Make an Apache2 SSL server more secure June 3, 2015
Antre du Tryphon
Search

Make an Apache2 SSL server more secure

June 3, 2015 · admin Unix Ubuntu Linux Debian apache
These easy steps will improve significantly the security of your Apache2 SSL server. Edit your /etc/apache2/mods-enabled/ssl.conf file and replace the SSLProtocol, SSLCipherSuite and SSLHonorCipherOrder parameters with the following values. SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3

Installing memcached to use it with php

Installing Memcached with php support in Ubuntu is a matter of a few steps: sudo apt-get install memcached php5-memcached sudo service apache2 restart You can test if memcached is active by running this command: echo "stats settings" | nc localhost 11211 You will end up with a response like this one: > STAT maxbytes 67108864 > STAT maxconns 1024 > STAT tcpport 11211 > STAT udpport 11211 > STAT inter 127.0.0.1 > ... > STAT item\_size\_max 1048576 > STAT maxconns\_fast no > STAT hashpower\_init 0 > STAT slab\_reassign no > STAT slab\_automove 0 > END

Issues after upgrading to Ubuntu 14.04.1

September 7, 2014 · admin Unix Ubuntu Ubuntu 14.04
After upgrading to Ubuntu 14.04.01, I ran into two issues: One with Apache2 and one with Samba 4. Apache has been upgraded from 2.2.22 to 2.4.7. The content was no longer accessible. The site configuration directives Order, Allow and Deny such as Order allow,deny Allow from all are now replaced with the Require directive. Detailed information can be found at Apache Module mod\_authz\_core. Samba has been upgraded from version 3.6.3 to 4.1.6. The "valid users" behavior changed. It works if the user given in the "force user" directive is listed in the "valid users". For example, datacloud has to be listed in the "valid users". valid users = ctheroux,datacloud force user = datacloud

How to rename a user in Linux

Simply issue this command: usermod -m -d /home/new-account-name -l new-account-name old-account-name It creates the home directory if it does not exists. It also copy the stuff of the old user into the new user account.

How to use the command line to make the internal speaker beep

Two simple steps: Install the beep utility. Executing beep on the command line will make the internal speaker beep. apt-get install beep Add pcspkr to /etc/modules to load it at boot time. You can load it manually by executing modprobe pcspkr

How to prevent SSHD to listen on an address family

It is possible to control on which address family sshd will listen to. In /etc/ssh/sshd\_config, simply add AddressFamily any to listen to IPv4 and IPv6 addresses. This is the default. Alternatively, add one of these to listen only to IPv4 (inet) or IPv6 (inet6) respectively. AddressFamily inet AddressFamily inet6

How to assign a static IP address in Ubuntu

February 23, 2014 · admin Ubuntu 11.10 Unix Ubuntu 11.04 Ubuntu Linux Ubuntu 12.04
Setting a static IP address in Ubuntu involves editing /etc/network/interfaces. If the interface is currently using DHCP, you will find these lines in the file. auto lan iface lan inet dhcp You will have to replace the above lines with a section that looks like: auto lan iface lan inet static address 192.168.1.80 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.200 dns-nameservers 8.8.8.8 Make the changes effective by either rebooting or by issuing this command: sudo /etc/init.d/networking restart

How to change the network interface name in Ubuntu 12/13

February 22, 2014 · admin Unix Ubuntu Linux Ubuntu 12.04
Two files need to be modified to change the name of a network interface in Ubuntu. For example, if you want to change eth0 for lan, simply change the NAME attribute from eth0 to lan in these files and reboot. Do not modify the KERNEL attribute. /etc/udev/rules.d/70-persistent-net.rules /etc/network/interfaces

How to find duplicate files on Linux?

It is pretty straight forward in Linux, install fdupes. sudo apt-get install fdupes Type the following command to display the documentation man fdupes

Accessing a serial port from a web server

On most Linux distribution, it is impossible to access a serial port (ex. /dev/ttyS0) from a web server such as Apache or lighttpd using a cgi. Simply add the user under which the web server runs (www-data for example) to the group dialout. To do so, use vigr from the command line and add the user on the dialout group line. Such a line will typically look like: