more animals

No tags

This beer is pretty good. Very robust and stronger than normal medium brown ales. This beer comes in at ALC 6.5% Vol. and goes down really smooth, with a clean after taste. I would highly recommend this English import.

No tags

If you have ever worked with APF you know that this firewall will need to be completely remove to avoid any issues. I have wrote a small script to clean this firewall out of any CentOS/RedHat system and it is available here : http://larmeir.com/downloads/apfremove.sh .

Below is the source of the script:

apf -f
#
/etc/init.d/iptables stop
#
rm -rf /etc/apf
#
rm -rf /etc/cron.daily/fw
#
rm -rf /usr/local/sbin/apf
#
rm /etc/init.d/apf
#
chkconfig –del apf

Hopefully this will come of some use for somone out there

No tags

Per http://en.wikipedia.org/wiki/Grsec – grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in web servers and systems that accept remote connections from untrusted locations, such as systems offering shell access to its users.

Notes from my GRSEC kernel installation.

cd into your /usr/src directory

cd /usr/src/

Download the kernel source from kernel.org

wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.5.tar.bz2

Extract the kernel archive

tar jxvf linux-2.6.24.5.tar.bz2

Get the latest grsec security patch

wget http://www.grsecurity.net/grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz

Extract the patch

gunzip http://www.grsecurity.net/grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz

Apply the patch to the kernel

patch -p0 grsecurity-2.1.11-2.6.24.5-200804211829.patch

Cd into the kernel directory

cd /usr/src/linux-2.6.24.5

Get the kernel source prepared

make clean
make mrproper

Make a menu.config

make menuconfig

note: if you are using an old .config file, then copy it to /usr/scr/linux-2.6.24.5 and do the following:

make oldconfig

Ensure all to the proper kernel modules are selected.

People commonly forget iptables support, dont forget about this! Also, usb support is important if you are hosted with a dedicated hosting provider. You can find the grsec options under security. Also, iptables support can be found under network options –> network packet filtering

Compile the kernel

make

Install the kernel modules

make modules_install

Install the kernel

make install

Setup the grub.conf

Your entry should look something like this

title Red Hat Enterprise Linux Server (2.6.24.5-grsec)
root (hd0,0)
kernel /vmlinuz-2.6.24.5-grsec ro root=LABEL=/ console=tty0 console=ttyS1,19200n8
initrd /initrd-2.6.24.5-grsec.img

Reboot the server.

If you have remote console or kvm service like those provided at SoftLayer this is the time to use it. If the kernel was compiled wrong or you have any issues this can result in a kernel panic that will take the server offline. If you are using a company without these features, have a local tech reboot it and if it fails, have them boot you back into your original kernel.

This howto is 100% working, tested and accurate.

Helpful external links

http://en.wikipedia.org/wiki/Grsec

http://grsecurity.org/

No tags

This weekend I took a old box laying around the house and installed my Debian Etch 4.0 on it. Here is a run down of notes from the installation as well as some configuration I performed on it. Hopefully some of this will help those of you out there trying to figure out this awesome, fast web server.

1. Installation of lighttpd, php5 cgi with apt

apt-get install -y lighttpd php5-cgi

2. Configuring the lighttpd.conf

vi /etc/lighttpd/lighttpd.conf

look for the area called server modules, which is as the top and
ensure “mod_fastcgi”, and “mod_auth”, are both added. Mod fast_cgi
enables php functionality and mod_auth enables .htaccess support.

server.modules = (
“mod_access”,
“mod_auth”,
“mod_alias”,
“mod_accesslog”,
“mod_fastcgi”,
# “mod_rewrite”,
# “mod_redirect”,
# “mod_status”,
# “mod_evhost”,
# “mod_compress”,
# “mod_usertrack”,
# “mod_rrdtool”,
# “mod_webdav”,
# “mod_expire”,
# “mod_flv_streaming”,
# “mod_evasive”
)

At the very end of the file, add the following configurationdirective that tells lighttpd where php

fastcgi.server = ( “.php” => (( “bin-path” => “/usr/bin/php5-cgi”,
“socket” => “/tmp/php.socket”
)))

3. Configuring the php.ini file

All we need to do now is to add aconfiguration directive to the php.ini file

vi /etc/php5/cgi/php.ini and add this line to the very end of the file:

cgi.fix_pathinfo = 1

4. Testing the lighttpd.conf for errors

lighttpd -t -f /etc/lighttpd/lighttpd.conf

5. Restarting lighttpd

/etc/init.d/lighttpd restart

6. Adding a SSL vhost with a self signed cert

Generating a self signed cert example

mkdir /etc/lighttpd/ssl/yourdomain.com -p
cd /etc/lighttpd/ssl/yourdomain.com
openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
chmod 0600 /etc/lighttpd/ssl/yourdomain.com

Creating a vhost with SSL support

vi /etc/lighttpd/lighttpd.conf

vhost with SSL support Example below:

$SERVER["socket"] == “192.168.1.8:443″ {
server.document-root = “/netshare”
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/ssl/yourdomain.com/server.pem”
}

7. Adding .htaccess protection

Assuming mod_auth is enabled you can create a directory configuration with .htaccess enabled:

example .htaccess protected vhost

auth.backend = “htpasswd”
auth.backend.htpasswd.userfile = “/yourhtpasswddirectory/.htpasswd”
auth.require = ( “/yourpasswordprotecteddirectory” =>
(
“method” => “basic”,
“realm” => “Access Denied!”,
“require” => “valid-user”
)
)

The .htaccess works the same as a regular apache .htaccess.you can either use htpasswd -c to create the password file or a online generator such as http://www.webmaster-toolkit.com/htaccess-generator.shtml for this purpose. I hope these examples help people. – Dustin

No tags

No tags

No tags

No tags

I bought this desk very recently for my new place. It rocks. I got it from frys and all I need to do now to get eveything to match is get rid of the blue mouse

No tags

Nowhere on the net could I find any information no how to do this or what might be in side the Seagate FreeAgent 500GB external drive. I was worried that there may have been a proprietary device inside and to my suprise and liking I found a regular 7200 rpm sata drive inside

I took it apart because I needed a drive for another system and was too lazy to go to the store heh. Awesome thing is that now I have a external usb enclosure that is reusable. Taking this thing apart was easy, you start at the bottom support platform and pry it off, this gives you access to 3 screws you can remove. Once this is done, you then gently use a flat edged screw driver around the reverse side of it to pry the case off. Once you have done this, it will pop right off and you will see a internal hdd mount. This is nothing more than a metal bracket with a sata interface on it so just unscrew the drive from it, and gently slide it out and violah! you have a new 500 GB sata drive!!

No tags