Linux, programming and more
Nginx and Apache2 are running great but there is only one tiny problem with the visitors ip’s.
Normaly I let my nginx instance do the logging job, but if you let your Apache do it you will get some problems. Apache will see all incoming requests as coming from localhost (127.0.0.1). Right they are all from nginx.
[Read more…]
Bad situation if you have too much ACLs in your squid config and important site gets a DENIE cause one or more of this all ACL’s matches.
Debugging helps you to find the right ACL.
1 2 3 | vim /etc/squid3/squid.conf # Debugging for your ACLs debug_options 28,9 |
Your debugged results will appear in your cache.log
1 | less /var/log/squid3/cache.log |
SSH is by default very strong, and since a long time without critical bugs. It has strong protection against various hacks and known vulnerabilities. For instance SSH has a password retry wait time of (default) five seconds. This makes the time for brute force attacking an SSH-server very long and not effective. However, sometimes script-kiddies will fork their hacking program making multiple processes of the brute force attack. Sometimes they are able to fork it off upwards of 1000 attempts every 5 seconds. This drastically minimizes the time to crack short passwords.
I think SSH is secure enough, but there is always a way to make it more secure.
Install knock daemon:
1 | aptitude install knockd |
Another tricky error after Debian squeeze upgrade:
ERROR: Wrong ‘suhosin.session.encrypt’ option value. Read REQUIREMENTS section in INSTALL file or use Roundcube Installer, please!
The fix is very trivial:
1 2 3 4 | vim /etc/php5/apache2/php.ini # Add this lines to the bottom of the config: [suhosin] suhosin.session.encrypt = Off |
Solution for php5-fpm:
1 | php_admin_value[suhosin.session.encrypt] = Off |
To upgrade the database style to roundcube version 0.9.0 I used a little workaround to prevent suhosin error reporting:
1 | php -d suhosin.session.encrypt=off -d date.timezone=Europe/Berlin bin/updatedb.sh --package=roundcube --version=0.8.2 --dir=`pwd`/SQL |
I upgraded my Mail-server to Debian 6 – squeeze, it was everything great till I started my Thunderbird and get this Message: Filesystem notification initialization error — contact your mail administrator (check for configuration errors with the FAM/Gamin library)
This error can be seen in your mail client and is often caused by Courier. If you are the administrator of the mail server, simply install libgamin instead of libfam as follows:
1 | aptitude install gamin |
Now restart all courier services:
1 | find /etc/init.d/ | grep courier | while read line; do $line restart; done |