Currently Viewing Posts Tagged Linux

OpenSSH server Security Top 6

OpenSSH is very popular SSH server. Widely used on different Linux distribution. I used it for many years on my VPS server. It is easy to use, but security is the top issue for any server. Here is the top 6 security settings for Open SSH server.

To make it safe and minimize the risk, change the default setting and make it more safe.
OpenSSH setting file is located:

/etc/ssh/sshd_config

1) Only Use SSH Protocol 2
SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. SSH-1 is obsolete and should be avoided at all cost. Open sshd_config file and make sure the following line exists:

Protocol 2

2) Allow Only Specific Users or Groups (AllowUsers AllowGroups)
By default anybody who is authenticated successfully are allowed to login. Instead you can restrict which users (or groups) you allow to login to the system.

This is helpful when you have created several user accounts on the system, but want only few of them to login.

This is also helpful when you are using NIS, openLDAP (or some other external system) for authentication. Every user in your company might have account on NIS, OpenLDAP etc. But, on a specific server you want only few of them to login. For example, on production system you want only sysadmins to login.

Add the following entry to the sshd_config file to allow only specific users to login to the system. In the example below only ramesh, john and jason can login to this system. Usernames should be separated by space.

AllowUsers ramesh john jason

Add the following entry to the sshd_config file to allow only the users who belong to a specific group to login. In the exampe below only users who belong to sysadmin and dba group can login to the system.

AllowGroups sysadmin dba

Continue reading “OpenSSH server Security Top 6”

Is your Linux 32bits or 64bits

Some times you need to find out what version is your Linux OS. Just like when I need to download a module, I have to find out which one is right for my OS. Then I can download 32bit, or 64bit package.
The most common way to find your Linux installation is enter the following shell command.

uname -a

or

uname -m

i386 => 32bits, x86_64 => 64bits

Continue reading “Is your Linux 32bits or 64bits”

VPS of Canadian Web Hosting

Canadian Web Hosting offers two different types of VPS hosting, Linux and Windows running under Citrix Xenserver. They can choose different operating systems such as Windows 2008, Redhat, Debian, CentOS, SUSE, and Fedora.
As we know, many people use Windows desktop OS and know Windows only. So when they want to choose a VPS, they pick up Windows VPS.
Let’s look at the the service and price Canadian Web Hosting provided.
Say, VPS-Win 1000.
It has 20GB disk space, 1000GB Bandwidth. It is good enough for one or two busy forum or sites.
Two IPs. It is so good to have the individual IP. Especially for commerce site.
512M memory, 256Mhz CPU, are also OK.
For experienced Windows user, server is a little bit different. So Remote Desktop can help them manage Windows VPS server without problem. MS SQL 2008 express is included.
Firewall and Intrusion Protection are very important. I heard so many cases that site was hacked, site was hijacked. Just because the security issues.
So if you have a lot of Windows experience, and start to launch an web site, I recommend you buy this Windows VPS for $85.40/month.

Continue reading “VPS of Canadian Web Hosting”

How to upgrade Webmin

To upgrade Webmin, you need a webmin installation on the Linux first. 🙂
Say, from your desktop browser, enter https://yourlinuxbox:10000
It is security connection.
Then, do if as below:
To have updates installed automatically, go to the Webmin Configuration module, click on Upgrade Webmin and use the form in the Update Modules section.
The latest version of Webmin is 1.430

Path difference between Windows and Linux

Movabletype 4.01 has the internal upload facility, which can upload images to the assets manager.
My blog is always runing well on my Windows 2003, until I moved it to the Linux server.
The photo is not displayed on the sidebar. Only the file name is shown there.
After researching over 2 hours, I found the problem is the path.
Windows uses “\” as the path symbol. Linux uses “/” as the path symbol.
The path saved in the database is something like, “\images\photo-1.jpg”
It can not be displayed correctly in Linux server. Movabletype has not have the tool to change the path. I have to use PhpMyAdmin to change the path manually. It is saved in mt_asset table. Change the asset_file_path and asset_url to match Linux rule.
Then the photo widget shown properly and the page of manage assets can display image asset and preview popup can shown the correct image.
It is not the end. I have to check all my blog use the thumb image, which has some URL use the old Windows path. Manually change them again.
After these changes, all images use the MT4.01’s inclusive asset manager can be displayed perfectly.
Please be reminded thant when you move your MT blog from Windows to Linux. And also I think if the MT blog moves from Linux to Windows has same problems.

  • Archives