ServerBuddies Support Blog

Support for partitions larger than 2.2 TB with BIOS

Installations can now be configured to boot from hard drive partitions larger than 2.2 TB using select BIOS models that support the newer GUID Partition Table (GPT). Legacy BIOS implementations previously limited ability to use large partitions on systems that were not using the newer Unified Extensible Firmware Interface (UEFI).
The initial ramdisk file on 64-bit PowerPC and 64-bit IBM POWER Series systems is now named initrd.img. In previous releases, it was named ramdisk.image.gz.

PHP hardening using session.cookie_httponly & session.referer_check

PHP hardening using session.cookie_httponly & session.referer_check

Setting this value to 1 prevents JavaScript from accessing PHP session cookies. This can help prevent attackers from stealing session cookies. However, you may be unable to use this directive if your users utilize PHP session cookies via JavaScript.

This parameter allows PHP to check HTTP referrer values. This allows you to specify a domain, ensuring that session information is only passed internally during the time a user is working with a web application. This will prevent your users from accidentally exposing session information that may allow malicious users to follow links and steal a session.

Support for device identification using WWIDs during installation

Fibre Channel and Serial Attach SCSI (SAS) devices can be now specified by a World Wide Name (WWN) or a World Wide Identifier (WWID) for unattended installations. WWN is part of the IEEE standard which makes it easier to identify storage devices during installation for users utilizing Storage Area Networks (SAN) and other advanced network topologies. When a storage device is attached to a server using multiple physical paths for redundancy or improved performance, WWN for any of these paths is sufficient to identify the device.

Mount and Access NTFS Partition

NTFS-3G is an open source cross-platform implementation of the Microsoft Windows NTFS file system with read-write support. NTFS-3G often uses the FUSE file system interface, so it can run unmodified on many different operating systems. It is runnable on Linux, FreeBSD, NetBSD, OpenSolaris, and Mac OS X.

On Ubuntu / Debian

Usage

If there was no error during installation then the NTFS volume can be mounted in read-write mode for everybody as follows. Unmount the volume if it had already been mounted, replace /dev/sda1 and /mnt/windows, if needed.

Please see the NTFS-3G Manual for more options and examples.

You can also make NTFS to be mounted during boot by adding the following line to the end of the /etc/fstab file:

Fail2ban 0.8

Brute-force break-in attempts are quite frequent against an SSH server and other password protected internet-services (such as ftp,pop,…). Automated scripts try multiple combinations of username/password (brute-force, dictionary attack) and sometimes changing the port to something other than the default can’t be done. Furthermore, scouring your log files yourself is not only time consuming, but can be difficult too.

Fail2ban attempts to alleviate these issues by providing an automated way of not only identifying possible break-in attempts, but acting upon them quickly and easily in a user-definable manner.

Log files contain interesting information, especially about failed logins. This information can be used to ban an offensive host. This is exactly what Fail2ban does. It scans log files and detects patterns which correspond to possible breakin attempts and then performs actions. Most of the time, it consists of adding a new rule in a firewall chain and sending an e-mail notification to the system administrator.

Here is a list of the most important features available in Fail2ban:

client/server
multithreaded
Gamin support
autodetection of the date/time format
wildcard support in logpath option
support for a lot of services (sshd, apache, qmail, proftpd, sasl, asterisk, etc)
support for several actions (iptables, tcp-wrapper, shorewall, mail notifications, etc)