Computer users with dynamic IP addresses often have to contend with the reality that their internet identity can literally change without warning. For average Internet use, this is not a problem, but if you ever need to host something from home (even a private server that only gives you password access), you will need some support for dynamic DNS.

Dynamic DNS notifies the user’s domain that the IP address has been changed and needs to be updated. When someone remotely connects to the domain, they will get the right computer, even if the IP address changes regularly. The Linux command called nsupdate is a utility that allows the user to update a DNS zone without having to manually edit the zone file.

“nsupdate is a fantastic little utility that enable quick and secure DNS zone updates. Setup is quick and painless, and use is fairly intuitive for anyone remotely familiar with DNS, and skilled enough to admin their own Linux system.”

Read the full article
Photo Source: Flickr

Continue reading: The nsupdate for dynamic DNS

There are many security factors you should consider when deploying Linux-based virtual private servers (VPS) on systems such as OpenVZ. Some protect your users and some protect your server as a whole. Here are five steps you can take to make sure your server is secure:

1. Disable the root password on the real server. Users may decide to use root passwords on their VPS systems, but do not make it easy for attackers to get past them to the real system.

2. Create a user designed just for admin tasks and give it “sudo” rights.

3. Create an ssh user to handle any remote logins and an sftp user for uploads to the real server. Disable remote access for all other users.

4. Run OpenSSH on a port other than the default 22. You can use 2222 or something else.

5. Rely on SSH keys for the two secure users and disable clear password authentication.

Photo Source: Flickr

Continue reading: 5 Security tips for virtual private servers

Web server administrators should take notice of a “severe” vulnerability that computer scientists have discovered in OpenSSL, the free and open source encryption software package for Linux and Unix-like systems.

The bug is in OpenSSL’s cryptographic library and vulnerability allows attackers to retrieve a server’s cryptographic key, leaving any secure transactions, such as banking and sales, exposed to the attacker. Hundreds of thousands (perhaps even millions) of businesses, banks, and other enterprise-level institutions depend on SSL encryption security, particularly that of OpenSSL.

Those who discovered it said that the attack is difficult to execute, but administrators should still be cautious. An OpenSSL spokesperson said that they are already working on a solution and will release a patch for the software. Furthermore, an attack requires access to the power source of the device, making it unlikely that an attacker could exploit a server, since most attack remotely.

Source: The Register
Photo: Ivan Petrov

Continue reading: Severe OpenSSL security vulnerability announced

Question: I want to setup my own server. What software and tools will I need?

Answer: The first major decision to make after you have purchased server hardware is what operating system to use. Many servers come with one already, but if yours does not, you will need to decide on one. Linux or other Unix variants, such as BSD or Solaris are by far the most popular, but there are also many Windows servers out there. If you are on a limited budget, go with a free Linux distribution, such as CentOS.

The next thing to choose is the web server. Choices include Apache, Nginx, and Lighttpd. After that, you will probably one a database server such as MySQL or PostgreSQL Finally, you will want a web-based control panel. Depending on the one you choose, it might also install its own versions of Apache, PHP, and MySQL.

There are many control panel solutions on the market, and most of them are commercial. Popular control panels includ cPanel and Plesk. There are also free solutions available like Virtualmin. Decide what you need for whatever type of websites you plan to have and then choose the software that meets those needs.

Photo: Flickr

Continue reading: New server setup

OpenVZ is a free and open source virtualization solution for Linux. Here is an easy guide to installing OpenVZ on Redhat Enterprise Linux, CentOS, or Fedora.

Note: It is recommended that you use an ext2 or ext3 file system if you want per-container disk quota.

1. Add the OpenVZ YUM repository:

# cd /etc/yum.repos.d
# wget http://download.openvz.org/openvz.repo
# rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

2. Find out which kernel version you need and install it:

# yum install ovzkernel[-flavor]

3. Change the new GRUB bootloader lines created when you installed the kernel to look something like this in /boot/grub/grub.conf:

title OpenVZ (2.6.8-022stab029.1)
root (hd0,0)
kernel /vmlinuz-2.6.8-022stab029.1 ro root=/dev/sda5
initrd /initrd-2.6.8-022stab029.1.img

That’s it! You now have OpenVZ installed. Visit the OpenVZ wiki for more information about configuring your new installation.

Source: OpenVZ Quick Installation

Continue reading: How to install OpenVZ with yum

Problem: Apache HTTP Server on a web hosting system will undoubtedly run multiple virtual hosts. Each of those virtual hosts logs its activity in a separate location making it impossible to effectively monitor each log and each virtual host for errors or security issues.

