Archive

Posts Tagged ‘Linux’

Block access to your dedicated server automatically if more than 3 failed logins

August 3rd, 2009
Comments Off

Lately I have been noticing high activity of cyberattacks. In fact, a few of our servers got hit and had to be rebuilt. Of course some of these servers were never built with security in mind. We did manage to save all the data and the redo took less than one day total so the end result is great overall with fully patched servers, firewall, email alerts in place, and finally a way to automatically block failed logins. I’ll show you how to setup the last part, it is actually quite easy.

So, I assume you have a CentOS server. I am using CentOS 5.3 fully updated (yum update) and i have the atomicorp repository setup. The atomicorp is not necessary (it seems) but will allow you to use newer versions of PHP and other packages. The package that will do the work is called fail2ban. A simple install seems to take care of it for us:

yum install fail2ban

Lets install the service, in case that we restart the server – the service will automatically start running, I use ntsysv for this:

ntsysv (hit enter, select the service, make sure it has a start inside the brackets, and click 'ok')

Lets start the service:

service fail2ban start

Here is recommend to setup a auto forward on the root emails to you:

echo 'youremail@yourdomain.com' > ~/.forward

You should be all set. Try to check the log files once a week after the install, see if the service actually blocked potential hackers. Let me know if this worked for you or if you are using a better package?

Web Application Hosting ,

CentOS for Linux Servers: a cut above

November 30th, 2008
Comments Off

It has been almost a year that we are using CentOS for all of our new servers instead of Ubuntu Server, and it is a great success! This article describes the few reasons behind our transition from Ubuntu to CentOS. Of-course, there is always something here and there but 99% of the cases are resolved easily and actually have nothing to do with CentOS. If time will permit we will transition all of our existing Linux boxes to CentOS 5.2. Oh, and yes, if you are looking for a solid Linux server distro – it is CentOS hands down.

We noticed that more and more hosting companies offer CentOS as their default distro and recently CentOS can claim at least 1% of all world supercomputers. The support that is offered for CentOS is abundant at this point and clearly targets the more advanced system administrators out there. All in all it seems like CentOS is maturing as a great distro for Linux server purposes.

If you are curious, we are using CentOS 5.2 64 bit by default with no software installed (at all). If needed we use the LAMP stack and the XEN virtualization software, all from the CentOS default repositories.

So, what is your experience with CentOS out there?

LAMP: Linux Apache MySQL PHP, Web Development , , , , ,

About Linux Distros: Ubuntu and CentOS

April 13th, 2008

A few weeks ago, we setup a new production LAMP server to host a few of our client’s sites, medium size eCommerce websites. I wanted to share our experience as we came across the three big (and free) Linux distributions while we evaluated and setup the machines. We have previously setup Ubuntu Server 7.04 for our development and staging environment while researching the related family of North American Linux distributions: RedHat, Fedora and CentOS.

CentOS vs Ubuntu Install Screenshot

I’ll start with the positive: in the last few years Linux distributions in general have become main stream OS and most of the installation process is user friendly. Almost each distro offers the ‘server’ edition of the OS which comes mostly configured with what a production LAMP server needs to have installed already. The installation packages are clearly labeled for i386 or x64 bit, and most even offer a net install which in CentOS case only requires downloading about 7MB of ISO file and the rest is done on the fly.

Now, let’s delve into the differences that affected our decisions, labeled according to key points and in order of importance to us:

Setup Efficiency: ROI and Learning Curve

I had the experience for setting up both Ubuntu server and CentOS server editions on two different machines. Both machines had similar configurations of two 500GB harddrives mirrored in hardware Raid1 with a 3ware card, and Intel Pro dual NIC. The rest of the hardware setup is pretty much the standard Intel based processors. Both Ubuntu and CentOS had no problem in recognizing all the hardware on the machines and the setup process went pretty smoothly. The differences began showing after the initial setup: while CentOS shows an additional very helpful setup (NIC assignments, firewall, and services setup) Ubuntu had no such thing and showed the login prompt right after boot. What I found surprising is that Ubuntu required additional steps in order to download and install SSH using aptitude – if one chooses a server edition, shouldn’t it be setup for you by default?

Although aptitude is a great package management software, I have found that the server version of Ubuntu is just not mature enough or simply chooses the minimalistic approach which doesn’t fit my understanding of a server distro. Many of the tasks that were performed by CentOS by default or had options for that during the install were missing in Ubuntu. At the end of the day, setting up Ubuntu took days while CentOS took hours. Did I say ROI? CentOS is the clear winner.

Package Management Systems

Ubuntu prides itself on apt-get and aptitude which builds itself on top of the debian package management system while CentOS, Fedora and RedHat, use the rpm and yum package management systems. After using all systems I can clearly say that I favor the yum and rpm package management systems.

First, with apt-get/apt-cache/aptitude I had to constantly refer back to the documentation on Ubuntu’s site and I still cannot remember which one do I use for searching, installing, upgrading, describing, or removing packages – do we really need the separation? With both yum and rpm simply provide a separate option and you are good to go, all the information is flowing into the terminal and it took me only one glance of ‘man yum’ to understand what and where.

Second, in the particular case of apache, vhosts, and extensinos, aptitude allows flexibility at the price of re-arranging the apache.conf and vhosts.conf into a collection of files and folders. Yum does a similar thing as well, however I still found yum’s method to keep the original httpd.conf mostly intact which allowed my familiarity with the basic apache configuration skill to take over and finalize install in no time. In my opinion, the deviation from the standard has no benefit whatsoever. The price of flexibility comes over familiarity but yet yum had the upper hand and ease of use.

Third, setting up a package that requires dependencies is equally good in both systems: they both do a very good job of finding the dependencies, looking their download sources, installing and setting it all up. However, I did find that yum had the best reporting system and after it gathered all the information it showed a useful status report while asking permission to proceed – this is valuable for sys admins and it does save time. Once more, yum feels like a more mature package management system.

Production OS? Stability vs Cutting Edge

Here is where I wanted to introduce a bit of the feeling we all shared after setting it up, plus the feeling of some colleagues of mine who I consider to be Linux Admin Gurus. At the end of the day, when all is setup and configured, the feeling from the CentOS system was much more secure and I knew exactly what is installed and what is not. Conversely, Ubuntu server did not give me that worm fuzzy feeling that ‘all is good’ and if I needed to make a change, I would have to refer to documentation first before I touch the server.

When I ask some Linux Guru colleages who manage production linux clusters on a regular basis, they all point to CentOS or RedHat due to stability and performance record. In other words, you won’t get the latest cutting edge packages like Ubuntu or Fedora – but it is guaranteed to be much less flawed.

Conclusion

The bottom line is that distro preference is a personal decision. Personal to the individual who administers the systems and personal to the organization. We’ve chosen CentOS over Ubuntu, Fedora, and RedHat. The only option I see that might change is adopting RedHat due to the technical support that is offered for a fee. Hands down, CentOS provided the fastest configuration time, lowest learning curve, better ROI, superior package management system, and a good fuzzy feeling of stability. Thanks to CentOS, we can get back to our main passion: Web Development…

LAMP: Linux Apache MySQL PHP, Web Application Hosting , , , , , , , ,