Posts tagged Security
Running suEXEC + FCGID
Mar 23rd
A long, long time ago (Internet years), our webmaster (and Mike) changed the ipHouse web-cluster to run PHP via FastCGI. They did this with the thought that FCGId would offer greater performance and stability while offering the same security as running PHP via the CGI interface.
Around the same time I also tried implementing FCGId in Ubuntu on one of my virtual servers. It worked well, but I thought it was a bit verbose. Recently, I took on the project to set up FCGId for a managed customer. I decided to ask our webmaster how he implemented FGCI via the FCGIwrapper primitive and still get suEXEC to work.
Log like a paranoid Lumberjack!
Feb 21st
Ok, so maybe I’m a touch paranoid, but I like logging. I also like monitoring, and statistics. I like to know what’s going on, when and how. I don’t mind a little noise, as long as I can quickly assess what’s happening with my servers.
More >
What is a WiFi Controller?
Jan 25th
Debugging IPSec VPNs in FortiGate
Jan 20th
Debugging IPSec VPNs in FortiGate
Debugging what is going wrong with a VPN setup is difficult. The IKE protocol is “chatty”, and negotiates back and forth between the two ends for several rounds. The GUI offers not much help, it is either UP or Down. Most of the real debugging happens inside the CLI.
One problem in particular that has always bugged me is that you need access to the end machines involved to initiate traffic across the link. The network admin typically doesn’t have direct access on the computers on either side of the VPN in order to initiate that traffic. I’ll show you a method that can be used to initiate traffic from that network as well.
More >
Kickstart your Linux install
Dec 30th
I’ll admit it, I’m not a huge fan of Red Hat Enterprise Linux. I’ll administer it, I’ve worked with it. It’s a good distribution. I just have a bad taste for RPM based distributions based on my first forays into Linux back in my Mandrake days. I also first started to professionally work with Linux during the last couple of years of RHEL 5, when things were getting long in the tooth. Red Hat’s release schedule also conflicts with what most of my users want and expect; it’s far more suited to an corporate environment where having the latest features is not nearly as important as having consistent software versions. That being said, Red Hat has some fantastic tools; Anaconda and Kickstart being my favorite. So I was overjoyed when I discovered Ubuntu had support for Kickstart files! The Ubuntu installer can take Debian style preseed directives but in my opinion is overly complicated.
A Kickstart file basically answers the questions that pop up in the installer as the installer goes removing the need for human interaction. If an question isn’t answered, the installer pops up with the proper dialog, takes user input, and continues. I can pick and choose what information I want to populate automatically and which information dialogs I want the customer to answer. In my auto install ISOs I prompt the customer for a username and password as I want the users to enter that information.
When I was tasked with making an auto installing ISO for our customers I was able to create one quickly by using a kickstart file.
More >
