that could be required for most of the web 2.0 rich applications. Below are the some options and their description, which are disables by default and that we need for such applications.
(more…)

Configure Apache php and MySQL

Filed under: LAMP, MySQL — sachin @ 8:09 am

So here i’m to share, how i use to configure Apache php and MySQL on Fedora’s system, this configuration works fine with all fedora versions above and with core 3. In Tekriti we develop social networking sites (more about me and tekriti) that uses some feature configured with apache and php which are not compiled by default, for example with apache we need mod_rewrite and mod_proxy enabled and with php, soap and gd. (more…)

Blog at WordPress.com.