Keeping a server secure online is hard. It takes constant vigilance, but there are things you can do to give yourself the best chance of avoiding a hack. The consequences of an exposed port that you've forgotten or never knew about can be dire. What's more, while IPtables is a fantastic bit of kit, it's not always obvious what's on the list of ports that are open and when that list changes. All Devopera machines, the free VMs we release and our server builds, feature a firewall and a... + read more
I spend a lot of time looking into misbehaving servers. Most of the time, it's because someone, somewhere is trying to goad a machine into misbehaving. That's not to say their intent is malicious, only that for one reason or another their activity is influencing the performance of the machine; it's causing it to run slowly, consume excessive resources or crash. On every Devopera build, we include an array of tools that make that job a little easier. htop - for monitoring process load... + read more
Most of our PHP builds are based on Zend Server, but just occasionally we'll need an up-to-date Apache for PCI compliance. doapache handles most of the details, but it relies on Puppet Labs' apache module. The module was locating the HTTPD pidfile in /var/run/, but it didn't update the /etc/init.d/httpd start/stop script. That means that Apache could start properly, but not stop, because it couldn't find the newly created pidfile. The solution was to make the symlink in /etc/... + read more
I've been doing some compliance work this week. Frequently Devopera clients need the servers we support to pass pre-emptive PCI scans from the likes of McAfee and Comodo / HackerGuardian, which necessitates patching a few daemons, such as Apache HTTPD. This week I had to install Apache HTTPD 2.2.29 (current at the time of writing) on Cent OS 6. Here are the compiled 64-bit rpms for Apache and the dependencies that you can't get from yum: apr-1.5.1-1.x86_64.rpm apr-debuginfo-1.5.1-1.... + read more
It's the smallest details that make for a good server config, like folder permissions. We setup files and folders with the right permissions to avoid latent problems. For example, on one of our dev VMs: Stick bits The web user originates files by SSH or Samba that the web server will later access, through its www-data group. When creating those files, through whatever mechanism, they need to be given the right permissions. 640 on the files (web user r/w, web server r, all -) and 750 on... + read more


Subscribe to Blog

Recent Articles

published 3 years 1 month ago


Follow Us

Twitter icon
Facebook icon
LinkedIn icon
SlideShare icon
YouTube icon
RSS icon