-
-
-
- Austria (27)
- General (16)
- HowTo (122)
- IT Security (129)
- Linux (127)
- Networking (65)
- Other (3)
-
- CDemu - a free, gpl cd/dvd-rom device emulator for linux
- heatpumpMonitor - Monitoring a Stiebel Eltron LWZ
- ignis backup tool - the heat-strengthened backup tool
-
- December 2021 (2)
- September 2019 (1)
- May 2019 (1)
- April 2019 (1)
- January 2019 (1)
- October 2018 (1)
- August 2018 (1)
- February 2018 (1)
- September 2017 (1)
- August 2017 (2)
- May 2017 (1)
- April 2017 (1)
- February 2017 (1)
- January 2017 (2)
- December 2016 (1)
- November 2016 (2)
- October 2016 (1)
- September 2016 (1)
- August 2016 (1)
- July 2016 (2)
- April 2016 (1)
- March 2016 (3)
- February 2016 (4)
- January 2016 (2)
- December 2015 (2)
- November 2015 (2)
- September 2015 (2)
- July 2015 (5)
- June 2015 (4)
- May 2015 (2)
- February 2015 (1)
- January 2015 (4)
- December 2014 (1)
- November 2014 (5)
- October 2014 (4)
- September 2014 (1)
- August 2014 (4)
- July 2014 (3)
- June 2014 (5)
- May 2014 (5)
- April 2014 (1)
- March 2014 (2)
- February 2014 (3)
- January 2014 (5)
- December 2013 (2)
- November 2013 (3)
- September 2013 (3)
- August 2013 (2)
- May 2013 (4)
- April 2013 (1)
- March 2013 (1)
- February 2013 (3)
- December 2012 (3)
- November 2012 (3)
- October 2012 (1)
- September 2012 (2)
- June 2012 (1)
- May 2012 (1)
- April 2012 (1)
- March 2012 (1)
- February 2012 (1)
- January 2012 (1)
- December 2011 (4)
- November 2011 (1)
- August 2011 (1)
- March 2011 (1)
- October 2010 (1)
- May 2010 (3)
- January 2010 (1)
- September 2009 (1)
- August 2009 (5)
- July 2009 (5)
- June 2009 (4)
- May 2009 (1)
- April 2009 (1)
- January 2009 (1)
- December 2008 (6)
- November 2008 (6)
- October 2008 (2)
- September 2008 (11)
- August 2008 (4)
- July 2008 (7)
- June 2008 (2)
- May 2008 (7)
- April 2008 (5)
- March 2008 (9)
- February 2008 (15)
- January 2008 (11)
- December 2007 (3)
Simple way to secure a MySQL installation
May 27, 2013
I now know this script was there for years but I just found it some month ago, when I installed MySQL on a CentOS and it told me to use it. But I checked, it is also present on an old Ubuntu 8.04 LTS (released 5 years ago). The script is called:
/usr/bin/mysql_secure_installation
Here are the questions you get asked by it:
Change the root password? [Y/n]
Remove anonymous users? [Y/n]
Disallow root login remotely? [Y/n]
Remove test database and access to it? [Y/n]
Reload privilege tables now? [Y/n]
You really should run this program as it makes the basic securing of MySQL really easy.
Microsoft Remote Connectivity Analyzer
May 23, 2013
By pure luck I found the Microsoft Remote Connectivity Analyzer as I’m not into the Microsoft world. Anyway this web site lets you test easily if the Groupware server you’re using is configured correctly. For example if you’ve problems connecting/syncing with your mobile or tablet to a server via ActiveSync. This protocol is not just used by Exchange but also by some OpenSource Groupware applications. Anyway its a nice link to know.
How to get Tiny Tiny RSS running on a half-way secure PHP setup
May 20, 2013
As Google is discontinuing their Google Reader I needed to look for alternatives and after some looking I went for Tiny Tiny RSS, which I can run on one of my web servers. At least this was the theory :-). The problems I faced were that Tiny Tiny RSS seems to have problems with a half-way secure PHP setup, and I needed therefore to make some changes to get it working. As I didn’t find that much documentation on this topic and it seams the Tiny Tiny RSS developers are not really security affine.
1. open_basedir is not supported
I did as described in the Install Notes and went to the http://your.site.com/tt-rss/install/ URL to use the installer to configure my Tiny Tiny RSS, but I was prompted with this error message:
PHP configuration option open_basedir is not supported. Please disable this in PHP settings file (php.ini).
I searched through the Internet and it seams that some obscure errors can occur if you use open_basedir. But to me it seem more like: I (=developer) don’t have the problem and the user has it and he has open_basedir activated so this must be the problem. Anyway, open_basedir is an imported security measure for PHP hosting, do not ever disabled it, specially if you have more than one vhost. I running with enabled open_basedir for 2 weeks now without getting any obscure errors (or any errors at all). At the time of writing this blog post I was running PHP 5.3.23 and 5.3.25 on this server.
After these preliminary words – how did I get rid of this error messages? Simple I just commented raising of the exceptions out. For this open the install/index.php in a text editor and search for the line containing “option open_basedir is not supported“, comment it out like this:
And you need to do the same in the include/sanity_check.php file:
2. passthru disabled
I wanted to call the ./update.php --daemon command from the command line but I got following error message:
PHP Warning: passthru() has been disabled for security reasons in /var/www/xxxx/html/update.php on line 150
This is because a secure configured default php.ini has following set:
disable_functions = exec, passthru, shell_exec, system, proc_open, popen, curl_exec, curl_multi_exec, parse_ini_file, show_source
I remove disabled functions per vhost so I don’t have the least common denominator for security. In this case needed to make sure that the update.php called via the command line uses a custom made php.ini. I therefore created this bash script.
#!/bin/bash
export PHPRC="/var/www/php/xxxx/"
./update.php --daemon
In this directory a special php.ini is located which has passthru enabled.
3. undefined function posix_getpid
I wanted to use the update_daemon2.php script as it is recommended but I got following error message:
[09:48:30] [MASTER] installing shutdown handlers
PHP Fatal error: Call to undefined function posix_getpid() in /var/www/xxxx/html/update_daemon2.php on line 223
PHP Fatal error: Call to undefined function posix_getpid() in /var/www/xxxx/html/update_daemon2.php on line 236
PHP Fatal error: Call to undefined function posix_getpid() in /var/www/xxxx/html/update_daemon2.php on line 99
The solution on Centos/RHEL/SL is easy, just install the posix package for php:
yum install php-posix
I hope this post helps others which move to Tiny Tiny RSS and still want a reasonably secure PHP setup.
ncdu is better than calling “du -hs *” multiple times :-)
May 12, 2013
I was searching again for some directories or files on one of my servers, which were filling the hard disk. Normally I used du -hs * starting via / and going downwards in the directory structure …. but not this time … I went on the search for a command line program which makes that easier … and I found it: Welcome NCurses Disk Usage.
On CentOS/RHEL/SL you need the EPEL repository and than just type yum install ncdu. On Ubuntu just type sudo apt-get install ncdu.
If you use it via SSH it is recommended to use the option -q which does according to the manual:
-q Quiet mode. While calculating disk space, ncdu will update the screen .10 times a second by default, this will be decreased to once every 2 seconds in quiet mode. Use this feature to save bandwidth over remote connections.
And as I normally know on which partition I want to look (df -h tells me which hard disk is getting full 🙂 ), I use following option too:
-x Only count files and directories on the same filesystem as the specified dir.
which leads to this output after starting it:
Powered by WordPress
Entries and comments feeds.
Valid XHTML and CSS.
28 queries. 0.041 seconds.