You are here

Risharde's Blog

suPHP versus modPHP

So I've been testing both and there are a few trade offs here between suPHP and modPHP.

MODPHP Security
Firstly to get started, modPHP is supposed less safe sine PHP will run as apache thus a compromise on one website can lead to the reading of other directorys/websites of other users within the same linux server/box.

suPHP Security
suPHP security is indeed a notch higher when configured properly. Basically each user has their own username and suPHP will basically allow their website or in this case apache to run under the specific username. This means that if a website of a specific user were to be compromised, it would be much harder to get access to other websites on the box not running under the compromised user account.

HOWEVER, there is a catch
After my testing, I've noticed that suPHP is a bit slower but more importantly extremely CPU and memory intensive compared to its less secure modphp counterpart. At 50 users, the load on my server went up to 10.x which I have never seen happen with modphp. In fact, modphp wouldn't even break a serious sweat with this number of clients. More worrying is that suPHP used nearly 2 GBs of RAM during this 50 user load test while modPHP didn't go over 1 GB...

So really, the choice is up to you when it comes down to the security vs resources issue. I'm going to try caching with suPHP and see if that helps at all.

Converting between MySQL database engines

I can't remember where I got this, but this works

To convert from INNODB to MYISAM (MYSQL)

SELECT CONCAT('ALTER TABLE ', table_name, ' ENGINE=MYISAM;') as ExecuteTheseSQLCommands
FROM information_schema.tables WHERE table_schema = 'yourdatabasename'
ORDER BY table_name DESC;

To convert from MYISAM to INNODB (MYSQL)

SELECT CONCAT('ALTER TABLE ', table_name, ' ENGINE=INNODB;') as ExecuteTheseSQLCommands
FROM information_schema.tables WHERE table_schema = 'yourdatabasename'
ORDER BY table_name DESC;

#LinuxHelp on IRC.FREENODE.NET

This place has some seriously skilled linux gurus...
I had a problem when I tried to install qmail in which I couldn't find out why ~qmail at the command prompt was pointing to the wrong directory. After a few questions from a linux guru named 'amrit', he figured out it was actually due to me creating a qmail user in the /etc/passwd which defined the user's home as the wrong directory in question

So it wasn't an actual alias or symbolic link.

Thanks Amrit , I hope someone is as kind as you were to me ;)

--------
Additional explanation below:
I could be wrong but I think it constitutes to the bash's tilde expansion however I was on the wrong track thinking it was either an alias or a symbolic link. Essentially I installed qmail twice. During the first install, I created some users for qmail to work with home directories so there was an alias username pointing to /dirA . When I did the install the second time, I changed the directory location for the install and during the creating users process, the users already exists so useradd command did not re-create since they already exists, thus the old directory stayed. so when I typed ~alias it was pointing the old directory of the user named alias. Hope that makes sense lol

NAT forwarding on OpenVZ Linux (iptables)

This allows NAT (basically for routing internet) for your VPN
iptables -t nat -A POSTROUTING -j SNAT --to
iptables -t nat -A POSTROUTING -s /8 -o venet0 -j SNAT --to-source

List/Check the rules
iptables -t nat --list

Enable ipforwarding for ipv4 via /etc/sysctl.conf

Getting Unix Bench to run on CentOS

Okay, firstly you have to download Unix Bench via http://code.google.com/p/byte-unixbench/

You can use the wget command to do this

Next, after you download the unixbench.tar.gz file, you need to extract the files from the archive.
I use: tar -xvf unixbench.tar.gz

Make sure to install the libXext packages
I use: yum install libXext*

Go into the unixbench folder via the command line interface and type

./Run

That's it

Good luck! ;)

Normal Contracts Vs. Service Level Agreements

I have been thinking about how service contracts work in the communications industry with the largest players being Digicel, TSTT and Columbus Communications (FLOW). My main comparison will be between TSTT and Columbus Communications bearing in mind that I in no way believe I know much about the legal aspects.

