Archive for the tag 'Common'

SBDavid

Apache MPM Common Directives

Apache MPM Common Directives

Description: A collection of directives that are implemented by more than one multi-processing module (MPM)

Description: Method that Apache uses to serialize multiple children accepting requests on network sockets
Syntax: AcceptMutex Default|method
Default: AcceptMutex Default
Context: server config
Status: MPM
Module: prefork, worker

The AcceptMutex directives sets the method that Apache uses to serialize multiple children accepting requests on network sockets. Prior to Apache 2.0, the method was selectable only at compile time.

SBDavid

Some common Linux kernel processes

Some common Linux kernel processes

kjournald Commits ext3 journal updates to disk
kswapd Swaps processes when physical memory is low
kreclaimd Reclaims memory pages that haven’t been used recently
ksoftirqd Handles multiple layers of soft interrupts
khubd Configures USB devices

There is one kjournald for each mounted ext3 filesystem.

Among these processes, only init is really a full-fledged user process. The others are actually portions of the kernel that have been dressed up to look like processes for scheduling or architectural reasons.

SBDavid

Common iptables Filtering

Common iptables Filtering

Default policy set to block all incoming, outgoing, and forwarded packets, it is impossible for the firewall/gateway and internal LAN users to communicate with each other or with external resources. To allow users to perform network-related functions and use networking applications, administrators must open certain ports for communication.

To allow access to port 80 on the firewall, append the following rule:

iptables -A INPUT -p tcp -m tcp –sport 80 -j ACCEPT

This allows regular Web browsing from websites that communicate via port 80. To allow access to secure websites (such as https://www.serverbuddies.com/), you must open port 443, as well.

iptables -A INPUT -p tcp -m tcp –sport 443 -j ACCEPT

You must set a rule to allow first, and then set a drop rule on the subnet.

To arbitrarily insert a rule in an existing chain of rules, use -I, followed by the chain in which to insert the rule, and a rule number (1,2,3,…,n) for where the rule should reside. For example:

iptables -I INPUT 1 -i lo -p all -j ACCEPT

The rule is inserted as the first rule in the INPUT chain to allow local loopback device traffic.

$ sudo iptables -L -n -v

Chain INPUT (policy ACCEPT 235 packets, 45229 bytes)
pkts bytes target prot opt in out source destination
2 158 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
169 36782 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80

To allow remote SSH access, the following rules may be used:

iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p udp –sport 22 -j ACCEPT
SBDavid

Common NFS Syntax Errors

Common NFS Syntax Errors

The NFS server determines which file systems to export and which hosts to export these direct-
ories to via the /etc/exports file.

Be careful not to add extraneous spaces when editing this file.

For instance, the following line in the /etc/exports file shares the directory /tmp/nfs/ to the host serverbuddies.example.com with read/write permissions.

/tmp/nfs/ serverbuddies.example.com(rw)

This line in the /etc/exports file, on the other hand, shares the same directory to the host serverbuddies.example.com with read-only permissions and shares it to the world with read/write permis-sions due to a single space character after the hostname.

/tmp/nfs/ serverbuddies.example.com (rw)

It is good practice to check any configured NFS shares by using the showmount command to verify what is being shared:

showmount -e [hostname]