Making your SSH service secure

SSH is extremely versatile and can be used to both mange your server and copy files to your server. Unless you have a real good reason to be using FTP still you really shouldn’t be (and you certainly shouldn’t be using telnet any more!)

It’s certainly worth taking some time to make sure your SSH service is secure and there is plenty you can do to accomplish this.

Here’s what I do with my servers plus some links to other things that you can do.

1 – Make sure you are running the latest version of the SSH daemon software

2 – Install denyhosts

Denyhosts can be configured to stop accepting connections from IP addresses that have made too many failed login attempts. It is configurable so you can specify how many failed login attempts to allow before the host is blocked, how long the host is blocked for … 

Continue reading

What does my website look like?

So, maybe everyone knows this already, but …

I’ve only just started started designing websites and found this useful site – http://browsershots.org/

It will show you what your website looks like when viewed in different browsers, on different platforms. It actually shows you a screen grab of the page.

Turns out IE5.5 doesn’t like my transparent png, nor does it like something in my stylesheet!

Modifying subinacl exports with a bash script

We are currently in the process of migrating our users from one Active Directory domain to another.

The users already exist in the target domain so we were looking to mass change our NTFS permissions to include the user from the new domain whilst also retaining the permissions from the old domain.

A tool that Microsoft supplies looked ideal for the task – subinacl – apart from in one respect – the tool was deigned to replace permissions instead of adding to them. The way we got round this problem was to edit the export from subinacl and add in the new permissions that we wanted and then to run the export file against the NTFS volume.

So this was a 4 step process.

Continue reading

What to consider when you’re looking for a VPS?

Here are several areas you should consider when looking for a VPS – I’m sure there are others! Please let me know if you think of any and I’ll add them to the list

Memory: When I first started looking for a VPS I was shocked at how little memory you got. 256MB sounds like a ridiculous amount – however, you have to remember that a lot of the memory that the Linux kernel is using does not come out of your allocation. Also, programs these days expect there to be a lot of memory available on the server. If you’ve only got a small amount then you can tweak the configuration files (of apache, mysql, etc …) to use less memory. Sometimes this will degrade performance to an unacceptable level but often not.

Continue reading

What is a Virtual Private Server (VPS)?

Virtual Private Server (VPS) or Virtual Dedicated Server (VDS) are two terms that describe the same thing – a share (or slice) of a physical server. VPS’s are becoming very popular amongst web hosters and developers who’s sites requirements are greater than a shared hosting supplier can provide, but do not yet demand their own dedicated server.

With shared hosting you get some web space that you can run your site on, however, problems can arise if your site is too busy (it can affect other users with that shared hosting provider) or, if the software that you want to run (mailserver, web blog, picture gallery, bulletin …) has certain requirements that a shared hosting provider does not provide.

Continue reading

Permission troubles with Xen?

Thought I’d post a quick message about something that kept me busy for way too long!

If you get any permission errors while trying to setup Xen along the lines of …

Access denied ...

Unable to access ...

Device xxx (vbd) could not be connected ...

... does not exist

then it may be worth checking if you’ve got selinux enabled. Check the file /etc/selinux/config and try changing

SELINUX=enforcing

to

SELINUX=disabled

and reboot to see if that cures your problems. If it does then you can either leave selinux disabled (ensure you know the consequences of doing this) or grant the required permissions for selinux.

Getting the DID number from a CallCentric SIP trunk for FreePBX

I’ve got a few DDI numbers from CallCentric all around the world (UK, US, Australia) and couldn’t figure our how to setup an ‘Inbound Route’ in FreePBX that used the number that had been dialled to route the call.

It turns out that you need to extract the number from the ‘SIP header’ information and there’s no setting in FreePBX to do this so it means hacking at the Asterisk config files just a little.

Continue reading

Dell/MediaDirect wiped my data!

I’ve used Dell laptops for a while and when I was looking for a new one about a month ago I was interested in a Dell Vostro as I’d read good things. One of the good things I’d read was that you could order it without all the crapware that comes installed on most machines these days.

So I brought a Vostro 1400 and was pretty pleased with it. One of the first things I did was *wipe all the partitions* on the drive and set it up to dual boot between Windows Vista and Ubuntu – with a nice big partition to store my data. This could then be accessed from both Vista and Ubuntu – ideal.

Continue reading

Compiz Fusion: Such a sucker for eye candy

Compiz is a 3D desktop environment (that used to be called Beryl) that can be a very nice place to work. I’m a sucker for Screenshot-3eye-candy, true, but even with most of it switched off the result can be a pleasant, and maybe even more productive, place to be. There are literally hundreds of videos on YouTube to give you an idea of what Compiz looks like – see here. One of the most noticeable effects is the ‘wobbly windows’. This give the windows some ‘flexibility’ and also gives the desktop some ‘friction’ The effect is quite stunning, especially as the contents of the windows update while they are being dragged.

OK, that looks nice but it’s not really that useful – one thing that is useful though is the desktop ‘cube’ effect. Your desktop can have up to 16 faces that are rotated in 3D. Now, I must admit that I also have dual monitors, so I have a lot of ‘desktop real estate’ already, but having the ability to have different ‘cube faces’ with work tasks grouped on them is great. I very rarely press Alt-Tab any more (even though the 3D application switcher effect is quite nice also) because my applications don’t stack on top of each other very often – they’re on different cube faces. I’ve also got my mouse setup so that if I rotate the mouse wheel while at the edge of the screen the cube rotates. This makes quickly switching between different applications very fast.

Continue reading

ZFS: The future of filesystems?

ZFS is the (relatively) new filesystem from Sun with some fascinating properties. Here are some headline facts just to get your attention – the maximum size of a single file on a zfs filesystem is 16 ExiBytes (that’s 1000 million gigabytes), it’s possible to take a complete filesystem backup (snapshot) in a few seconds and you’ll never have to fsck your filesystem again to make sure it’s not corrupt.

So, sounds pretty impressive, heh? So what makes all this possible?

There are 3 main components to zfs that enable a lot of the cool functionality. If you’ve used a NetApp OnTap based filer before then these will sound familiar (hence, Netapp and Sun’s lawyers getting in a bit of overtime).

The first component is the Copy On Write transactional model (COW). This means that when a block of data on the filesystem changes it is not overwritten, a new block is created and the metadata for the file that has changed is updated.

Continue reading