This week the Debian project has announced that the next stable release will be available in December 2006 and will be named Debian GNU/Linux 4.0 alias ‘etch‘. This is great news for the Debian fans that are using the stable release, meaning they will not have to wait 3 years as they did for Sarge to see a new Debian stable release. As Sarge is now one year old (released on 6th of June, 2005) this means that after one year and 6 months we will have a new stable Debian release… This is possible probably because there will not be major changes as in Sarge (where we had the migration from kernel 2.4 to 2.6), and you can see the major changes as presented in the official announce:

“July 24th, 2006

The Debian project confirms December 2006 as the date for the next release of its distribution which will be named Debian GNU/Linux 4.0 alias ‘etch’. This will be the first official release to include the AMD64 architecture. The distribution will be released synchronously for 11 architectures in total.

At this stage, the upcoming release will ship with Linux 2.6.17 as its default kernel. This kernel will be used across all architectures and on the installer. A later version may be selected during a review in October.

New features of this release include the GNU Compiler Collection 4.1 as default compiler. X.Org will replace XFree86 as implementation of the X Window System X11. Secure APT will add extra security by easily supporting strong cryptography and digital signatures to validate downloaded packages.”

Source: http://www.debian.org/News/2006/20060724

If you are using CPanel you already know that its mail server (exim) uses a mechanism to allow pop-before-smtp relaying for sending outgoing emails. The IPs allowed to relay on the server are added dynamically to the file /etc/relayhosts by the antirelayd daemon.

Read the rest of this entry »

When we setup an FTP server software (regardless if this is proftpd, vsftpd, etc.) we might face a dilemma: we want to restrict the access that ftp users will have (limited access to files normally in their own home directory) but also we want to allow them access to another folder that is normally in a different location (like development files for whatever work they are doing).

Read the rest of this entry »

In this post I will present a little story of what happened to me today. As I was working to upgrade the kernel on one server (remote of course), something very funny (at least if I look at it now) happened. When upgrading a kernel on a remote server there is always a chance (even if you are very experienced and done this several times, still there is a small chance) that something will not work as expected and when rebooting the system to no have it back online. Even though I have a good experience on doing this and I can’t remember since I have ‘lost’ a system when upgrading its kernel, I am always very careful when doing this.

Read the rest of this entry »

We need more and more powerful hardware for the most demanding applications and for the increasing number of users served. Even so most of the big datacenters will not offer (at least in their standard offer) the top hardware systems that are available to date. Why? well because this might not be economical (they will get their investment in purchasing the server hardware in too much time), or they might have established ongoing deals with hardware manufactures for a high lot of servers (that they received the proper discount of course) and want to finish them first.

Read the rest of this entry »

Applies: apache 1.3.x / apache 2.0.x
Required apache module: mod_access
Scope: global server configuration, virtual host, directory, .htaccess
Type: security

Description: How to deny access to certain file types.
Useful: to deny access to certain files that contain private information (log files, source code, password files, etc.).
Read the rest of this entry »

Probably everyone has seen by now links like “Digg”, “Digg it”, “Digg Story”, on various sites. This will probably change in the future, after the announcement of the new features supported by the Digg API we will see many sites showing on their own pages the cool Digg story button. This is probably one of the most requested features and there were some attempts to use javascript to blend the Digg ranking on a site to overcome this.
The moment I have seen the blog entry by Kevin posted on the official Digg blog, I rushed to test it out.

Read the rest of this entry »

I just stumbled over this very interesting tool:
Page Strength from SEOmoz.
Here is some short info about it:

Goals & Limitations:
“SEOmoz’s Page Strength tool is intended to serve as an alternative to Google’s PageRank score in the toolbar, offering insight into how valuable, important and popular a site or page is as compared to others on the web. If a particular page is on a very popular domain, it may be considered more important than if it’s on a domain that doesn’t receive much attention and, likewise, the homepage (or root URL) of a domain will often be considerably more popular/important than an internal page buried deep in the site’s architecture. In many cases, data may not be entirely accurate, as the search engines and other sources that provide information fluctuate.” Read the rest of this entry »

Every sysadmin will try its best to secure the system/s he is managing. Hopefully you never had to restore your own system from a compromise and you will not have to do this in the future. Working on several projects to restore a compromised Linux system for various clients, I have developed a set of rules that others might find useful in similar situations. The type of hacks encountered can be very variate and you might see very different ones than the one I will present, or I have seen live, but even so, this rules might be used as a starting point to develop your own recovery plan.

Read the rest of this entry »

CPanel has included support for MySQL 5 in all its latest releases - 10.8.2-xxx – (Stable/Release/Current). I find this very cool and it is a big difference in trying to get MySQL4 to run on Plesk for example. Anyway the upgrade process is very simple, and probably no one will need any additional information to complete this safely. I just wanted to point out some of the problems you might encounter in performing this upgrade.
Read the rest of this entry »