Solution: Use mod_status to monitor Apache’s activities. This module for Apache allows the system administrator to have real-time viewing of all of the web server’s activity. It is part of the default Apache 2 package on many Linux systems, and you can enable it by doing the following:

1. Make sure you have mod_info module loaded:

a2nmod info

Continue reading: Monitor Apache web server with mod_status

In Linux umask, or user file-creation mode mask, determines the permissions of new files. In other words, whenever you make a new file or upload/transfer a file from your local machine or another server, umask sets the initial permissions of that file.

In most Linux distributions, umask for all users is set in /etc/bashrc or /etc/profile. It uses a four digit code to determine the permissions. The default umask is 0002, which sets default directory permissions to 775 and default file permissions to 664. Use this simple calculation to determine the umask code for a permission:

Subtract the permission you want from the default file permission:

777 - 755 = 022

Similarly, for directories:

666 - 644 = 022

For a complete explanation of umask settings, type man umask from the command line.

Image Source: Wikimedia Commons

Continue reading: How to setup umask on a Linux server

cPanel is best known as a graphical web hosting control panel. Since it is web based, however, there may be times when a system administrator may prefer or may need to execute commands from the Linux shell, either locally or remotely via SSH. Fortunately, cPanel comes with a host of scripts found in the /scripts directory. Here are just some of the scripts offered:

easyapache - upgrades and reinstalls Apache
addpop - adds a POP mail account
wwwacct - adds a cPanel account
suspendacct - suspends an account
runweblogs - updates statistics for a user
makecpphp - reinstalls cPanel’s internal PHP
cpbackup - backs up all accounts

Other scripts are documented on the cPanel website as well as more specific documentation about updating services. As a warning, cPanel recommends against using any other scripts not listed on their website, although your web hosting provider might install some. If you find a suspicious script, contact your web host.

Source: cPanel Documentation
Photo: Flickr

Continue reading: cPanel shell scripts for Linux

In yesterday’s post, we learned how to find the discrepancies between two similar files using a command called diff. With it, we were able to compare them and identify the actual lines containing differences.

Once you have identified the differences between the two, you have a couple of options. If only one file is different, you can delete it, but if both files have slight differences and you need the changes from both, you will need to include the changes from both. That would normally involve creating a third file or revision containing both changes.

With the command sdiff you can display the file differences side-by-side and can also merge the two file changes into a third output file. To run sdiff, use the following command string:

sdiff -o outfile file1.txt file2.txt

It will display the two differences (see the image above). Press Enter, and it will then provide you with options. Choose the one you want and then Quit.

Continue reading: How to merge two different files in Linux

Question: I have two scripts in a directory on my server. One is the right one and one is not, but I do not remember which is which. How can I compare the two files?

Answer: Linux and UNIX-like operating systems usually come with a comparison command called “diff”. This command will display line-by-line differences between two files. It is useful for software developers, but web developers and web application managers will find it useful as well.

To use it, just enter:

diff script1.php script2.php

It will search through both PHP scripts and find any lines that are different. The output will look something like this:

if(!function_exists('add_action')){
header('HTTP/1.0 404 Not Found');
header('Location: ../../');
> exit();
}

In the first file “exit();” is not present, while the second file correctly contains it. Tomorrow we will learn how to merge the two differing files into one correct file.

Continue reading: How to compare two files in Linux

Question: Two of my directories on my server have some the same files. How can I easily delete any duplicates while preserving the unique files?

Answer: There exists a Linux tool for just about everything, and this is no exception. You need a tool called fdupes, which searches the path you give it for duplicate files and uses several comparison techniques (sizes, MD5 signatures, byte-by-byte comparison) to find and eliminate duplicates.

First install fdupes. In RHEL/Fedora/CentOS, use the rpmforge repository enter:

# yum install fdupes

To find duplicates in the /etc directory, you would enter:

# fdupes /etc

To force fdupes to prompt you whether to preserve or delete files:

#fdupes -d /etc

As you can see, fdupes might be just what you need to clean up your server and possibly increase that precious disk space.

Source: nixCraft
Photo: Wikimedia Commons

Continue reading: How to delete duplicate files in Linux

Question: How do I see all of the users that have accounts on my server?

Answer: In a previous post, we covered the “who” command, which will tell an administrator which users are currently logged into the system, but another important thing to know about your server is which users you actually have. You will want to look at a complete list of users to make sure all the existing users are supposed to be there.

To list all users, enter the following command:

cat /etc/passwd | cut -d":" -f1

Also, to find out the total number of accounts, enter:

cat /etc/passwd | wc -l

Please note that this will look for all accounts, including those created by Linux, such as “mail” and “haldaemon”, but it will also include manually created local users.

Continue reading: How to list all users in Linux