syslog.tv is now HTTPS enabled

0
December 24, 2011
by Kura in
https://syslog.tv/

 

I finally stopped being lazy and decided to create an HTTPS version of this blog. I know it's not at all required but I decided it could/would be a good thing to do anyway.

For now due to the blog software being crappy it's showing an invalid certificate due to including resources that are not secured - I'll work on fixing that.

syslog.tv is now IPv6 enabled

0
December 19, 2011
by Kura in

Wanted to do this back in June for World IPv6 Day but Linode didn't support IPv6 in it's London data centre.

It's IPv6 address is: 2a01:7e00::f03c:91ff:fe93:505a

Running your own PGP keyserver with SKS on Debian 6/Ubuntu 10.04

0
December 17, 2011
by Kura in , ,

Commands prefixed with # need to be run as a sudo or root.

Installation

To install we need to run the following command:

# apt-get install -y sks

Now we build the key database:

# sks build

And change the permissions for the sks user:

# chown -R debian-sks:debian-sks /var/lib/sks/DB

Next we need to make sks start from init, open up /etc/default/sks in your favourite editor and initstart to look like below:

initstart=yes

Now we can start the service with:

# /etc/init.d/sks start

Your keyserver will now be up and running on port 11371.

Web interface

We'll need to create a web folder within sks More >

Host git repositories with git, gitosis and gitweb on Debian 6/Ubuntu 10.04

5
December 17, 2011
by Kura in , ,
Installation

First up we'll need to install git and some Python tools to get Gitosis installed.

Where # is used it means you need to either run the command as a superuser with sudo or as root.

# apt-get install -y git-core gitweb python-setuptools

Next we have to clone gitosis from it's git repository and install it.

cd /tmp

git clone git://eagain.net/gitosis.git

cd gitosis

# python setup.py install

Adding your git user

# adduser --system --shell /bin/sh --gecos 'git version control' --group --disabled-password --home /home/git git

The above command creates a new system user with /bin/sh as More >

Rebooting on OOM

2
October 25, 2011
by Kura in , ,

I would generally not advise using this unless you have skill at debugging why OOM has spawned and also debugging kernel panics after they happen, from logs.

It is possible to configure your kernel to panic when OOM is spawned, which in itself is not useful but, coupled with a kernel option for auto-rebooting a system when the kernel panics it can be a very useful tool.

Think before implementing this and use at your own risk, I take zero responsibility for you using this.

sysctl vm.panic_on_oom=1

sysctl kernel.panic=X # X is the amount of seconds to wait before rebooting

DO NOT FORGET TO More >

Nagios3 + MK Livestatus + xinetd on Debian 6/Ubuntu

0
October 13, 2011
by Kura in , , , ,
Preparation

First we need to make sure we have all the stuff we need to compile mk livestatus and run it

apt-get install make build-essential xinetd ucspi-unix

MK Livestatus

Grab the mk livestatus source from here, currently it's version 1.1.10p3 but update the commands below to match your version.

wget http://mathias-kettner.de/download/mk-livestatus-1.1.10p3.tar.gz

tar -xvzf mk-livestatus-1.1.10p3.tar.gz

cd mk-livestatus-1.1.10p3

./configure

make && make install

Xinetd

Now that it's compiled we need to write a xinetd config for it, create a new file called /etc/xinetd.d/livestatus and put More >

nginx config for reverse proxying WordPress & WP Super Cache and keeping the load off Apache2

0
September 30, 2011
by Kura in ,
The point

The whole point of this is to get as much load off of Apache as possible to keep the server running nice and smoothly.

Configuration

The configuration below will mean that nginx will serve basically everything;

  • static files
  • uploaded files and
  • cached content
simply replace the VARIABLES below and everything should be good to go, if copy-pasting from below isn't working properly you can download a full copy from here.

server {

listen 80; server_name DOMAIN_HERE;access_log /var/log/nginx/access.DOMAIN_HERE.log;

gzip on; gzip_disable msie6; # disable gzip for IE6 gzip_static More >

Load balancing HTTP/HTTPS with Pound on Debian 6/Ubuntu

0
September 29, 2011
by Kura in , , ,

Pound is a great little load balancer, it's fast, opensource and supports SSL termination, which is great!

Install

apt-get install pound

Configuration

The default configuration should be pretty good for most purposes, but feel free to tweak as you require.

HTTP

We'll first look at load balancing HTTP, in case you don't want or need HTTPS load balancing.

We'll need delete all the content within ListenHTTP  block, once done it should look like this

ListenHTTP

End

Now we add an address and port to listen on and finally a line to remove an HTTP header

ListenHTTP

Address 0.0.0.0 # all More >

Postfix spam protection with greylisting using Postgrey on Debian 6/Ubuntu

2
September 24, 2011
by Kura in , , ,

A simple yet effective method for protecting your mail server from spam is to use greylisting. In simple terms, when an email is received the server will temporarily reject it with a 450 response code claiming that the server is busy, the sending server should then attempt to try to deliver at a later point in time, if enough time has passed the recipient server will then accept the incoming mail and whitelist the send address for a period of time.

This is effective because most spam servers are configured not to retry the send whereas real mail servers generally will retry. This sadly does More >

Postfix spam protection with blacklists

0
September 24, 2011
by Kura in , ,

This really should be quite a quick and simple post.

I use several tools to protect my mail servers from spam, the most effective of these I've found is using external lists in conjunction with reject_rbl_client and reject_rhsbl_client. (more...)

Go to Top