Technical Zone

Use the right user:group

I have seen Apache installed under many groups and/or users. One of the biggest offenders is the root user. This can lead to some serious issues. Or say both Apache and MySQL are run by the same user/group. If there is a hole in one, it can lead to an attack on the other. The best scenario is to make sure Apache is run as the user and group apache. To make this change, open the httpd.conf file and check the lines that read:
User Group
Change these entries to:
User apache Group apache

Turn off unwanted services

There are a few services and/or features that you will want to turn off or not allow. All of these services can be disabled in the httpd.conf file.

• Directory browsing. This is done within a directory tag (the document root is a good place to start) using the Options directive and is set with “-Indexing”.
  
• Server side Includes. This is another feature that is disabled within a directory tag (using Options directive) and is set with “-Includes”.
  
• CGI execution. Unless your site needs CGI, turn this off. This feature is also set within a directory tag using the Options directive, with “-ExecCGI”.
  
• Symbolic links. Set this inside a (surprise, surprise) directory tag with “-FollowSymLinks”.
  
• None. You can turn off all options (in the same way you set the above) using “None” with the Option directive.
  

Disable unused modules

Apache has a ton of modules. To get an idea how many modules your installation is running, issue the command
(as the root user) grep -n LoadModule httpd.conf from within your Apache configuration directory. This command
will show you every module Apache is loading, along with the line number it falls on. To disable the modules you
don’t need, simply comment them out with a single # character at the beginning of the module line.

Restrict access

You want to deny anyone outside your private network from seeing information. To do this, you can restrict access to your internal network by adding
the following inside a directory tag in your httpd.conf file:
Order Deny, Allow
Deny from all
Allow from 192.168.1.0/16
where 192.168.1.0/16 is the configuration matching your internal network. As with all modifications to the
httpd.conf file, make sure you restart Apache so the changes take effect.

Limit request size

Denial of service attacks are always a possibility when you allow large requests on Apache. Apache has a
directive, LimitRequestBody, that is placed within a Directory tag. The size of your limit will depend upon your
Web site’s needs. By default, LimitRequestBody is set to unlimited.

Immunize httpd.conf

One of the best security measures is to hide your httpd.conf file from prying eyes. If people who shouldn’t see your httpd.conf file can’t see it, they can’t change it.

chattr +i /path/to/httpd.conf
where /path/to/httpd.conf is the path to your Apache configuration file. Now it will be very difficult for anyone to make any changes to httpd.conf.

Cheeeerrrrssssssss

How to install red5 on Linux

Some Cool tips to install red5 on Linux.

Prerequisite
1. Subversion (To checkout latest source from red5)
2. Java – jdk
3. Ant 1.7 – currently not in debian etch repositories so I m compiling it from source.

1) apt-get install subversion (This will install latest subversion package)

2) Install Java developing environment

Download the latest JDK version of Linux from Sun official website. Here we use the version 1.5.0.11 and its downloaded file name is jdk-1_x_x_-linux-i586.bin. (Get the latest java version to get run red5)

Add the executable permission to the file: chmod +x jdk-1_x_x_-linux-i586.bin
Execute the following command to start installation:
./jdk-1_x_x_-linux-i586.bin

According to the reference install information, it recommends the installation path: /usr/java

3) Install Apache Ant Ant 1.7:x
wget http://apache.mirror.transip.nl/ant/binaries/apache-ant-1.7.0-bin.tar.gz
=>tar -zxf apache-ant-1.7.0-bin.tar.gz
=>sudo mv apache-ant-1.7.0 /opt/ant # you dont need this
=>export ANT_HOME=/opt/ant

Input command directly through Terminal:
export JAVA_HOME=/usr/java
export PATH=$PATH:$JAVA_HOME/bin:$ANT_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

Red5

svn co http://svn1.cvsdude.com/osflash/red5/java/server/trunk red5
cd red5
now we have red5 directory containing red5 sources.
next step is compilation

cd red5
/opt/ant/bin/ant prepare
/opt/ant/bin/ant build

now directory “dist” contains compiled and ready to run server

cd dist
sh red5.sh

Run red5 from dist directory other wise it will not run.
red5 should now run http server on port 5080 and rtmp service on port 1935

so lets navigate to:

http://localhost:5080/demos/port_tester.swf

Need any help: Feel free to ask….
pankaj.dangi@gmail.com
Cheeerrrrrsssss

Create a Ubuntu 9.10 Live USB Flash Drive from the running Live CD

In the following tutorial, we explain how we installed Ubuntu 9.10 to a Flash Drive from the running Live CD.
This Ubuntu USB Flash Drive creation process is accomplished using the built in USB Disk Creator.

We did find that Ubuntu 9.10 boots super fast compared to Ubuntu 9.04 Live USB Flash Drive we created using the same process.

Ubuntu 9.10 Desktop Screenshot

Minimum Flash Drive Capacity: 1GB ( but use a 2GB or larger)