Linux
« Previous EntriesRootkit Hunters
Wednesday, February 10th, 2010A few resources for finding rootkits: Linux: Rootkit Hunter Chkrootkit Windows: RootkitRevealer
Cool one-line report…
Monday, July 13th, 2009sudo grep “GET https://www.miroguide.com/ HTTP/1.1″ /var/log/squid/access.log | grep “\”Miro/” | sed ‘s/^.*”-” “//g’ | sed ‘s/ .*$//g’ | grep Miro | sort | uniq -c The sort | uniq -c being the good part. It parsed 625,000 entries in the log to make this useful (to the person who asked for it) report: 2 Miro/0.9.8 [...]
Squid handling http –> https redirects
Friday, May 29th, 2009In configuring Squid to handle both our port 80 and 443 traffic, we have the issue that we can use redirects at the webserver level to redirect certain pages to https:// . So this is handled in Squid. First, make a simple script. There’s a possibility another redirector like Squirm might do a better job, [...]
Lighttpd, virtual hosts, alternative ports
Friday, May 29th, 2009In the configuration of our new server, all ports 80 and 443 traffic is handled by Squid as a reverse proxy. 8080 is the “backdoor” that bypasses Squid and hits Lighttpd directly. But the standard format of a Lighttpd virtual host entry doesn’t recognize alternate ports appended after the tld. Not a big deal, this [...]
Lighttpd, virtual hosts, and wildcard domains
Friday, May 29th, 2009So we’re setting up mirocommunity.com, and I don’t want to be hassled continously to create new hostnames in DNS. To avoid that, it’s a simple wildcard entry like this in the appropriate named database: *.mirocommunity.com. IN CNAME mirocommunity.com. Which directs everything to our server. Now our server hosts multiple sites via host entries, so we [...]
Installing Squid to handle both 80 and 443
Tuesday, May 26th, 2009This outlines configuring Squid, running two instances, to handle both port 80 and 443 traffic on an Amazon EC2 instance running Ubuntu Jaunty. We can bypass Squid by going directly to Lighttpd on port 8080. To answer a couple questions off the top, you should also read my post on how to configure http –> [...]
Optimizing Website integration with Amazon’s S3 Service
Saturday, February 28th, 2009At Participatory Culture Foundation we use Amazon’s S3 Service to host our static content — css, js, and images. This accomplishes two things — it improves the performance for our visitors since Amazon has faster performance and reliability then we can afford on our own servers, and it does so at a lower cost. In [...]
Passwords and Data Mining
Friday, February 27th, 2009I believe the working assumption must be we’re under a persistent, long term attack by organized groups. This is not just organized crime, but I suspect organized criminal groups that are tolerated by states like Russia and China if not outright state sponsored. It’s not just those old “boogey men” either — there are many [...]
NTP Configuration
Thursday, January 24th, 20081) Install ntpd if not already there. Link it to your default startup directory. ln -s /etc/init.d/ntpd /etc/rc3.d/S99ntpd 2) /etc/ntp/step-tickers: time.nist.gov pool.ntp.org 3) In /etc/sysconfig/iptables open up the port: # NTP is only accessible via the Gig Backbone: -A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 123 -s 192.168.1.0/0 -j ACCEPT 4) [...]
My Favorite Commands…
Friday, October 5th, 2007Some of the command constructs I love but don’t always remember off the top of my head: Recursively search for a text string, and provide the file path and name. sudo find ./ -exec grep “http://litmus.mozilla.org” {} \ ls -l {} \; 2> /dev/null Recursively add files to svn: svn status | grep “\?” | awk ‘{print [...]
« Previous Entries