Detecting yum problems early
Sometimes, yum freaks out. You might get your installation interrupted or some crazy happening which your installed package database goes crazy with duplicate packages or broken dependencies. There is one tool which helps a lot in tracing the problem and its called package-cleanup. This tool is provided by the yum-utils package, so to acquire it,
yum install yum-utils
Several common commands I usually use:
package-cleanup --dupes # list out duplicates
package-cleanup --cleandupes # clean up duplicates
package-cleanup --problems # list out packages with broken dependencies
More options? .. invoke the --help parameter
cPanel Apache Tuning
One of the first things I do is run /scripts/easyapache and rebuild my PHP / Apache configuration.
I usually select Apache 2.2 and PHP 5.2.9. At the time of writing I stay away from the 5.3 versions as they aren't supported by programs and programmers enough yet.
Although this guide was originally inspired from a cPanel install, its Apache specific and doesn't require cPanel.
Installing memcached on CentOS/cPanel
memcached a (distributed) memory object caching system vital if your running a HA Linux* setup or a web farm. Or even if you need fast as **** caching for an application.
Consider it extra memory for your server, so you can cache more, for example large arrays, SQL queries and other stuff!
* Actually I've discovered there are memcached extensions for Java, C & .NET. Wow, it just grew up!
[Snippet] Tuning / Tweaking MySQL
There are a couple of good scripts out there that will help you to tune your mysql usage for better perfomance. I’ve used both of these, and they are very intuative. Personally, I prefer the latter, however, I still use both for tweaking.
tuning-primer
OK, so not the most original blog post ever, but useful all the same.
“This script takes information from “SHOW STATUS LIKE…” and “SHOW VARIABLES LIKE…”
to produce sane recomendations for tuning server variables.”
SSH Authentication with Pageant for extra laziness
So you've read Key-Based SSH Logins With PuTTY but can't be bothered typing in your private key passphrase each time? No problem, pageant can solve that - it can remember stuff so you don't have to
Key-Based SSH Logins With PuTTY
Following on from the previous SSH security ramblings, one of the most secure methods of security is public/private key-based authentication.
g up key based SSH logins for two reasons;
- They are more secure. You aren't prompted for a password which could be brute forced or sniffed via man in the middle attacks for example
- We're lazy. We don't want to type username/password combinations into each server.
PCI Compliance – Disable SSLv2 and Weak Ciphers
Section 4.1 of the the Payment Card Industry Data Security Standard (PCI-DSS) v1.2, merchants handling credit card data are required to “use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.”
[Snippet] Recursively Modify Public Folder Permissions in Exchange 2010
Get-PublicFolder -Recurse | Add-PublicFolderclientPermission -user XXXX -AccessRights XXXX
or
Get-PublicFolder -Recurse | Remove-PublicFolderclientPermission -user XXXX-AccessRights XXXX
Apache redirects based on IP Address/Subnet
Ever needed to redirect a source IP address or source subnet in apache?
Why? Redirect annoying spam bots, users or other individuals away from your blog for example.
Slam the following code into your .htaccess file or VirtualHost Directive.
About Kieran
