Posts Tagged ‘configuration options’

How to improve Linux kernel security with GrSecurity / Maximum Linux kernel security with GrSecurity

Tuesday, May 3rd, 2011

In short I’ll explain here what is Grsecurity http://www.grsecurity.net/ for all those who have not used it yet and what kind of capabilities concerning enhanced kernel security it has.

Grsecurity is a combination of patches for the Linux kernel accenting at the improving kernel security.

The typical application of GrSecurity is in the field of Linux systems which are administered through SSH/Shell, e.g. (remote hosts), though you can also configure grsecurity on a normal Linux desktop system if you want a super secured Linux desktop ;).

GrSecurity is used heavily to protect server system which require a multiple users to have access to the shell.

On systems where multiple user access is required it’s a well known fact that (malicious users, crackers or dumb script kiddies) get administrator (root) privileges with a some just poped in 0 day root kernel exploit.
If you’re an administrator of a system (let’s say a web hosting) server with multiple users having access to the shell it’s also common that exploits aiming at hanging in certain daemon service is executed by some of the users.
In other occasions you have users which are trying to DoS the server with some 0 day Denial of Service exploit.
In all this cases GrSecurity having a kernel with grsecurity is priceless.

Installing grsecurity patched kernel is an easy task for Debian and Ubuntu and is explained in one of my previous articles.
This article aims to explain in short some configuration options for a GrSecurity tightened kernel, when one have to compile a new kernel from source.

I would skip the details on how to compile the kernel and simply show you some picture screens with GrSecurity configuration options which are working well and needs to be set-up before a make command is issued to compile the new kernel.

After preparing the kernel source for compilation and issuing:

linux:/usr/src/kernel-source$ make menuconfig

You will have to select options like the ones you see in the pictures below:

[nggallery id=”8″]

After completing and saving your kernel config file, continue as usual with an ordinary kernel compilation, e.g.:

linux:/usr/src/kernel-source$ make
linux:/usr/src/kernel-source$ make modules
linux:/usr/src/kernel-source$ su root
linux:/usr/src/kernel-source# make modules_install
linux:/usr/src/kernel-source# make install
linux:/usr/src/kernel-source# mkinitrd -o initrd.img-2.6.xx 2.6.xx

Also make sure the grub is properly configured to load the newly compiled and installed kernel.

After a system reboot, if all is fine you should be able to boot up the grsecurity tightened newly compiled kernel, but be careful and make sure you have a backup solution before you reboot, don’t blame me if your new grsecurity patched kernel fails to boot! You’re on your own boy 😉
This article is written thanks to based originally on his article in Bulgarian. If you’re a Bulgarian you might also checkout static’s blog

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop, System Administration | No Comments »

How to add visitor/visitors counter in Joomla based website using the VINAORA joomla plugin

Wednesday, December 29th, 2010

One of the websites based on Joomla, that I’m managing, had to have the option to show a Visitors Counter on the page bottom.

I did some research online to check for some Joomla plugins that are capable of aiming my Joomla installation with the Visitor Counter feature.

There are a couple of plugins available out there that are able to provide a Joomla installation with a Web Counter, however I’ll just mention the few which I have tested myself.
The ones I’ve tested myself are;

1. VCNT
2. Count your Visitors
3. Cool Hits Counter
and finally the one that I really liked the most:

4. VINAORA

All the prior 3 aforementioned VCNT, Count your Visitors and Cool Hits Counter, are actually working right after installation. I haven’t had the time to test them thoroughfully but from a first look they appear to be counting the visitors.

The Count your visitors – joomla plugin’s download main page was in German with no option to revert to English, so that wasn’t nice.

Though the plugin seems to work fine after just downloaded and installed and configured from

Extensions -> Module Manager

The configuration options for Count your visitors are quite obscure but if you’re a looking for a really simple way to count your Joomla based website visitors it might be a good choice. The plugin is based on the initial Joomla module called Statistics.

By the way I’ve read some reports online that actually Joomla 1.5 also includes some kind of minimal integrated web counter embedded in itself throughout the Joomla Statistics module .
However I personally couldn’t really follow the methods describe to take advantage of the Joomla install integrated Statistics module, however if somebody has already succeeded in using the Statistics default joomla module I’ll be glad, if he shares with me.

I’ve found the VCNT visitor statistics plugin a handy one, but this module had this major problem that the VCNT 1.5 text which was appearing as a heading before the statistics was hard to wipe out of my web page, so eventually I got pissed of and thought and tested the Cool Hits Counter.

The Cool Hits Counter is actually a simplistic module which presents a counter about visitors on the web site in numeric digit numbers.
These module uses the integrated Joomla 1.5 module mod_stats the only difference is the support for numeric digit numbers.

As I’ve said none of the above modules wasn’t flexible enough and therefore wasn’t what I was looking for, thus I decided to use my installed VINAORA Joomla web(users) counter plugin.

