strace - trace system calls and signals
In the simplest case strace runs the specified command until it exits.
It intercepts and records the system calls which are called by a process and the signals which are received by a process. The name of each system call, its arguments and its return value are printed on standard error or to the file specified with the -o option.
strace is a useful diagnostic, instructional, and debugging tool. System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them. Students, hackers and the overly-curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs.
And pro?grammers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions.
Example:
Tags: calls, signals, strace, System, trace
Server Name Indication
Server Name Indication (SNI) is a feature that extends the SSL and TLS protocols to indicate what hostname the client is attempting to connect to at the start of the handshaking process. By doing so it allows a server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites to be served off the same IP address without requiring all those sites to use the same certificate.
Unfortunately to make use of SNI practical it is necessary that the vast majority of users are using web browsers that support it. Users whose browsers do not support SNI will be presented with a default certificate and hence are likely to receive certificate warnings. As of 2011 there are still many users of browsers that do not support SNI.
Tags: Indication, Name, server
lfd Principles
One of the best ways to protect the server from inbound attack against network daemons is to monitor their authentication logs. Invalid login attempts which happen in a short space of time from the same source can often mean someone is attempting to brute-force their way into the server, usually by guessing user names and passwords and therefore generating authentication and login failures.
lfd can monitor the most commonly abused protocols, SSHD, POP3, IMAP, FTP and HTTP password protection. Unlike other applications, lfd is a daemon process that monitors logs continuously and so can react within seconds of detecting such attempts. It also monitors across protocols, so if attempts are made on different protocols in a short space of time, all those attempts will be counted against the threshold.
Tags: lfd, Principles
SSL/TLS Manage Certificate Sharing
If you are the server administrator, you can choose to allow your customers to share your SSL certificate.
1. Click Change Certificate Sharing Permissions to begin.
2. On the Manage SSL Certificate Sharing screen, click Enable Sharing.
Click Disable Sharing if you want to disallow users from sharing your certificate.
3. Under the Certificate Linking heading, select a domain to see an accurate link example.
Tags: certificate, manage, Sharing, SSL/TLS
tune2fs - adjust tunable filesystem parameters on ext2/ext3/ext4 filesystems
tune2fs allows the system administrator to adjust various tunable filesystem parameters on Linux ext2, ext3, or ext4 filesystems.
The current values of these options can be displayed by using the -l option to tune2fs(8) program, or by using the dumpe2fs(8) program.
Adjust the number of mounts after which the filesystem will be checked by e2fsck(8). If max-mount-counts is 0 or -1, the number of times the filesystem is mounted will be disregarded by e2fsck(8) and the kernel.Staggering the mount-counts at which filesystems are forcibly checked will avoid all filesystems being checked at one time when using journaled filesystems.
Set the number of times the filesystem has been mounted. If set to a greater value than the max-mount-counts parameter set by the -c option, e2fsck(8) will check the filesystem at the next reboot.
Getting the current Values:
[root@proxy ~]# tune2fs -l /dev/sdb1 |grep count
Inode count: 655360
Block count: 2620595
Reserved block count: 131029
Mount count: 12
Maximum mount count: 26
[root@proxy ~]#
Example:
So for a system that contains 5 partitions and is booted approximately once a month you could do the following to stagger the mount counts:
tune2fs -c 5 -C 0 partition1
tune2fs -c 5 -C 1 partition2
tune2fs -c 5 -C 2 partition3
tune2fs -c 5 -C 3 partition4
tune2fs -c 5 -C 4 partition5
Tags: filesystem, filesystems, Parameters, Tunable, tune2fs
