sudo apt-get install libapache2-mod-jk sudo cp /usr/share/doc/libapache2-mod-jk/httpd_example_apache2.conf /etc/apache2/conf.d/mod-jk.conf sudo vi /etc/apache2/sites-enabled/000-default (could be different in your case) In your virtual host block add following line: JkMount /hudson* ajp13_worker Note: I am trying to map hudson here.. but app context could be different in your case. (simply replace hudson with your app name) Check for syntax [...]
Saturday, November 22, 2008
Recently, we faced a problem where emails generated from our application were not showing up in AOL inbox(es). We have recently switched to a new machine & I suspected that for new machine mx-records are not set correctly from where I am trying to send the email. We didn’t wanted to change our mx-records as [...]
Also filed in
|
|
Saturday, November 22, 2008
I was trying to download some 150-200 zip files from a http URL by finding each file & clicking on it to download. I soon realized how boring it is using standard download support in browsers. This is something I am supposed to do periodically I know that there are some browser extensions available that [...]
Also filed in
|
|
Thursday, January 18, 2007
Assumption: – eth0 is the external interface (Connected to internet) – eth1 is the internal interface (local network) (Fixed IP) Edit /etc/sysctl.conf to enable ip forwarding permanently. net.ipv4.ip_forward = 1 Edit /etc/sysconfig/iptables-config and make following changes: IPTABLES_MODULES=”ip_conntrack_netbios_ns ip_conntrack ip_conntrack_ftp ip_conntrack_irc iptable_nat ip_nat_ftp ip_nat_irc” IPTABLES_SAVE_ON_STOP=”yes” IPTABLES_SAVE_ON_RESTART=”yes” # To clear out any existing rules and set default [...]
Also filed in
|
|
Linux has a special command (linux single) also known as ‘single-user mode’, which can be entered at the boot prompt during startup of the system. The single-user mode is generally used for system maintenance. You can boot Linux in single-user mode by typing at the LILO boot prompt the following command: LILO: linux single This [...]
Also filed in
|
|
Configure the /etc/exports file with the most restrictive access possible. This means not using wildcards, not allowing root write access, and mounting read-only wherever possible. � Edit the exports file (vi /etc/exports) and add: As an example: /dir/to/export host1.mydomain.com(ro,root_squash) /dir/to/export host2.mydomain.com(ro,root_squash) Where /dir/to/export is the directory you want to export, host1.mydomain.com is the machine allowed [...]
Also filed in
|
|
- Mounting boot partition read only, increases security of kernel. This how you do it in /etc/fstab LABEL=/boot /boot ext2 defaults,ro 1 2 And reload changes # mount /boot -oremount And yes, make it writable when you are planning kernel upgrade. Otherwise new kernel wont be able to enter Other security options in the fstab [...]
Also filed in
|
|
By default, when you login to a Linux machine, it tells you the Linux distribution name, version, kernel version, and the name of the server. This is giving away too much info. We’d rather just prompt users with a “Login:” prompt. To do this, edit the rc.local file (vi /etc/rc.local) and place “#” in front [...]
Also filed in
|
|
To find all files with the ‘s’ bits from root-owned programs, use the command: # find / -type f \( -perm -04000 -o -perm -02000 \) -exec ls -l {} \; software named “sXid�? that will do the job for you automatically each day and report the results via mail. To disable the suid bits [...]
Also filed in
|
|
The password length Edit the passwd file (vi /etc/pam.d/passwd) and remove the following line: password required /lib/security/pam_stack.so service=system-auth Edit the system-auth file (vi /etc/pam.d/system-auth) and remove the lines: password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so Now add the following lines to /etc/pam.d/passwd. We use the PAM “pam_cracklib�? module [...]
Also filed in
|
|