I have noticed that nearly all TSTT services require a year long contract which disturbs me after experiencing a horrible track record of bad experiences with this large company. The impression I now have is that companies in Trinidad that lock you into yearly and / or long term contracts are not looking out for the consumer. I would like to further express that it seems that these companies that have such contracts are more interested in the long term money and profits they achieve while not sustaining or committing to proper customer care and providing the best value for money. In essence, the contract seems to be there to disuade you from moving to companies that may have better packages and short term contracts (if any at all) and in many cases with cheaper prices. Therefore you should ask yourself and / or remind yourself that if you decide to take such long term contracts, YOU ARE SUSTAINING THESE COMPANIES AND ENCOURAGING THEM TO OFFER YOU POOR SERVICE AND / OR EXPENSIVE SERVICES REDUCING THE VALUE OF THE MONEY YOU HAVE.

Let me alternate the perspective I am sharing here to express what I believe logically and makes "common sense". If a company offers you normal month to month billing, then it is in the best interest of that company (for example: Columbus Communications aka "FLOW" to the typical Trinbagonian) to provide adequate services and / or maintain or intend to maintain a failry high level of customer satisfaction on a monthly basis. The consumer power is therefore "more powereful" in this scenario because the customer has the choice without penalty to stop paying for poor service which implies some form of fairness (Good Service=Continuous profits).

These contracts should not be confused with Service Level Agreements which deal more with maintenance of good service versus rebate for inadequate or poor services.

So what am I trying to say?
Simple, you wouldn't want to hire someone you didn't know to construct your house on a yearly contract because if that person doesn't deliver, the only party losing out is you... so why choose a company such as TSTT where you have to sign up for a whole year to get a price for internet which is still more than paying a company like Columbus Communications a lower price on a month to month basis for two times more internet bandwidth / speed.

If you can't understand that, I can't help you with anything else. If you do understand and agree with what I just said then I give you kudos where kudos is deserved.

Fail2ban 0.8.8 configuration to block SSH bruteforce on CENTOS

Okay, so I'm relatively new to fail2ban and after installing fail2ban from the source tar.gz files, I noticed the that the /etc/fail2ban/jail.conf settings for blocking ssh looked a bit odd concerning the "log" file it was suppose to scan. By default, the configuration looks at the /var/log/sshd.log file which does not exist in CENTOS 5 so after some research, I found out that the log file should be set as /var/log/secure . The clause should look like the following:

[ssh-iptables]

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=risharde@gmail.com, sender=fail2ban@dev.risharde.com]
logpath = /var/log/secure
maxretry = 5

In the above, please replace my email address with your email information...

Good luck!

Toast to the bridesmaids examples

VERSION 1
Thank you Master of Ceremonies, family, friends, distinguished guests.

Firstly, to my and his lovely bride congratulations!

Today, I am ecstatic being given the envious opportunity
to propose a toast to 7 beautiful, elegant, charming, stunning,
exquisite, intelligent young braidesmaids and of course to thank
God that none of them fell in slow motion style at the altar!
Ladies and gentlemen, please raise your glasses as we toast
to the bridesmaids. Bridesmaids, we salute you!
Thank you

VERSION 2
Thank you Master of Ceremonies, family, friends, distinguished guests.

Firstly, to my and his lovely bride congratulations!

Today, I am ecstatic being given the envious opportunity
to propose a toast to 7 beautiful, elegant, charming, stunning,
exquisite, intelligent young braidesmaids and of course to thank
God that none of them fell in slow motion style at the altar!
Ladies and gentlemen, please raise your glasses as we toast
to one of the best support systems a bride could ever have.
Bridesmaids, we salute you!

VERSION 3
Bridesmaids form part of the integral structure of support before, during and
after weddings. Without their final approval of the groom, no wedding would take place!
Today, I am ecstatic to salute 7 beautiful, elegant, stunning,
exquisite, intelligent bridesmaids that adorned the bride!
Ladies and gentlemen, please raise your glasses as I toast to these young ladies.
Thank you.

Good luck!

SSH logins without password prompt

To generate a public key which is to be placed in the /home//.ssh/authorized_keys of the server you are trying to connect to. This will allow you to SSH without a password.

On the client machine, run: ssh-keygen -t rsa

Put this key into the authorized_keys in the remote computer :)

Presto

--Rish

If this helped you, please link back to the article! Thanks!

Pages