kieranbarnes Independent PHP, WordPress & CubeCart Programmer

Key-Based SSH Logins With PuTTY

Posted on November 10, 2010

Following on from the previous SSH security ramblings, one of the most secure methods of security is public/private key-based authentication.

g up key based SSH logins for two reasons;

  • They are more secure. You aren't prompted for a password which could be brute forced or sniffed via man in the middle attacks for example
  • We're lazy. We don't want to type username/password combinations into each server.

SSH Security Ramblings

Posted on November 9, 2010

SSH - Secure Shell isn't that secure. If you're not using it behind a Layer 7 firewall or an enhanced security daemon like cPanel's cPHulk or even just the default config isn't secure.

What can you do?

[Snippet] Create a large file in Linux

Posted on August 21, 2010

Need to create a large file? For disk speed tests? Or space tests?

  1. dd if=/dev/zero of=your.big.file bs=1MB count=500

This will create a 500Mb file in your current directory called  your.big.file

  1. 500+0 records in
  2. 500+0 records out
  3. 500000000 bytes (500 MB) copied, 4.08855 seconds, 122 MB/s
Tagged as: , No Comments

cPanel MySQL Tuning

Posted on August 3, 2010

The default configuration for MySQL provided by cPanel is pretty barren. /etc/my.cnf

  1. [mysqld] skip-innodb

Thats it. One line. Its rubbish.

Here's mine to help you along the way. Its got some decent logging set, some decent cache and memory options for a shared server set and some helpful security settings enabled.

  1. [mysqld]
  2. max_connections = 200
  3. bind-address = 127.0.0.1
  4.  
  5. safe-show-database
  6. skip-locking
  7. skip-innodb
  8.  
  9. # MySQL 4.x has query caching available.
  10. # Enable it for vast improvement and it may be all you need to tweak.
  11. query_cache_type=1
  12. query_cache_limit=1M
  13. query_cache_size=32M
  14.  
  15. interactive_timeout=100
  16.  
  17. # Reduced wait_timeout to prevent idle clients holding connections.
  18. wait_timeout=15
  19. connect_timeout=10
  20.  
  21. # Checked opened tables and adjusted accordingly after running for a while.
  22. table_cache=512
  23.  
  24. # Reduced it to 32 to prevent memory hogging.
  25. thread_cache=32
  26.  
  27. # Reduced it by checking current size of *.MYI files.
  28. key_buffer=128M
  29.  
  30. thread_concurrency=1
  31.  
  32. log_error = /var/log/mysql/error.log
  33.  
  34. # log slow queries is a must.
  35. log_slow_queries=/var/log/mysqld.slow.log
  36. long_query_time=2
  37.  
  38. [mysqldump]
  39. quick
  40. max_allowed_packet=16M
  41.  
  42. [mysql]
  43. no-auto-rehash
  44.  
  45. [isamchk]
  46. key_buffer=64M
  47. sort_buffer=64M
  48. read_buffer=16M
  49. write_buffer=16M
  50.  
  51. [myisamchk]
  52. key_buffer=64M
  53. sort_buffer=64M
  54. read_buffer=16M
  55. write_buffer=16M
  56.  
  57. [mysqlhotcopy]
  58. interactive-timeout
Tagged as: , No Comments

Extending Advanced Policy Firewall with Brute Force Detection

Posted on August 2, 2010

In my previous article I discussed setting up the Advanced Policy Firewall on your servers. So now your servers are protected - but what happens when you get an attack at a legitimate service? SSH? MySQL? Apache? In a series of articles I'll discuss implementing some best practises to help avoid server nightmares.

Advanced Policy Firewall (for cPanel)

Posted on August 2, 2010

More retro software that has been with us for years - APF - Advanced Policy Firewall. A brilliantly robust and fool proof Linux script that acts as a wrapper for iptables.

Here's how I configure it for all the WHM/cPanel boxes I commission, although you can configure it for non-cPanel servers, just adjust your ports accordingly.

Tagged as: , , , Continue reading

CIFS/SMBFS “mount error 13 = Permission denied”

Posted on July 9, 2010

Are you getting a rather generic "mount error 13 = Permission denied"  when trying to mount Windows shares in Linux? I was.

Samba's been updated, keep up. You need to add the domain=XXX into your -o command, or text file for your credentials.

Tagged as: 2 Comments

Super simple Active Directory with Samba

Posted on July 9, 2010

I needed a super simple, straight forward way of installing samba on Ubuntu and joining it to an Active Directory domain.
This doesn't allow you to login to Ubuntu with domain credentials but allows you to share and access files with domain credentials.

Heres how its done

[Snippet] Allow mysql root access from anywhere

Posted on March 18, 2010

A small annoyance of mine is on local development servers, I can't login to the MySQL server as root.

Simply connect the mysql shell

mysq

  1. mysql -u

Then,

  1. GRANT ALL ON *.* TO 'root'@'%' IDENTIFIED BY '[A PASSWORD]'

Exit and you're done.

Tagged as: No Comments

Ridiculously simple NTLM Authentication for Apache (Ubuntu)

Posted on March 9, 2010

We all know Ubuntu makes things amazingly simple. This is the best I've found so far. NTLM authentication in Apache used to take a while to setup, it used to be tricky, fiddly - generally a bit hit and miss.

Tagged as: Continue reading
Page 3 of 812345...Last »