Random ramblings about CentOS, VMware, Apache/PHP/MySQL.
When you run PHP 5.1 or later and read your HTTP logs (you do that, right?) you’ve probably encountered numerous entries like:
PHP Warning: strftime() [<a href='function.strftime'>function.strftime</a>]: It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. [..]
Categories: PHP.
Sharing files or directories with users in separate groups often leads to permission issues. User A writes a file to a shared directory and then user B can’t access the file because the file has user A’s ownership. Luckily it’s rather easy to give the new file the ownership of the parent directory, instead of the ownership of the creating user.
Find out how to share a directory between users in different groups
Categories: CentOS Linux.
Logwatch is a great tool to get a daily digest of your system’s log files via e-mail. Reading your log files is important, so any tool that helps you do so is great appreciated. The problem with Logwatch however is that by default it reports on a lot of services, including Apache. Now, I’m not saying you shouldn’t read the Apache logs, but if you’re hosting a lot of virtual hosts then there are better ways to learn of problems than by Logwatch sending you megabytes worth of log by e-mail, daily.
Read on to learn how to disable certain services in Logwatch
Categories: CentOS Linux.
This post describes how to force strong passwords in CentOS. Of course, when possible, you should use public/private key-based authentication. You still need strong passwords however, for giving sudo access for example. Also, sometimes you’re in a situation where key based authentication is a burden on your users. In any case, you absolutely need to force strong passwords.
Read on to learn how to force strong passwords in CentOS Linux
Categories: CentOS Linux.
It’s always scary to manage firewalls remotely and iptables is no exception. A simple slip-up can lead to you blocking all external traffic to the system. This is especially terrifying when getting physical access to the system is hard, for example when it’s a in a data center 2.000 km away. Luckily, there’s a clever trick to safely manage iptables.
Read more to learn how to manage iptables firewall rules remotely
Categories: CentOS Linux.
Screen is a fantastic screen manager that doesn’t need an active TTY to keep a session alive. In simple words: when you are working on something and your SSH connection drops you can simply reconnect and carry on later, without any processes getting killed due to your disconnect.
Categories: CentOS Linux.
For a lot of systems the local MySQL database server doesn’t need to be listening on the external IP address(es). When the applications and websites hosted on your system are the only ones connecting the MySQL databases it makes sense to only listen on localhost. This protects you from remote weak password brute-forcing and remotely exploitable MySQL database server vulnerabilities. Of course you still need a good firewall configuration, but this is just another security measure.
Read more about configuring MySQL to only listen on localhost
Categories: MySQL.
Keeping your systems up to date is one of the main priorities of system administrators, especially when it comes to security updates. Some updates are rather safe to execute. Something like ‘wget’ is generally safe to update at any time, unless you have scripts depending on it. Other updates have much more dependencies. Apache, PHP, MySQL are good examples of this, but what about kernel updates? Kernel updates require a system reboot (unless you use Ksplice). Let’s see how we can manage them in Yum.
Categories: CentOS Linux.
Any Linux system generates a lot of e-mail addressed to the root user. Cronjobs, but also tools like DenyHosts, periodically send e-mail to the root user. It’s quite possible you didn’t know that. Most Linux distributions never ask for an external root e-mail address and happily deliver their messages to the local root users.
Due to this you might be missing a lot of important e-mails, so it’s recommended to actually read your root e-mail. You probably don’t want to read your mail locally on all your systems. Instead, configure your system to forward all root mail to your external e-mail address. Configuring this is really simple.
Read on to learn how to forward root e-mail to your e-mail address
Categories: CentOS Linux.
Sometimes it makes sense to password protect all files using .htaccess, except for a certain file. A good example of this is the robots.txt file, used by search engines to decide whether or not to index a certain file. Today we’re going to do exactly this.
Categories: Apache HTTPd Webserver.