This page is an archive of my old blog. Please visit DavidTucker.net for my current blog.
This site is no longer being maintained and commenting is disabled.
Currently Browsing: Linux

Creating Reference File Sizes

There are times (for benchmarking purposes) that you want to work with a file that is exactly 1 MB (for example). For a presentation next week I am testing how certain aspects of AIR perform with specific amounts of data. To accomplish this, I use one very powerful and dangerous command line utility (for both Mac and Linux): dd.

(more…)

Keeping Old Links Functional

When a site is completely redesigned in such a way that the URL structure will change, it is important to keep your old links functional. Recently, a large organization (which shall remain nameless) retooled their website. This included changes to several often used URL’s. This organization also had many smaller sites that referenced these URL’s. By utilizing the Redirect directive in Apache – you can easily map the old URL’s to the new locations. If this organization had followed these steps, the developers could have avoided several angry emails.

(more…)

Need Help – New Dedicated Server Host

The current company (which shall remain nameless for the moment) that I lease servers from has had a rough month. There have been two times that the service has been down for over 2 hours (each time). This has been a bit rough for me to explain to some of my customers. I feel the need now to switch to a different host for my servers. Here are some of my requirements:

  • Must exist in a virtualized environment
  • Must offer CentOS 4/5 or RedHat Enterprise 4/5
  • Must give full root access

Does anyone have any suggestions? Has anyone used Myriad Network VDS’s? Thanks in advance for your input.

The Way the Rest of the World Views Linux

I ran across this comment on a ZDNet article. This one made me laugh. I do realize though that this must be the way that the rest of the world views Linux. While I still use a Windows machine as my daily development machine, all of my servers that I own or manage are running Linux (Redhat Enterprise / CentOS). The concept of Open-Source (specifically an Open-Source Operating System) is so hard to get outsiders to understand.

Why Linux Will Not Displace Windows – Comment

Installing a Secure Certificate on a Linux Server

Secure certificates have become increasingly cheaper since their inception. Until you have purchased and installed one there is a bit of mystery around the process. This mini-tutorial will specifically deal with installing a Standard SSL Certificate from GoDaddy on a Redhat Enterprise Linux 5 (or CentOS 5) server with Apache 2.2 installed. It should be very easy to modify the content of this tutorial for other certificate authorities or flavors of Linux.

(more…)

Linux Commandment 1 – Close Thy Ports

Linux adoption seems to be going through the roof as of late. What does this bring us – a lot of new Linux users. I would be willing to bet that some of those users have set up a basic web server – for development, testing, or even production purposes. When I first set up a Linux web server (in 2000), my machine got hacked in two days. I got an email from a research institute in California saying that my server was attempting to log into their servers. I had to pull the plug. The first tip for aspiring server administrators (and one that could have saved me in 2000) is to close all unnecessary ports.

Definition:
Necessary Ports – any port that is needed by the general public to view the content on your machine (there is only 1 exception to this rule)

As I said – there is one exception to this rule, port 22 (for SSH). If you have a single server that is remote – you will need to have this port open. However, if you know that you login from the same IP address each time, you can limit port 22 to that IP address. This is the port that we will use to gain access to all of the other ports that we need to use on the machine. This process is know as SSH Tunneling, and it is supported by most major SSH clients (including Putty, which is free).

There are many ports that are left open on dedicated servers that don’t need to be open: MySQL (unless you need to access your databases directly from another server), Plesk (unless your hosting customers need to log into it), DNS (if it isn’t a DNS box), and Webmin. These are only the tip of the iceberg. If you rent a dedicated server from a company, it usually will have anywhere from 10-20 ports open for such things as Internet printing and windows file sharing (through Samba). This opens up some BIG security holes that need to be fixed. Here is where SSH Tunneling comes in.

Definition:
SSH Tunneling – allows you to access any port on a remote computer by passing all of your data through the SSH (Secure Shell) port 22. This allows you to block ports to the outside world, but keep them open for you.

Example – Access to MySQL via SSH Tunneling

First, we are going to close the MySQL port on our server so that is only available to localhost. Unless you have changed it, MySQL should operate on port 3306. If you are running a Red Hat Linux, you can comment out the lines in /etc/sysconfig/iptables that have port 3306 listed. This works if you have a properly configured firewall already. Be sure of that first. Get more information about IPTables here. Once you have blocked port 3306 to the outside world, restart IPTables (or the firewall your system uses). In Redhat this can be accomplished by running “service iptables restart” as root.

MySQL has some great tools that you can use to administer your databases, users, and server processes. These come packaged together under MySQL GUI Tools on the MySQL site. To use these tools (if port 3306 is blocked on your firewall) you will have to set up an SSH Tunnel.

If you are using Putty, you can click the “Tunnels” option under “SSH”, you can add ports to tunnel. First, add the port you want to use on your local machine under “Source Port” (this doesn’t have to be the same as the port on the remote computer). Next, add your server hostname and port (like yourserver.com:3306) under the “Destination” field. Once you are done, click “Add” and then “Connect”. You are now tunneling in.

Now, you can access port 3306 on your remote server like below.

This principle can be applied to any port on any remote server that you have SSH access to. You can make your box infinitely more secure by closing all the ports that are not needed by the public. Oh, and Linux Commandment 2 will be – avoid FTP at all costs. This directly related to ports (will explain more in the next post).

Setting Up Your Flex Development Environment – Intro

I am going to be doing a multi-part tutorial on setting up your development environment for Flex. We will cover both Coldfusion and PHP Development as well as ways to track, control, and deploy your projects. This tutorial is for both people with and without FlexBuilder. Stay tuned.

Fedora, RHEL, and CentOS

I have had many developers ask me which Linux distro is correct for their development. Many developers are hooked on Fedora – because many of them had it pre-installed on their Dedicated Web Servers or Virtual Private Servers by their hosting provider. I currently have two servers that have various versions of Fedora, so I don’t want to seem like I am knocking it at all. However, I try to steer serious developers away from Fedora to either Red Hat Enterprise Linux (which is not free) or CentOS (which is free).

(more…)

RHEL 4 as a Webserver – Part 2

Installing Coldfusion MX7 Enterprise on Redhat Enterprise 4 (64-bit) was more difficult than I would have imagined. Adobe has been a bit unclear about whether the 64-Bit of RHEL 4 is actually supported. However, with quite a bit of command line work and some bullying of the Java Virtual Machine – we can get it working properly.

(more…)

RHEL 4 as a Webserver – Part 1

I have had so many requests for this article, I decided to move it from our internal wiki to the blog. So many people are running RHEL 4 and feel like it is too difficult to get PHP 5 and MySQL 5 on to the machine. This article shows that it is easier than you think – all thanks to the CentOS repositories. A little light command line work, a few downloads, and we are up and running.

(more…)