Known Vulnerabilities in Ruby-1.8.2_3
June 25, 2005 Posted in Security
Portaudit reported a known vulnerability in ruby-1.8.2_3 package(lang/ruby18), but the ports hasn’t released a fixed version yet. Read More
Posts for June, 2005
Execute Commands in PHP
June 24, 2005 Posted in PHP
Sometimes I login to the server only for running a simple command, such as uptime. It can be more convenient to do this with a simple PHP page, for example, the following code will display the the output of uptime command:
<?php passthru("uptime"); ?>
For more details about how to execute Unix/Linux command in PHP, please refer to PHP online manual.
sysctl.conf Sample
June 22, 2005 Posted in Security
Here is a sysctl.conf sample which changed many kernel variables, such as kern.ipc.somaxconn, net.inet.tcp.blackhole and net.inet.udp.blackhol, it also used net.inet.tcp.drop_synfin, net.inet.ip.rtexpire and net.inet.ip.rtminexpire. Read More
Reduce Server Visibility
June 21, 2005 Posted in Security
Learnt a tip from the book “Mastering FreeBSD and OpenBSD Security”. Servers connected to the Internet receive lots of network probes (automate scans). When the probes are to connect to a TCP and UDP port where no process is listening, the default kernel will compose a TCP reset packet, or an ICMP port unreachable message, and send it as a response. Read More
FreeBSD Reviews
June 20, 2005 Posted in FreeBSD General
Today, I read two articles along with their comments about FreeBSD: Review: FreeBSD 5.4 and Linus compares Linux and BSDs, I think they can be summarized in one sentence: FreeBSD is not for general purpose and doesn’t work well as a workstation. Read More
AllowUsers
June 19, 2005 Posted in Security
Currently every website matches one shell account on my servers, I always feel it’s insecure to have more than a dozen accounts, but never taken a minute to think about how to change it. Read More
Portaudit Follow-up
June 18, 2005 Posted in Security
Portaudit does not only make security checking much easier, but also make it automate. The security daily run fetches the latest portaudit database (#portaudit -F) and checks all installed packages (%portaudit -a). Now, I can know the latest package information about known vulnerabilities by reading emails. Read More
Performance Tuning
June 18, 2005 Posted in Apache
I have been considering to upgrade my 10 MB uplink, but after read the system tuning in the handbook, I realized something else was more important than the bandwidth limit, especially kern.ipc.somaxconn: Read More
10MB or 100MB Uplink?
June 15, 2005 Posted in FreeBSD General
Very occasionally my websites are inaccessible for several seconds, then back to normal, soon inaccessible again. The uptime is very good and unlikely to be a performance problem, the only reason I can think of is network congestion. Currently I’m using 10 MB uplink, and I have been wondering if 100 MB uplink is only for heavy servers, or most servers can benefit from it as well. Read More
portaudit
June 12, 2005 Posted in Security
After the email server problem, I started to pay close attention to the ports update, the lesson told me it’s ultra important to keep all packages up to date. Actually all information about how to handle ports is in the handbook, read it carefully if you haven’t, only several small pages. Read More
FreeBSD Resource
June 11, 2005 Posted in FreeBSD General
FreeBSD Resource Collections
FreeBSD Handbook
FreeBSD Hypertext Man Pages
FreeBSD Security Alert
FreeBSD articles on ONLamp.com
I’ll keep adding new websites, please let me know if you know any other websites which should be listed here.
Move Apache Log Files
June 10, 2005 Posted in Apache
When I checked emails with Outlook Express today, all POP3 accounts on my two servers gave me an error message “Invalid username or password”, which really freaked me out. Later I found it’s because /var file system used up again. Read More
Great FreeBSD Security Page
June 3, 2005 Posted in Security
Just found a great security alert website for FreeBSD on the ports help page, this will make things much easier. Bookmark it.
More About Apache Log File Rotation
June 1, 2005 Posted in Apache
As I wrote earlier, I remove old Apache log files by deleting all of them and doing a graceful restart, this is also what Apache documentations suggested, everything works well except that Apache doesn’t release the disk space used by the deleted log files. Read More