Possible backup solutions
There are many different backup solutions that we can deploy for you to ensure they your data is safe. They start at the cheaper options and go up, depending on what level of paranoia you have will determine which you should go with. Each of them has their own advantages and disadvantages. Regardless of the option that you choose it is always advisable to download the site to your local computer occasionally, especially if the site contains very important information. This information was originally for use with Total Server Solutions but it is a good general guide for people thinking about backups.
DNS recursive
For who have recently notice that now DNSreport do verify if your DNS is recursive lookup or not, here is the tip on how to set it up.
open you named.conf and add before options { the follow lines:
acl “trusted” {
xxx.xxx.xxx.xxx;
yyy.yyy.yyy.yyy;
};
Howto: Check and close your open DNS servers
I just noticed www.dnsreport.com seems to have new check: it checks for open DNS server. This is how you check:
1) Go to http://www.dnsreport.com/tools/dnsreport.ch?domain=mydomain.com
2) Check for BIG RED “FAIL” (7th box, going down from up) saying “Open DNS servers”.
If you see the message, you can correct it the following way:
1) login to your server as root
2) nano -w /etc/named.conf (if you are running Bind)
3) Look for // query-source address * port 53; and right below write the following line:
recursion no;
4) Save and exit, restart Bind by typing service named restart
5) Check DNSReport.com to make sure it went right. You should not see the error message anymore.
If you run something else than Bind then please check http://www.dnsreport.com/info/opendns.htm for instructions.
Group permissions
hi all ,
Is there any Idea to set acustom permissions for a group in the system ??
ie: set acustom permission for the group (nobody) making them only can excuting files or read only or cannot read etc..
waiting
Ahmed,
Howto: update your LogWatch
It seems that Cpanel is not updating LogWatch automatically, so it was time to do it by hand. Just follow these easy steps and your all set.
1) Login to your server as root, go to root-folder:
cd /root
—————————————————-
2) Remove existing Logwatch by typing:
rpm -e logwatch
encoding archive file
Hi all,
When creating a .tar.gz file is thier any way , command , option To creat a password for that file ?
Install X-cache
This is another one of my quick mini-guides for how to install Xcache php optimizer. We have found this to work very nicely on servers and can even work with zend and eaccelerator if you require both. We have found no stability issues with 1.2.1 and run it on several very large and important servers.
Download the source and start to compile:
NFS Crash course
I wrote up a quick guide to setting up NFS awhile back but never published it. It is not exactly a nice and clean format but it is exactly what you need to be reading if you want a quick way to setup NFS between two servers. For the purpose of the guide I have added directions for the APF firewall, obviously anything else will work fine.
First make sure the rpms are install
up2date nfs-util portmap
yum install nfs-util portmap
Now start the service:
service portmap start
service nfs-util
*note* if portmap gets an error remote portsentry (cpanel among others installs it)
rpm -e portsentry
Disable direct root login
While directly logging into a server as root is certainly easy it is not the best choice from a security standpoint. Disabling direct root logins is not something that instantly makes a server impervious but it does help fight against petty brute force script kiddies. There are two options when disabling direct root login, one is to have them completely disabled and the other is to have it only with an ssh key. Make SURE that you add another user you can ssh into. If you are using cPanel use WHM –> Manage wheel users and add your user. Once logging in you can do “su -” you will gain full root access and be able to do your normal administrative commands. Make sure you use su - and not simply su, without the - you will not be on the root path and not have access to all commands.
Mod_Security installation and usage guide
This guide is going to show you how to install and configure mod_security which will help protect your server from exploits that are passed though apache. Mod_security does this by inspecting the information sent in apache and filtering out all of the “bad” requests as determined by the set of rules specified in the httpd.conf. The ruleset that I use in this guide will block out most of the common exploits, including the nosanity phpbb worms. It should also block out most of the other common methods of hacking a server passed though php.
Updated July 11th with the latest version, enjoy!
First we will download and unzip mod_security.
—–command—–
wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
tar -zxf modsecurity-apache_1.9.4.tar.gz
—–command—–
(more…)