I was setting up a VPN gateway using a RHEL5 server the other day only to find that a majority of the features that you really need to have a functional Site-to-Site VPN gateway aren't included in the version of the ipsec-tools included with RHEL5. One of the biggest features that I found lacking that I just couldn't do without was
split_network under the mode_cfg configuration section. Per the racoon man-page, the split_network feature allows for setting:
I had the pleasure today of cleaning up the mess of an admin at the hosting company of one of my clients. Unfortunately, this tends to be a normal affair, but not typical of this parciular hosting company (names have been changed to protect the identity of those involved ;-)). Yesterday, the client requested that the host fix their awstats cron-job to run more effeciently (apparently awstats was broken). While doing this, the manually exected job filled-up /tmp due to the fact that the bright individual forgot to comment-out the hourly executed cron-job that accompanied it.
I love SSL. If it weren't for the extra payload that it puts on both the network, client, and server I'd suggest it for everything. I've baked-up a quick Apache mod_rewrite recipe that will force all traffic to SSL:
RewriteEngine On
RewriteCond %{HTTPS} !^on$
RewriteRule ^(.*)$ https://mydomain.com$1 [R,L]
|
|
While phpmyadmin looks quite complicated to install due the countless number of options that you can find in the config files, I've got a pretty simple way to install it that seems supporting of security policies that are placed on the server elsewhere.
NOTE: These settings are for Fecora, Cent, or RHEL machines as the paths follow the way these machines configure their services and the location of their configs.
A customer challenged me to getting mpeg4ip compiled on their development server so they could start creating quicktime movies on the fly. RPMForge (DAG) provided most of the RPM's to get things running quickly with ffmpeg, etc, etc. The main problem was the RPM's from DAG used libmp4v2 in their faac installation. To use mpeg4ip, this library needs to be removed from faac, so external mp4 support can be used (hence mpeg4ip).
To do so, I had to compile a custom faac. find the faac.spec that I used to do that.
One of the biggest pains in my life is the recent plague of phpShells scripts all over the Net. The phpShells scripts allow for three main features:
I woke up this morning to find a report in my inbox that clamav (the popular open source command-line antivirus scanner) was out of date by a few minor versions, so I went through the process of updating the RPMS that I use to have it interact with qmail properly. Upon doing so, I noticed local delivery of mail from qmail-smtpd stopped working and I was getting the following errors in my smtp logs:
Allowing a mysql backup client to read all data in the database is critical to appropriately backup all data. Many people will do local dumps on their server and then simply copy those logs remotely. This is certainly safe, but you still don't want the passwords that provide write-access to all data in all of your databases stored in plain-text. Creating a user that has read-only access is key.
grant select,show databases,process on *.* to 'my-backup-client'@'ip-address' identified by 'my-password';
A customer IM'ed me today telling me that he thought something was wrong with a few of his servers that were located in the UK. I quickly checked our monitoring system to make sure there hadn't been any alerts that I missed to find all of his probes were green. He went further into detail explaining that he only had problems with FTP doing transfers. He could authenticate just fine, but any time he either tried to grab a file or do a listing, it would hang.
