Yesterday, 13 May 2008, was a really bad day for the Debian project, probably one of the worst days in the history of Debian. Luciano Bello discovered that the random number generator in Debian’s openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.

Systems which are running any of the following releases are affected :

• Debian 4.0 (etch):
  http://www.debian.org/security/2008/dsa-1571
• Ubuntu 7.04 (Feisty), 7.10 (Gutsy), 8.04 LTS (Hardy):
  http://www.ubuntu.com/usn/usn-612-1
• and other debian etch based distros.

Read the rest of this entry »

This article will show how you can rebuild any debian package. You might need to rebuild a package for various reasons: add/remove some compilation options, make some changes to the sources, or compile a newer version from testing/sid into stable, etc. Regardless of your reason, this can be done very easy using debian tools.

First you will need to have some basic debian building tools installed:
apt-get install devscripts build-essential Read the rest of this entry »

This document describes how to install and use sshfs, a FUSE based filesystem that uses SSH to mount remote folders. Since it is based on FUSE (userspace filesystem framework for Linux) your kernel will need to have the fuse module available. FUSE is included in kernel newer than 2.6.14, so I will assume that you will have it already included in your kernel.

Read the rest of this entry »

Anyone coming from the “sendmail world” to postfix will notice immediately the care taken by postfix developers to make the transition as easy as possible. The same commands you would be used to, like for ex. mailq, newaliases, are working in postfix also.

The newaliases command works on postfix as expected, rebuilding the aliases database:
newaliases

Read the rest of this entry »

This article will explain how you can install the latest memcached daemon (including the libevent library) on a linux system. The only prerequisite for memcached is libevent so we will have to install this first.

Note: the output of the commands in this article are taken from a Debian Etch system. They should work on any recent linux distribution, but depending from your version you might need to make some changes. The versions of memcached and libevent used in this article are the latest stable one existing at the time this was written. Check the download pages bellow, and if newer versions exists you will probably want to use them. Read the rest of this entry »

Applies: apache 1.3.x / apache 2.0.x
Required apache module: -
Scope: global server configuration
Type: security

Description: How to disable the HTTP TRACE method on recent apache versions.

Most vulnerability scanners (like the popular nessus, but commercial ones also) will complain (normally as a low thread or warning level) about TRACE method being enabled on the web server tested.

Read the rest of this entry »

This article will show how we can install updated versions for memcached (and libevent) for Debian Etch, by backporting the packages from debian testing. Why would we want to do this? Because the versions shipped with Etch are old, and accordingly to the software creators should not be used as the new versions provide much better performance and reliability:
libevent: version in etch: 1.1a (released on 2005-06-12).
memcached: version in etch: 1.1.12 (released on 2005-04-04)
Read the rest of this entry »

ldirectord is a daemon to monitor and administer real servers in a LVS cluster of load balanced virtual servers. ldirectord is typically used as a resource for heartbeat , but can also run standalone from the command line.

ldirectord monitors the health of the real servers by periodically running a service check (by default it will know how to check ftp|smtp|http|pop|pops|nntp|imap|imaps|ldap|https|dns|mysql|pgsql|sip) and if a real server fails to respond for the check, then the server is removed from service and will be reactivated once it comes back on line.

Read the rest of this entry »

I am using on several projects memcached and on the application side the php memcached module. This can be installed as any pear/pecl module, or from source by downloading the source .tgz and running the classic phpize; ./configure; make; make install; While trying to upgrade the memcached module to the latest version available 2.1.2 I encoutered a problem, receiving an error during the compile step:
“configure: error: Cannot find php_session.h”

Read the rest of this entry »

imagick is a native php-extension that provides a wrapper to the ImageMagick / GraphicsMagick library. You need the ImageMagick libraries from www.imagemagick.org or GraphicsMagick libraries from www.graphicsmagick.org to get it running. ImageMagick 6 support is EXPERIMENTAL.

Note: I am aware of another php module implementing Imagemagick functions (MagickWand for PHP from imagemagick developers) but for my project this was not a solution and I just needed a functional version of imagick module running on top of Debian Etch (with apache 2.2.3 and php 5.2).

The reason for my previous post “Install ImageMagick 5.5.7 on Debian” was to prepare the installation of the imagick php module, so once we have installed ImageMagick 5 from source we can proceed with the php module installation. The actual installation is very simple and anyone that has previously installed php extensions will see no difference (the only special thing was to build it against the ImageMagick 5 we installed previously).

Read the rest of this entry »