PUBLIC MARKS with tags web & linux

GreenSQL (or greensql-fw) is a firewall for MySQL databases that filters SQL injection attacks. It works as a reverse proxy, i.e., it takes the SQL queries, checks them, passes them on to the MySQL database and delivers back the result from the MySQL database. It comes with a web interface (called greensql-console) so that you can manage GreenSQL through a web browser. This guide shows how you can install GreenSQL and its web interface on a Debian Etch server.

Many times, you want to execute a command not only on one server, but also on several servers. For example, find out * Version of kernel * Version of Apache web server * Update static html or images files on all web servers via rsync * Find out user information, server information, memory usage etc * Security/patch checking tentakel I have already covered how to execute commands on multiple Linux or UNIX servers via shell script. The disadvantage of script is commands do not run in parallel on all servers. However, several tools exist to automate this procedure in parallel. With the help of tool called tentakel, you run distributed command execution. It is a program for executing the same command on many hosts in parallel using ssh (it supports other methods too). Main advantage is you can create several sets of servers according requirements. For example webserver group, mail server group, home servers group etc. The command is executed in parallel on all servers in this group (time saving). By default, every result is printed to stdout (screen). The output format can be defined for each group.

CrossOver Chromium is a Mac and Linux port of the open source Chromium web browser. CrossOver Chromium is available for download from CodeWeavers, free of charge.

This article explains how you can install and configure apache2-mpm-peruser on a Debian Etch server. apache2-mpm-peruser is an MPM (Multi-Processing Module) for the Apache 2 web server, very similar to apache2-mpm-itk, but faster (almost as fast as apache2-mpm-prefork). mpm-peruser allows you to run each of your vhosts under a separate UID and GID - in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts. It is based on metuxmpm, a working implementation of the perchild MPM. The result is a sane and secure web server environment for your users, without kludges like PHP's safe_mode.

This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Opsview is enterprise network and application monitoring software designed for scalability, flexibility and ease of use. Opsview has been in development since 2003 and is released under the GNU GPL license. Current version is 2.12. Opsview is a fully integrated monitoring tool that incorporates popular Open Source software including Nagios, Net-SNMP and RRDtool. The Catalyst web framework provides an extensible monitoring and configuration user interface. Opsview software is supported on Linux (Debian, CentOS, RHEL and Ubuntu) and Solaris 10. It will monitor all common operating systems including Windows. Opsview extends the capabilities of Nagios in the following ways: * Distributed monitoring with high availability and fail-over * Much improved SNMP support with trap processing with rules engine * API supporting automation of Opsview configuration * Data warehouse for storage of historical performance and event data * Opsview Reports customisable reporting * Powerful configuration and management UI * Extended monitoring UI * Extensible architecture based on Catalyst Web Framework and Altinity middleware software

rowsershots is a web application that offers the fastest way to check your web design in different browsers – it does so in less than 10 minutes and eliminates the need to jump from one operating system to the other. This web application takes thumbnails of webpages on the Linux, BSD, Windows and Mac platforms and deploys over 50 different browser including Firefox, Internet Explorer, Konqueror, Opera, Navigator, Safari – and many other unknown browsers.

This tutorial shows how to set up a two-node Apache web server cluster that provides high-availability. In front of the Apache cluster we create a load balancer that splits up incoming requests between the two Apache nodes. Because we do not want the load balancer to become another "Single Point Of Failure", we must provide high-availability for the load balancer, too. Therefore our load balancer will in fact consist out of two load balancer nodes that monitor each other using heartbeat, and if one load balancer fails, the other takes over silently.

First and foremost, be prepared to have some patience when trying to get a USB cam to work under Linux. In trying to get mine to work, I searched many a newsgroup thread only to find there was only one message in the thread, the original question stating the problem. i.e. no one had an answer for the person who posted the question so you may be on your own trying to get your cam to work. Often times the same camera model will use different drivers for different sub-models (ex: not all QuickCam Express sub-models use the same driver). However, my trials and tribulations were a good learning experience and I'll share what I learned here to hopefully make your setup easier.

In this HowTo, I will explain how you can secure your network from virus and other malware, by installing ClamAV and integrating it with SafeSquid, to scan all in-coming content for virus, and block all infected content at the HTTP Gateway, even before it enters your network. Virus Security In SafeSquid SafeSquid has built-in connectivity to various daemon based anti virus software like ClamAV, Sophos, Avast, F-Prot, NOD32 and Kaspersky. It also has a universal ICAP (Internet Content Adaptation Protocol) client that can be used to connect to ICAP based security software like Dr.Web ICAP, Kaspersky Antivirus for Proxy Server, Trend Micro InterScan Web Security and Symantec Scan Engine. You can even use multiple anti virus software with SafeSquid to simultaneously scan in-coming content. This does not cause any significant latency, since SafeSquid has a multi-threaded architecture.

Dans cet article, nous allons étudier la mise en place d’un proxy http antivirus : HAVP (http://www.server-side.de). Chacune des pages web demandées par un client est analysée par un antivirus. L’antivirus peut être au choix Clamav, F-prot ou Kaspersky. De plus, HAVP sait parfaitement travailler avec Squid au cas où vous souhaiteriez continuer de l’utiliser. Nous verrons premièrement comment installer l’antivirus utilisé par HAVP. Deuxièmement, comment installer HAVP et les modifications à effectuer pour le faire fonctionner. Enfin, nous verrons des exemples de configuration d’HAVP : * Seul ; * Seul en proxy transparent ; * Et les deux moyens différents de l’utiliser conjointement avec Squid.

In this tutorial I will describe how to install and configure mod_cband on an Apache2 web server. mod_cband is an Apache 2 module which provides bandwidth quota and throttling. It solves the problem of limiting users' and virtualhosts' bandwidth usage. The current version can set virtualhosts' and users' bandwidth quotas, maximal download speed, requests-per-second speed and the maximal number of simultanous IP connections.

This article explains how to set up a two-node load balancer in an active/passive configuration with HAProxy and heartbeat on Debian Etch. The load balancer sits between the user and two (or more) backend Apache web servers that hold the same content. Not only does the load balancer distribute the requests to the two backend Apache servers, it also checks the health of the backend servers. If one of them is down, all requests will automatically be redirected to the remaining backend server. In addition to that, the two load balancer nodes monitor each other using heartbeat, and if the master fails, the slave becomes the master, which means the users will not notice any disruption of the service. HAProxy is session-aware, which means you can use it with any web application that makes use of sessions (such as forums, shopping carts, etc.). From the HAProxy web site: "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net."

Lighttpd is a secure, fast, standards-compliant web server designed for speed-critical environments. This tutorial shows how you can install Lighttpd on a Debian Etch server with PHP5 support (through FastCGI) and MySQL support.

Munin the monitoring tool surveys all your computers and remembers what it saw. It presents all the information in graphs through a web interface. Its emphasis is on plug and play capabilities. After completing a installation a high number of monitoring plugins will be playing with no more effort. Using Munin you can easily monitor the performance of your computers, networks, SANs, applications, weather measurements and whatever comes to mind. It makes it easy to determine "what's different today" when a performance problem crops up. It makes it easy to see how you're doing capacity-wise on any resources.