If you get this message when trying to upload a file into wordpress admin area, this may mean that :
- the webserver doesn’t have the write permissions on the upload directory
- safe mode is enabled on the webserver
The easiest fix is to edit the value “safe_mode” to off in /etc/php.ini
YOU MAY NOT WANT TO DO THAT, THIS IS NOT SAFE
Read on..
Posted by JoshTriplett on Mon 23 Oct 2006 at 12:35
From : http://www.debian-administration.org/articles/449
SSH has numerous uses beyond just logging into a remote system. In particular, SSH allows you to forward ports from one machine to another, tunnelling traffic through the secure SSH connection. This provides a convenient means of accessing a service hosted behind a firewall, or one blocked by an outgoing firewall.
I’ll consider you already have a database running.
I’ll only review how to set up the SSL certificate and key and what to change in the config files.
If you get the error
socket: (13) Permission denied
while trying to connect to the cache manager of Squid using cachemgr.cgi, it probably means SElinux is enabled and is preventing cgi files from making TCP connections.
Quick and dirty fix : disabling SElinux
Edit /etc/sysconfig/selinux
Change the value SELINUX to “disabled”
Clean fix : make a rule in SElinux to allow the connection
I don’t know much about SElinux yet, so if someone feels like pointing me to the right direction or submitting something, it is welcomed 
From : http://blog.jploh.com/2007/06/14/how-to-install-munin-on-centos/
Munin is a monitoring tool for servers. It uses RRDtool to log and graph data from your servers. The plugin API is very easy to grasp. Actually, I haven’t read the API documentation yet. I just looked at the output of the plugins and it looks easy to achieve. The data can be accessed through the web.
This guide will walk you through installing and configuring Munin on CentOS 4.x.
The steps are pretty much the same for later releases of CEntOS, Red Hat, Fedora [Core] and/or Red Hat-based installations.
I used to use Amavisd-new on our email gateway at work. It sucks. It was a memory hog and was consuming around 400 Mb of swap. It was making it difficult to upgrade clamav, something would break anytime you upgraded. I had a very basic use of amavis, I needed to get rid of it and find a better setup.
Basically, I just wanted to pipe the mails into ClamAV then if no viruses were found, pipe them in SpamAssassin, ideally doing all that from procmail.
And then someone came up with “clamassassin” : http://jameslick.com/clamassassin/
(available in the unstable Debian repository)
clamassassin is a simple virus filter wrapper for ClamAV for use in procmail filters and similiar applications. clamassassin's interface is similiar to that of spamassassin, making it easy to implement for those familiar with that tool. clamassassin is designed with an emphasis on security, robustness and simplicity.
Compile clamassassin as described in the docs.
This is my procmail filter (/etc/postfix/procmail/master.rc) :
SHELL=/bin/sh
DROPPRIVS=YES
LINEBUF=32768
SENDMAILFLAGS="-oi"
SPAMC="/usr/bin/spamc"
FORMAIL="/usr/bin/formail"
FROM="< $1>"
SHIFT=1
# Virus checks
:0fw
| /etc/postfix/clamassassin/clamassassin
# Virus found --> Sent to catchvirus
:0
* ^X-Virus-Status: Yes
! catchvirus@domain.be
# No virus found --> SpamAssassin checks
:0f
|$SPAMC -u spamd -f -s 125000 -U /var/run/spamd.sock
# Spam score 10+ --> email destroyed
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
{
SWITCHRC="/etc/postfix/procmail/killspam.rc"
}
# Spam score 8-10 --> Sent to catchspam with priority low
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*
{
SWITCHRC="/etc/postfix/procmail/logspamlow.rc"
}
# Spam score 6-8 --> Sent to catchspam with priority normal
:0
* ^X-Spam-Level: \*\*\*\*\*\*
{
SWITCHRC="/etc/postfix/procmail/logspamnormal.rc"
}
# Spam score 0-6 --> Delivered tagged if spam score 3+
:0
! -f $FROM "$@"If a virus is found, it is sent to a special mailbox, or the mail continues its way in the procmail filter. Depending on the spam score, the procmail script is switching to another procmail script. Those scripts can be downloaded from this post : Postfix + virtual users/domains : kill or forward spam under SpamAssassin using procmail
I call the procmail script in Postfix by the following placed in master.rc :
procmail unix - n n - 10 pipe
flags=Rq user=filter argv=/usr/bin/procmail -Y -m /etc/postfix/procmail/master.rc ${sender} ${recipient}
192.168.20.3:smtp inet n - y - 10 smtpd
-o content_filter=procmail
-o smtpd_sasl_auth_enable=no
-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_hostname
-o smtpd_client_connection_count_limit=5
-o smtpd_client_connection_rate_limit=5If you want to rewrite subjects, this is an interesting article :
http://john.ellingsworth.org/?p=16
Thanks to mjhall.org for their howto about clamassassin : http://www.mjhall.org/email.php
This is the swap space state, can you guess when I stopped using amavis and switched to clamassassin ?
What is mod_dosevasive ?
mod_dosevasive is an evasive maneuvers module for Apache to provide evasive
action in the event of an HTTP DoS or DDoS attack or brute force attack. It
is also designed to be a detection tool, and can be easily configured to talk
to ipchains, firewalls, routers, and etcetera.
Detection is performed by creating an internal dynamic hash table of IP
Addresses and URIs, and denying any single IP address from any of the following:
- Requesting the same page more than a few times per second
- Making more than 50 concurrent requests on the same child per second
- Making any requests while temporarily blacklisted (on a blocking list)
The issue
Apache by default runs as an unprivileged user.
When using the module dosevasive, you can set it up to trigger a command when a DoS/DDoS/Brute force attack is detected.
This is my config :
mod_dosevasive config :
LoadModule dosevasive20_module modules/mod_dosevasive20.so
<ifmodule mod_dosevasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
# Optional Directives - /usr/share/doc/mod_dosevasive/README for more info
DOSEmailNotify admin@domain.be
DOSWhitelist 192.168.1.*
DOSSystemCommand "sudo /sbin/iptables -A INPUT -s %s -j DROP"
</ifmodule>You can see I set up dosevasive to drop the offending IP’s when the system is triggered.
As we are running apache as an unprivileged user, when need to allow apache to use sudo in order to drop the IP’s with iptables.
Edit the sudoers file :
visudo
Add this :
apache ALL=(ALL) NOPASSWD: /sbin/iptables -A INPUT -s [0-9.]* -j DROP
This would allow apache/mod_dosevasive to drop an offending IP in the firewall.
As I’m not a sudoers regular user, this may not be the best recipe.. If you have a better solution, drop me a line !
Install the package :
yum install ntp
Make a backup of the default config
cp /etc/ntp.conf /etc/ntp.conf.default
Say you need to forward UDP packets between two remote networks securely.
E.g : dns queries from your home machine to your dns servers at work.
You should use a VPN between the networks in order to do so (see : http://www.wains.be/index.php/2008/06/07/routed-openvpn-between-two-subnets-behind-nat-gateways/)
Otherwise, you can use the following way :
rsync -vaz -e ssh user@server.domain.be:/home/user/ /home/user/
Source : user@server.domain.be:/home/user/
Target : /home/user/
-a : archive mode, preserve owner/group and permissions
-v : verbose
-z : compress data during transfer
-e : the remote shell to use
Output :
receiving file list ... done
created directory /home/user
./
28403/
BEXX0014/
28403.xml
error.xml
.
sent 876 bytes received 1294165 bytes 2590082.00 bytes/sec
total size is 1644823 speedup is 1.27
