Das hier könnte interessant sein:
Das hier könnte interessant sein:
Due to the increasing spam comments i decided to close the comment function in this blog.
Maybe there will be something new next year – maybe not
A quick test if the webserver on my debian VPS is also vulnerable was successful.
But the proposed workaround works quite well for me.
Here are the steps, that I did to prevent my own apache webserver from being exploited (default apache2 installation debian squeeze):
GREAT! Simply trick, but works fine.
For a public surfstation available for free we needed to have a system, that just simply always works. No user should be able to reset any configuration-settins, change the wallpaper, modify favorites or anything like that. The decision of the operating system was easy: Linux!
The needed tasks to install this system are the following:
- Download and install Ubuntu (the “Gnome Edition”) with all updates (there should be tons of howtos for this in the net)
- During the installation create a user that will be automatically logged in.
- Disable all keyboard-shortcuts in the system-settings dialogue.
- Install the following two addons in Firefox: BlockSite and OpenKiosk
In the OpenKiosk Adminscreen (can be started directly from Firefox) you can customize your “hardened” Firefox. I personally set fullscreen mode, increased the reset interval to 3 minutes, enabled a 30 seconds warning before the reset and removed the Print button and zoom controls.
- Configure Firefox to start automatically when the user logs in.
- Create the file /etc/X11/xorg.conf with the following content. This disables the Ctrl+Alt+F1,Ctrl+Alt+F2, etc. shortcuts for switching through the gettys.
- Mount the root Filesystem readonly with the aufs Filesystem. This ensures that a reboot of the Surfstation/Terminal resets everything to default settings (although there shouldn’t be many changes besides the browser history) Here is a great Tutorial for that.
A long time has passed after the last post to this blog. But I’m still alive and today there will be another.
Yesterday I stumbled upon some problems in our virtual infrastructure regarding the Debian Linux Servers. For several reasons (most important is a dedicated network for NFS) i needed to add another virtual network card to those servers. I also removed the existing card, because the type of that card was still “Flexible” and I wanted to change that to “E1000″ anyway.
So in short: 1 card (Flexible) was removed, 2 cards (E1000) were added. Sounds easy, but it wasn’t!
The interfaces don’t come up and i had no idea why!
After some investigation this issue seemed to be related to udev. The MAC address of the old NIC was still in the file /etc/udev/rules.d/z25_persistent-net.rules, but of course the MAC has changed after migrating to the new E1000 card.
The solution is to edit the above mentioned file and replace the wrong MAC address value(s) with the new ones.
After that the appropriate servies need to be restarted:
or in short:
Note to myself:
1. File => Open
2. Image => Mode => Grayscale
3. Edit => Copy
4. Edit => Undo
5. Layer => New => Transparency => ok
6. Edit => Paste
7. Layer => Anchor Layer
8. Layer => Mask => Add Layer Mask => White (full opacitiy) => Add
9. Now use the Paintbrush-Tool to (re)color the parts of the image you like
Here’s a sample image:
Most of the mysql-admins out there will know phpmyadmin as a very helpful and reliable database administration tool. It’s available in most linux distros, can easily be installed and is for sure a very nice tool. Today I stumbled upon an alternative mysql administration-tool driven by php called chive.
From the project-website you can quickly see, that it already has a vast feature list and doesn’t need to hide after phpmyadmin.
My first impression is absolutely great and i think this tool can drain off phpmyadmin one day, but that’s of course a very subjective opinion.
More screenshots can be found here: http://www.chive-project.com/Screenshots
About two and a half years ago i ordered a virtual server for private purposes at Server4you. That was quite a long time ago and in the meantime you can get the same server for less money or a better server for the same price
As migrating from an old productline to a new one isn’t possible at Server4you I decided to order a new server and migrate all my services to it so that i can quit the old machine afterwards.
And here we go:
LAMP (Linux, Apache, MySQL and PHP) is quite common and i also used this setup (Apache with mod_php) for hosting some small websites on my old server. The planned migration made me think about alternatives and I crawled through many blogposts about NGINX – a webserver which gains more and more popularity in our days (see this survey for more details).
Therefor i decided to give it a try and that’s where LEMP comes from (NGINX is pronounced as Engine-X)
Another new thing i wanted to try out is the integration of PHP in a different way. A project called PHP-FPM (FastCGI Process Manager) adds some new features to the ‘normal’ FastCGI implementation. It’s more or less a patch for the PHP sourcecode and it seems like it will go directly to the PHP core with PHP version 5.3.3.
After a bit of compilation and writing some scripts to automate this for future use all the websites (mostly WordPress) run on my LEMP setup. To get SEO-friendly URLs with WordPress on nginx is a bit more tricky than before, because .htaccess files are not beeing parsed by nginx, but the effort is really worth it.
Here is a related snippet from my nginx configuration file for this blog (slightly modified):
And this is the content from /etc/nginx/wordpress_params.regular:
To be honest, I didn’t measure the differences between the performances of both setups, but I can really feel, that the webpages are being loaded much faster than before and also the memory consumption of nginx is absolutly awesome. So I’m quite happy with this new setup, but sometimes there are still some pitfalls to deal with.
Once in a while (hopefully not to often) you need to recover the root password of a mysql database. Here is a quick guide how I do this normally:
1. Stop the running database (if it isn’t stopped already)
2. Start the database with the ‘skip-grant-tables’ option
3. Open the mysql console
4. Set a new password for root (replace yournewpassword with a password of your choice)
5. Make the changes work immediately
6. Stop the database again
7. Start it up again the usual way