The VINAORA is actually quite straight foward to configure, right after installation to start with the configuration I had to navigate to:

Extension -> Module Manager -> Vinaora Visitors Counter -> Module Parameters

Since I wanted just a simple counter without any external statistics I personally prefered using Vinaora’s counter with the optionsDisplay Mode: Simple as well as the Zero-Statistics turned on to (Yes)

Some of the other options I found to be best matching my desires for the Visitors Counter was:

Show Title: No and Position: Left

Now I had this shiny visitors statistics in my Joomla installation but there was the annoying Link in my Visitors Counter appearing on the page, thus in order to remove the default link Visitors Counter which was pointing to the VINAORA’s web page, I had to edit the file:
modules/mod_vvisit_counter/tmpl/default.php located in my Joomla Document Root directory.

First I’ve edited the code on line 21 where I’ve removed out the Vinaora string since I didn’t wanted any reference to Vinaora to occur in my Joomla HTML code.

In line 162 in the code:

$html .= ….

By removing it I’ve completed scraped out the annoying references to VINAORA and their link to http://vinaora.com website and thus made the Visitors counter a look a bit more professional.

Now the counter is working with a graphical numeric digits and everything is just fine with my Web counter Joomla counter thanks to VINAORA 🙂
 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Joomla, Linux, System Administration, Various | 3 Comments »

End of Management Games / Lectures

Wednesday, April 16th, 2008

Today was the last day of the lectures with Joop Vinke. Here is how my day passed. I woke up at 9:00, washed my teeth dressed combed my hair and went to the police station to look for our quarter police officer. I need to renew my personal ID card because it has been expired already for 4 years already. Thanks God everything went smoothly in the police station. After that I went to school we had lectures with Joop Vinke. After the school I went home and played around with my FreeBSD system. I succesfully upgraded gnome 2.20 to 2.22.

Using the binary packages from

http://www.marcuscom.com/tb/packages/7-STABLE-FreeBSD/gnome/. I’m trying to upgrade gnome from source for already almost 3 weeks with portmanager. After all of the required ports rebuilded still gnome wasn’t functioning, so in order to make it working I downloaded packages from http://www.marcuscom.com/tb/packages/7-STABLE-FreeBSD/gnome/ and ran a little loop with

for i in *; do pkg_add -vf $i; done

 

to make all the .tbz files install I did that yesterday night today at the afternoon everything was installed and gnome ran just fine I only had to link few libraries because they were searched on a different places. All works just fine now I only have to rebuild few of my games because they’re now linked to an old libraries. In the evening we went out with Javor for a coffee. As very often we went to the fountain we had a nice talk and then we went to his apartment to watch a film. He recommended a film called 1984 and we watched that. My impression is that this film is totally psychodelic and freaky, but still interesting to see. After I went home I went to see my grandma and now I’m home tired on a few steps of my bed 🙂 I should also mention that today I upgraded clamav on 3 of the servers I maintain. It seems there are few configuration options which changed in the new clamav release (0.93). It was an easy day as a whole if we don’t count my physical infirmity.

END—–

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Entertainment, Gnome | No Comments »

Two wordpress plugins to accelerate wordpress opening times and decrease server load time

Thursday, September 22nd, 2011

A Comparison of wordpress webpage responce with and without wp dbcache

A combination of two wordpress caching plugins (Hyper Cache and Db Cachesignificantly improves the access times of a wordpress based blogs and websites.

Installing the two websites has drastically improved my blog opening times, so in my view having the two plugins on every wordpress install out there is a must! 🙂
The plugins installation is straight forward, here is how I installed them.

1. Installing Hyper Cache on WordPress

To install Hyper Cache all I had to do is download and enable the plugin, the plugin doesn’t require any configuration. I always love it when I don’t have to bother with reading configuration options and pondering for some 20 minutes on the plugin features, so in that perspective Hyper Cache in my view is a good alternative to WordPress Super Cache

Besides that WordPress Super Cache was having issues when enabled on few wordpress based websites I manage these days. For comparison Hyper Cache worked just great on all wordpress install I tried the plugin so far.

To install all I had to do is download the plugin unzip and enable it:

a. Download and unzip it

debian:/var/www/blog# wget http://downloads.wordpress.org/plugin/hyper-cache.zip
...
debian:/var/www/blog# cd wp-content/plugins
debian:/var/www/blog/wp-content/plugins# unzip hyper-cache.zip

b. Enable Hyper Cache plugin

To enable the plugin follow to standard plugin location;

Plugins -> Inactive -> Hyper Cache (Enable)

To enable the plugin follow to standard plugin location;

Plugins -> Inactive -> Hyper Cache (Enable)

 

A  mirror of current version of hyper-cache.zip plugin is here 

2. Installing Wodpress Db Cache

What Db Cache, does it does caching of last queries made to MySQL for specified time, so if the query has to be refetched again from wordpress’s php frontend the queries results are fetched straight for the memory. This decreases the load towards the MySQL server and increases the webpages loading time.

