Pages: 1 2 3 4 5 6 7 8 9 10 11 ... 36 >>
02/25/10
Hosts File On Mac
Here's a great little article on how to edit the hosts file on a Mac:
http://decoding.wordpress.com/2009/04/06/how-to-edit-the-hosts-file-in-mac-os-x-leopard/
02/23/10
RHEL5 Server Hardening
The National Security Agency publishes a great collection of documents that provide detailed security configuration guidelines. The full index can be found here:
http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml
We particularly like the guides for RedHat EL5:
“Hardening Tips For Default Installation of Red Hat Enterprise Linux 5”
http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
“Guide to the Secure Configuration of Red Hat Enterprise Linux 5”
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
02/20/10
Setup Alternate MySQL Instance
To setup an alternate instance of MySQL listening on TCP port 3307 on a RHEL5 server follow these steps.
1. Setup a new MySQL config file.
cp /etc/my.cnf /etc/my-3307.cnf
Add a line like this:
port = 3307
to the "[mysqld]" section.
Edit /etc/my-3307.cnf and change:
datadir=/var/lib/mysql
to
datadir=/var/lib/mysql-3307
Change:
socket=/var/lib/mysql/mysql.sock
to:
socket=/var/lib/mysql-3307/mysql.sock
Change the following lines:
log-slow-queries=/var/lib/mysqllogs/slow-log
log-bin=/var/lib/mysqllogs/bin-log
log-bin-index=/var/lib/mysqllogs/bin-log.index
relay-log=/var/lib/mysqllogs/relay-log
relay-log-index=/var/lib/mysqllogs/relay-log.index
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
to:
log-slow-queries=/var/lib/mysqllogs-3307/slow-log
log-bin=/var/lib/mysqllogs-3307/bin-log
log-bin-index=/var/lib/mysqllogs-3307/bin-log.index
relay-log=/var/lib/mysqllogs-3307/relay-log
relay-log-index=/var/lib/mysqllogs-3307/relay-log.index
log-error=/var/log/mysqld-3307.log
pid-file=/var/run/mysqld/mysqld-3307.pid
Change server-id to a unique value:
server-id=2
2. Setup a new service control script.
cp /etc/init.d/mysqld /etc/init.d/mysqld-3307
Edit /etc/init.d/mysqld-3307 and add this line:
MYCNF=/etc/my-3307.cnf
directly after:
# Source networking configuration.
. /etc/sysconfig/network
so that you have:
# Source networking configuration.
. /etc/sysconfig/network
MYCNF=/etc/my-3307.cnf
Next change this function:
get_mysql_option(){
result=`/usr/bin/my_print_defaults "$1" | sed -n "s/^--$2=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="$3"
fi
}
to:
get_mysql_option(){
result=`/usr/bin/my_print_defaults -c $MYCNF "$1" | sed -n "s/^--$2=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="$3"
fi
}
Notice that the change is to add "-c $MYCNF" to the call to "my_print_defaults".
Finally run the following search/replace commands to fixup the program name, add defaults file to mysqld_safe call and set unique pid and subsys files:
replace 'prog="MySQL"' 'prog="MySQL-3307"' -- /etc/init.d/mysqld-3307
replace '/usr/bin/mysqld_safe' '/usr/bin/mysqld_safe --defaults-file=$MYCNF' \
-- /etc/init.d/mysqld-3307
replace 'mysqld.pid' 'mysqld-3307.pid' -- /etc/init.d/mysqld-3307
replace '/var/lock/subsys/mysqld' '/var/lock/subsys/mysqld-3307' -- /etc/init.d/mysqld-3307
3. Setup directories
mkdir /var/lib/mysql-3307 /var/lib/mysqllogs-3307
chown mysql.mysql /var/lib/mysql-3307/ /var/lib/mysqllogs-3307
chmod o-rwx /var/lib/mysqllogs-3307
4. Set service to start on boot
/sbin/chkconfig mysqld-3307 on
5. Start the new instance:
/sbin/service mysqld-3307 start
On the first startup you should see some output like this:
Initializing MySQL database: Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h 244418-web3.www.idtweet.com password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]
Starting MySQL-3307: [ OK ]
6. Set MySQL root password.
/usr/bin/mysqladmin -P 3307 -h 127.0.0.1 -u root --password="" password password 'new-password'
And that's it. You now have an new instance of MySQL listening on port 3307.
Remember that you must tell the mysql command line utilities where to find the instance. For example:
mysql -P 3307 -h 127.0.0.1
or
mysql -S /var/lib/mysql-3307/mysql.sock
Also keep in mind that by default any .my.cnf file in your home directory will be used. You may have to override settings in the .my.cnf file and explicitly provide the user and password when connecting.
02/07/10
Turn on PHP register_globals with .htaccess file
It is of course a bad idea to write code that depends on register_globals for security reason, but sometimes when faced with old code it's a necessary evil. You can turn on register_globals for a site or directory by adding the following line to your .htaccess file:
php_flag register_globals on
01/27/10
Easy Plesk Access Tricks
Plesk is a popular web hosting control panel used by many of our clients. On servers with Plesk, the control panel is located at:
There are several problems with this URL:
1. It's hard for users to remember the 8443 on the end and the https on the beginning of the URL.
2. Plesk by default uses a self signed SSL certificate that causes warning to be displayed in the user's web browser.
Wouldn't it be nice if you could put Plesk on a friendly URL like https://plesk.yourdomain.com?
Also lets have:
automatically redirect to:
Now the your users don't have to remember the https part either.
Now lets get really fancy. Suppose your customer has a domain named acme.com hosted on your server. It would be nice to have the URL:
redirect to:
Guess what - it can all be done! Here's how:
1. Get an SSL certificate for plesk.yourdomain.com. A $29 cert from GoDaddy will work just fine. Place the SSL key in:
/etc/pki/tls/private/plesk.yourdomain.com.key
and the SSL certificate in:
/etc/pki/tls/certs/plesk.yourdomain.com.crt
2. Next, create /etc/httpd/conf.d/plesk_proxy.conf with the following contents:
Redirect permanent /plesk https://plesk.yourdomain.com
<VirtualHost *:80>
ServerName plesk.yourdomain.com
Redirect permanent / https://plesk.yourdomain.com
</VirtualHost>
<VirtualHost *:8444>
ServerName plesk.yourdomain.com
ErrorLog logs/plesk_proxy.error_log
CustomLog logs/plesk_proxy.access_log common
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /etc/pki/tls/certs/plesk.yourdomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/plesk.yourdomain.com.key
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/
</VirtualHost>
Now just restart Apache and you're ready to go.
Couple of issues to note:
- You'll need to add the hostname plesk.yourdomain.com to DNS.
- Depending on your server config, you may need to place plesk.yourdomain.com on a dedicated IP address since each IP address can host only a single SSL site.
XML Feeds