Monthly Archives: July 2010

System Prep | SecureCentos.com

Good place to start securing your Centos Build

nano -w /etc/sysconfig/network

via System Prep | SecureCentos.com.

Install OSSEC | SecureCentos.com

Please note a new version of ossec is available, 2.4.1 The link below describes installation of 2.3 which has some issues when rebooting etc etc

via Install OSSEC | SecureCentos.com.

Spawn Rsync Expect Timeout!

So you’ve written a bash script to do a rsync backup, but the script times out?

Scratching your heading trying to figure out what the issue is?

Well, if you are using expect to auto-insert your SSH password, then expect will timeout as it is not receiving any response.

You can set the timeout (in seconds) as such

set timeout 60

That will set the script to time out after 60 seconds if expect has received no trigger.

Setting the timeout to -1 will cause the ‘except’ script to never timeout, hence you’re RSYNC backup will execute and not fail due to an expect timeout.

Lighttpd Centos

Lighttpd is the web server of choice for low memory VPS applications.

Lighttpd is not included in the base CENTOS Repo, so you will need to install the RPMFORGE repo. then

yum install lighttpd lighttpd-fastcgi

Then setup some dir’s

mkdir /var/run/lighttpd
touch /var/run/lighttpd/php-fastcgi.socket
chown -R lighttpd:lighttpd /var/run/lighttpd/
nano /etc/php.ini

edith /etc/lighttpd/lighttpd.conf and either add or remove # to

mod_fastcgi

from the server modules

add access to php cgi with the following in the .conf file also

fastcgi.server = ( “.php” =>
( “localhost” =>
(
“socket” => “tmp/php-fastcgi.socket”,
“bin-path” => “/usr/bin/php-cgi”
)
)
)

info sourced from

http://davidwinter.me.uk/articles/2008/06/22/lighttpd-and-php-on-centos-5/

some good references for setting up .conf file with virtual hosts

http://www.cyberciti.biz/faq/howto-lighttpd-virtualhost-configuration/

http://www.linux.com/archive/feed/51673

PHP 5.3.2 APC Centos Conundrum

So the PHP 5.3.2 is not in the default repository for Centos.

So we need to use the webtatic repository to install php 5.3.2 using the guide from here ->

http://www.webtatic.com/blog/2009/06/php-530-on-centos-5/

Fortunately, if you wanted to also run the APC module, this has already been compiled for us, we just need to enable it in the php.ini file like this ->

extension = apc.so
apc.enabled=1
apc.shm_size=30

Restart apache

/etc/init.d/httpd restart

and then check in phpinfo() that the module has been installed.

Setup VSFTPD

http://ubuntuforums.org/showthread.php?t=662784

CHROOT local users to their own directory

Once VSFTPD is installed, edit the

/etc/vsftpd/vsftpd.conf file and add the following line if it does not exist

chroot_local_user=YES

This will lock the FTP user into their home dir and they won’t be able to jump out.

Referenced from-

http://centoshacker.com/kabir/remove-access/creating-a-chroot-jail-enabled-ftp-service.html

Users, Files and permissions

http://www.debianadmin.com/users-and-groups-administration-in-linux.html

Need to free up some memory? Disable INNODB

Pop this into your my.cnf file

skip-innodb

This will disable this database engine, hence saving you a LOT of memory resources.

mysql memory instances reduced from 30mb to 10mb of memory allocation. This is _VERY_ significant, especially when running on a limited resource VPS.

Install ntop on Red Hat Enterprise Linux / CentOS Linux

Install ntop on Red Hat Enterprise Linux / CentOS Linux.