Tuning tmpfs filesystem /dev/shm for CentOS — centoshacker
avatar

Posted on January 13, 2012 by

I didn’t know that this was allocating ram like this…

Tuning tmpfs filesystem /dev/shm for CentOS — centoshacker.

Posted in CentOS, News | Leave a comment

Limit Number of Connections from an IP
avatar

Posted on August 5, 2011 by

One of the problems you can sometimes face with a website is people mirroring your site or search bots excessively connecting to you.  This is very easy to fix by limiting the number of connections an IP address is allowed to make.

To do this you just need to install the mod_limitipconn Apache module.  If you are using Fedora or CentOS you can easily install this module through yum:

yum install mod_limitipconn

Once it is installed it is very easy to config.  You need to add the following line to your httpd.conf file:

LoadModule limitipconn_module modules/mod_limitipconn.so

Then you just need to add in the settings for the module.  I have included some samples below:

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 3
NoIPLimit image/*
NoIPLimit application/javascript
</Location>
<Location /phpmyadmin/*>
NoIPLimit *
</Location>
</IfModule>

The above settings consist of two parts, the location and then the settings for that location.  What is really nice is you can say certain folders are allowed more connections then others.  This is very important now that most browsers use multiple threads to download a single page.  This means that for a normal person to connect and view your website the browser may establish multiple connections.

In the above example you will see that I set the location to “/” (which means the entire site), then I say there is a MaxConnPerIP of 3, so I only want a max of three connections at a time from a single IP.  The next thing you will see is NoIPLimit image/* and NoIPLimit application/javascript.  Without these two settings multiple thread browser have a lot of problems loading pages since they often open up a connection for each of these content types plus one for the regular text on the site.  The other thing to keep in mind when doing this is that NoIPLimit is looking for a MIME type and not a path.

Now the other thing you may want to do is set section of the website where there will be no limit at all.  This is done again by setting the location (the example I used was phpmyadmin) and then saying NoIPLimit on any file type.

Posted in Apache, CentOS, Fedora | Tagged , , , | Leave a comment

Stopping DOS Attacks with Mod_Evasive
avatar

Posted on August 4, 2011 by

DOS attacks are becoming very common these days.  There are many different levels of DOS attack and monitoring your system and trying to prevent them all can be a full-time job.  However for the causal user you can easily add some basic DOS protection without much effort, especially if you are using Fedora or CentOS.

Fedora and CentOS both have mod_evasive in their main repositories so to install this you just need to run:

yum install mod_evasive

This mod comes basically ready to run without any modification.  I like to make a couple of changes to the settings so I can receive notices when a block is taking place.  To do this you just need to go to your apache conf.d directory and edit the mod_evasive.conf file.  To recieve email notifications when someone is blocked just enter your email address in the field DOSEmailNotify.  All of the other settings are fine the way they are.

Posted in Apache, CentOS, Fedora, Guides | Tagged , | Leave a comment

Working with ISO from the Linux Command Line
avatar

Posted on August 1, 2011 by

If you have wondered how to create an iso from the command line, it is very simple.  You just need to use the following commands:

mkisofs -o <name of iso>.iso <directory to be iso>

To burn an ISO from the command-line many people do a DD, this doesn’t always work since it is technically not the correct way to do it.  To do it the proper way you would need to run the following commands:

  1. Determine the Device ID number by running the following command:

    cdrecord -scanbus

    * The device ID number will be x,x,x on the row which lists the CD/DVD drive you will be using.

  2. Next you will want to do the actual burning of the ISO to that device using the following command:

cdrecord -v dev=<Device ID from the scanbus command> <ISO to burn>.iso

Posted in Arch, CentOS, Fedora, Linux | Tagged , , | Leave a comment

Unlock An Account
avatar

Posted on August 1, 2011 by

To unlock a user in Linux is quite easy you just need to run the following command:

passwd -u <account>

This will unlock the account which has expired, but if you have turned on the advanced PAM Account Auditing you will also need to reset their account using the following command:

/sbin/pam_tally2 –user <account> –reset

This will reset the number of times they have incorrectly logged in so the account can be used again.

Posted in Arch, CentOS, Fedora, Linux | Tagged , | Leave a comment