10 straightforward but proven ways to harden your LAMP servers

Over the years I have had to harden a great number of LAMP boxes, I have found some methods work for better than others. I will now share with you all my favorite 10 along with methods to implement them on Debian/Ubuntu.

10. Lock SSH access right down. I do this by disabling root logins, disabling password authentication and using denyhosts.

To disable root logins do this: vi /etc/ssh/sshd_config and look for the following line: PermitRootLogin yes and change it thus: PermitRootLogin no

Building Debian FreeRadius package with EAP/TLS/TTLS/PEAP support

Debian's FreeRadius package is built without support for EAP/TLS/TTLS/PEAP because of the licensing problems of the OpenSSL library. But, if you want to implement 802.1x network authentication with strong security, you'll need it. This is a short tutorial that explains how to build Debian (sid aka unstable) package linked to libssl and with EAP/TLS/TTLS/PEAP support compiled in.

How to cleanup your GNOME registry?

[img_assist|nid=1030|title=|desc=|link=none|align=left|width=100|height=114]The other day I stumbled upon this neat tool that helps cleanup your GConf registry, called GConf Cleaner. While GNOME registry size isn't nowhere near the size of Windows registry, and thus shouldn't slow your computer too much, it's still nice to have a tool that cleans unused and obsolete entries.

Meet GConf Cleaner

Replaying terminal sessions with scriptreplay

OK, this is so cool and sexy, I really don't understand how I didn't find about this earlier. Possibly because it's the recent add-on to the well known script utility?

So, I suppose you all know about script. You type script, do your work, type exit, and you have your complete session logged in the file named typescript. Quite handy if you want to log everything you did in the shell for whatever reasons.

How to flash motherboard BIOS from Linux (no DOS/Windows, no floppy drive)?

[img_assist|nid=859|title=|desc=|link=none|align=left|width=180|height=155]You've finally made the move to a Windows-free computer, you're enjoying your brand new Linux OS, no trojans/viruses, no slowdown, everything's perfect. Suddenly, you need to update the BIOS on your motherboard to support some new piece of hardware, but typically the motherboard vendor is offering only DOS based BIOS flash utilities. You panic! Fortunately, this problem is easy to solve...

Step 1: Download FreeDOS boot disk floppy image

Soft scrollback for the Linux VGA console

If you're a heavy user of the Linux VGA console, you'll like this feature. Recent 2.6 kernels have added support for soft scrollback. This feature enables you to have much bigger scrollback buffer than the standard console has, at the price of slightly slower console output.

The scrollback buffer of the standard VGA console is located in VGA RAM. This RAM is fixed in size and is very small. To make the scrollback buffer larger, it must be placed instead in System RAM. We call this soft scrollback.

The flash plugin and X.Org 7.0 (X11R7) font problems

If you are lucky to have fresh X11R7 on your desktop with all its new features and nice filesystem layout you might have noticed that some things have compatibility problems with it. Namely, if you have flash plugin installed you might not see text in flash content displayed properly, depending on how your Linux distribution handled the upgrade.

Oracle10g on Debian Linux HOWTO

[img_assist|nid=379|title=|desc=|link=none|align=left|width=164|height=29]Is running Oracle10g on Debian Linux possible? Oh yes, definitely! And it runs great, really. It's even easier to install than the older versions of Oracle as there are no problems with incompatible libc library & other bugs. You need to make just two simple preparations before you can enjoy your new development database.

Subscribe to RSS - howtos