Apache DDoS prevention

nano httpd.conf (common_noport.conf)

LoadModule reqtimeout_module modules/mod_reqtimeout.so
#
RequestReadTimeout header=10-20,MinRate=500 body=20,MinRate=500

Posted in wrk | Leave a comment

.htaccess

Allow all

cat .htaccess
order deny,allow
deny from all
allow from all
AuthType None
Require all granted
Satisfy Any

Authfile

cat ../status/.htaccess
AuthType Basic
AuthName “Restricted Content”
AuthUserFile /var/www/html/status/.htpasswd
Require valid-user

httpd.conf

<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

 

Posted in wrk | Leave a comment

SSL Secure

SSLEngine on

SSLProtocol all -TLSv1 -TLSv1.1 -SSLv2 -SSLv3

#SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLCipherSuite HIGH:!MD5:!3DES:!aNULL
SSLHonorCipherOrder on
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* – [F]
Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains; preload”

 

Posted in wrk | Leave a comment

Apahce Indexes

<Directory /var/www/domain.com/pdfs>
Options Indexes FollowSymLinks
</Directory>

Posted in wrk | Leave a comment

Find context

grep -rnw '/path/to/somewhere/' -e "pattern"
Posted in Uncategorized | Leave a comment

git ignore file localy

git update-index –assume-unchanged includes/common_noport.conf

Posted in wrk | Leave a comment

NTP from scratch

On RHEL 5 the thing to do is this:
awk ‘/^server/ || /^peer/ {print $2}’ /etc/ntp.conf | grep -v ‘127.127.1.0’ > /etc/ntp/step-tickers
chkconfig ntpd on

On RHEL 6:
chkconfig ntpdate on

On RHEL 7:
systemctl enable ntpdate.service

Posted in wrk | Leave a comment

Solar tmp magic!

This example shows how I grew the 2GB mounted /tmp to 3GB on a Solaris 10 5/09 u7 SPARC system. Please, don’t try this in your system.

If you don’t listen to me then keep in mind that the HEXA numbers might differ on your system.

#1. Get the relevant info of the /tmp

# df -h /tmp
Filesystem size used avail capacity Mounted on
swap 2.0G 272K 2.0G 1% /tmp

# echo “::fsinfo” | mdb -k | egrep “VFSP|/tmp”
VFSP FS MOUNT
000003000f46d840 tmpfs /tmp

# Get the address of the tm_anonmax to set its value.
# echo “000003000f46d840::print vfs_t vfs_data | ::print -ta struct tmount tm_anonmax” | mdb -k
3000f488d00 tm_anonmax = 0x40000
// Address and the currrent value of the tm_anonmax

### 2. Set the new value
# echo “3000f488d00/Z 0x60000″ | mdb -kw
0x3000f488d00: 0x40000 = 0x60000
NOTE: the 0x60000 is 384KB -> 384KB * 8KB = 3072MB = 3GB.

### 3. Check if it’s set.
# echo “3000f488d00/J” | mdb -k
0x3000f488d00: 60000
OR
# echo “3000f46d840::print vfs_t vfs_data | ::print struct tmount tm_anonmax” | mdb -k
tm_anonmax = 0x60000

### 4. Check if it’s working or not.
# df -h /tmp
Filesystem size used avail capacity Mounted on
swap 3.0G 272K 3.0G 1% /tmp

Posted in Uncategorized | Leave a comment

Joomla Direct Links

edit vhost.conf

try_files $uri $uri/ /index.php?q=$uri&$args;
error_page 404 = @joomla;
}

location @joomla {
rewrite ^(.*)$ /index.php?q=$1 last;
}

Posted in wrk | Leave a comment

SNMP interface

Source: net-snmp
< agentAddress udp:0.0.0.0:161 < #udp:127.0.0.1:161 < sysServices 78 --- > sysServices 72
rocommunity public default
#-V systemonly

Posted in Uncategorized | Leave a comment