As the plugin page suggests it’s way faster than other html caching-plugins like WP-Cache  or WP Super Cache

However, I think its still slower than using a combination of WP Super Cache’s alternative Hyper Cache  and  Db Cache . Combining this two could rise the webpage opening times according to some statisticonline at best cases up to 830% !! 😉 Let me proceed with how I did the install of  Db Cache .

a. Download and Install Db Cache

 

debian:/var/www/blog/wp-content/plugins# wget http://downloads.wordpress.org/plugin/db-cache.0.6.zip

...

debian:/var/www/blog/wp-content/plugins# unzip db-cache.0.6.zip

 

b. Enable the plugin 

 

Plugins -> Inactive -> Db Cache (Enable)

 

c. Make sure the permissions for Db Cache are correct

On Debian to enable Db Cache, the permissions should be changed for Apache to have a read/write permissions to plugin directory, on Debian to fix the permissions I used the commands:

debian:/var/www/blog# chown www-data:www-data wp-content

debian:/var/www/blog# chown -R www-data:www-data wp-content/plugins/db-cache

On other GNU/Linux distributions the above commands (user and group) www-data:www-data, should be set to whatever user/group Apache is running with, on Slackware this would be nobody:nobody, on CentOS and RHEL it would be apache:apache.

Finally to enable Db Cache go to

Settings -> Db Cache -> (Tick Enable) -> Save

I’ve also made a mirror of Db Cache plugin here

Enjoy the speed boost 😉

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, SEO, Various, Web and CMS, Wordpress | 2 Comments »

WP-Minify, Scripts Gzip and HeadJS Loader three scripts that might have positive impact on WordPress performance

Friday, September 23rd, 2011

I’m trying to get the most of server + wordpress performance and these days I’m heavily playing with it as one can read from my past few articles 😉

Today I’ve come across three other plugins which in many cases could be beneficial and bring a good performance increase in wordpress, this are:
 

  • WP-Minify – http://wordpress.org/extend/plugins/wp-minify/
  • HeadJS Loader – http://wordpress.org/extend/plugins/headjs-loader/
  • Scripts Gzip – http://wordpress.org/extend/plugins/scripts-gzip/

WP-Minify – does combine all JS and CSS script into one consolidated compressed script or style as well removes any duplicate script resources and hence could have positive impact on performance

HeadJS Loader – does strips out all your old javascript declarations and puts them into one head.js file so that they are loaded in parallel in the head of the pages and through that prevents the blocking of load up until all JS is a loaded so commonly seen these days on the net for more info on how HeadJS works check out http://headjs.com

Script Gzip – merges and compresses the CSS and JS links on page, the plugin does not have caching functionality. The plugin doesn’t have much configuration options which I find as a good thing

To find out what works best for you its a best practice if the website speed load time is tested after loading each of the plugins and with all of them enabled and configured, finally for best results just leave only the plugins or a combination of them which gives the lowest page responce times.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Wordpress | 1 Comment »

Few nginx.conf configuration options for Nginx to improve webserver performance

Tuesday, April 12th, 2011

Nginx server main logo with russian star
From my previous two articles How to install nginx webserver from source on Debian Linux / Install Latest Nginx on Debian and How to enable output compression (gzipfile content compression) in nginx webserver , I have explained how the Nginx server can be installed and configured easily.

As I’m continuing my nginx adventures this days, by trying to take the best out of the installed nginx server, I’ve found few configuration options, which does improve nginx’s server performance and thought it might be nice to share it here in hope that some other nginx novice might benefit out if them.
To setup and start using the options you will have of course to place the conf directives in /usr/local/nginx/conf/nginx.conf or wherever your nginx.conf is located.

The configuration options should be placed in nginx’s conf section which starts up with:

http {

Here are the configuration options useful in hastening my nginx’s performance:

1. General options nginx settings

## General Options
ignore_invalid_headers on;
keepalive_requests 2000;
recursive_error_pages on;
server_name_in_redirect off;
server_tokens off;

2. Connection timeout nginx settings

## Timeouts
client_body_timeout 60;
client_header_timeout 60;
keepalive_timeout 60 60;
send_timeout 60;
expires 24h;

3. server options for better nginx tcp/ip performance

## TCP options
tcp_nodelay on;
tcp_nopush on;

4. Increase the number of nginx worker processes

Somewhere near the beginning of nginx.conf file you should have the directive option:

worker_processes 1;

Make sure you change this option to:

worker_processes 4;

This will increase the number of spawned nginx worker processes in a way that more spawned threaded servers will await for client connections:

Being done with all the above settings, as a next step you have to restart the nginx server, in my case via the init script:

debian:~# /etc/init.d/nginx restart
Restarting nginx: nginx.

Now to check everything is fine with nginx and more specific that the worker_processes 4 options has taken place issue the command:

debian:~# ps axu |grep -i nginx|grep -v grep
root 20456 0.0 0.0 25280 816 ? Ss 10:35 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 20457 0.0 0.0 25844 1820 ? S 10:35 0:00 nginx: worker process
nobody 20458 0.0 0.0 25624 1376 ? S 10:35 0:00 nginx: worker process
nobody 20459 0.0 0.0 25624 1376 ? S 10:35 0:00 nginx: worker process
nobody 20460 0.0 0.0 25624 1368 ? S 10:35 0:00 nginx: worker process

Above you notice the 4 nginx processes running with user nobody, they’re the same configured worker_processes I just pointed out above.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, System Administration | 2 Comments »