Archive for May, 2010

Newer Entries »

How to enable HTTP gzip Compression on CentOS 5.x to speed up Apache Webserver

Thursday, May 13th, 2010

It’s a wide known fact that the so called HTTP Compression provided by mod_gzip module in Apache 1.x and by the mod_deflate module on Apache 2.x saves up a lot of internet traffic by compressing the transferred data in between the client -> server interaction.
Nowadays almost 98% or 99% of the browsers on the net perfectly support the mod_gzip file compression.
Therefore enabling the http gzip compression is a must have module in every serious webserver out there which is targetting better performance and improved interaction in terms of speed between the client / server interaction.
In that manner of thought I recently had to enable the mod_deflate on CentOS release 5.4 with Apache webserver version httpd-2.2.3-31.

Here is an uname output to be more specific about the kernel release on which the Webserver is running:

Linux centos 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

CentOS’s Apache webserver comes with enabled by default deflate Apache module.
Thus all necessery to be done in order to enable the http compression is to simply create the file and paste in it:
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
BrowserMatch bMSIE !no-gzip !gzip-only-text/html

# Don’t compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary

# Don’t compress already compressed stuff !
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .pdf$ no-gzip dont-vary

# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary

# Log Stuff !
# DeflateFilterNote Input input_info
# DeflateFilterNote Output output_info
# DeflateFilterNote Ratio ratio_info
# LogFormat ‘”%r” %{output_info}n/%{input_info}n (%{ratio_info}n%%)’ deflate
# CustomLog /var/log/httpd/deflate_log deflate

I used the article HTTP Compression on Redhat / CentOS / Fedora to create this one, so thanks to the author of the up mentioned article.

Tags:
Posted in System Administration | 2 Comments »

Fix “Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration” on Debian Squeeze Apache 2.2

Wednesday, May 12th, 2010

I am enabling http gzipping on Apache 2.2.9-10+lenny7 I included the following Apache directives in my /etc/apache2/apache2.conf

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems…BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
# BrowserMatch bMSIE !no-gzip !gzip-only-text/html

# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won’t work. You can use the following
# workaround to get the desired effect:
BrowserMatch bMSI[E] !no-gzip !gzip-only-text/html

# Don’t compress images
SetEnvIfNoCase Request_URI
.(?:gif|jpe?g|png)$ no-gzip dont-vary

# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>

Then I tried restsarting the Apache Webserver:

debian-server:~# /etc/init.d/apache2 restart
Syntax error on line 56 of /etc/apache2/apache2.conf:

and I ended up with the following error:

Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration

A quick look through my Apache module configurations and consultation with Google shown I’m missing the mod_deflate module along my Apache server loaded modules.

To enable the module to resolve the error issue:

Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration all I did was:

debian-server:~# ln -sf /etc/apache2/mods-available/headers.load /etc/apache2/mods-enabled/headers.load

Then I restarted the Apache:

debian-server:~# /etc/init.d/apache2 restart

Hooray now html content passed from the Apache webserver to the end users is transferred in a gzip format ! 🙂

Tags: ,
Posted in System Administration | 8 Comments »

How to change webmin user password

Wednesday, May 12th, 2010

I had to change a webmin username’s password recently. After spending few minutes Googling I came to the answer here is a quote from Webmin Website

How do I change my Webmin password if I can't login?

Included with the Webmin distribution is a program called changepass.pl to solve erecisely this problem. Assuming you have installed Webmin in
/usr/libexec/webmin, you could change the password of the admin user to foo by running
/usr/libexec/webmin/changepass.pl /etc/webmin admin foo

This works like a charm and I was able to change a certain username’s password on a CentOS 5.3 right out of the box.
Probably on other Linux distrubutions as well as freebsd it’s quite probable that the changepass.pl webmin changepassword script is located in different location.
So if you are about to change webmin’s password on other Linux or BSD architecture just either find the script using the gnu find command or use the locate command to search for it and execute the script changing the script location in the foreshown example.

Tags:
Posted in System Administration | 3 Comments »

Installing mod antiloris on x86 and x86_64 bit CentOS 4 and 5 to protect from the recent slowloris DoS attack

Wednesday, May 12th, 2010

I had to install mod antiloris in order to be sure the Apache is secureagainst the slowloris Denial of Service attack that emerged in the summer of 2008.
Luckily David Hrbac has already prepared an rpm packages for CentOS so the installation is really simple.
The installation of the module of course is dependant on the exact Linux architecture you’re installing it on.
David has done a great work preparing the rpm packages for both x86 and x86_64 CentOS.
Even better he has prepared packages for both CentOS 4 and 5 releases.

Here is what the uname command returns on the CentOS server where I install the module.

Linux centos 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

Here is how I did the install in a really simple and quick way on a CentOS 5 runing an x86_64 CentOS release:
1. Download the prepackaged rpm of mod_antiloris in rpm for CentOS from this link

1. Install it using the command

[root@centos-server~ ]# rpm -ivh mod_antiloris-0.3-2.el5.hrb.x86_64.rpm

2. Check the configuration syntax is fine

[root@centos-server~ ]# /etc/init.d/httpd configtest

3.Restart the Apache webserver [root@centos-server~ ]# /etc/init.d/httpd restart

Test it using the slowloris script issuing the command:

[root@centos-server~ ]# perl slowloris.pl -dns yourdomainname.com -port 80 -timeout 1 -num 300 -cache

On my installation it worked like a charm you don’t need to do any configuration settings or anything for slowloris to takeaffect just the Apache restart as marked above is all necessary to load the anti slowloris module on your CentOS Linux.
In case need to install the mod antiloris to another architecture than the one described in this article, just download theappropriate rpm centos version from the list below:

Download links to rpm packages of mod antiloris for x86 and x86_64 for Centos 5.

Download mod_antiloris rpm CentOS5 x86

Download mod_antiloris rpm CentOS5 x86_64

Download mod_antilrois rpm CentOS4 x86

Download mod_antiloris rpm CentOS4 x86_64

Of course this is just one of they ways you can do it. You can always use mod_qos or something similar as well as I’ve mentioned in one of my previous posts.
Here is also an article on How to defend from slowloris Denial of service using mod_qos on CentOS

Tags:
Posted in System Administration | 2 Comments »

Saint George’s day in Pomorie Monastery Bulgaria

Thursday, May 6th, 2010

St. George Bulgarian icon

I’m in pomorie monastery right now. Pityle pomorie’s monastery’s website can only be accessed in Russian and Bulgarian language.
Pomorie Monastery is named after the greatly honoured saint George, he is highy honoured here in Bulgaria as well as in many countries in the orthodox christian world, he is also venerated in some other non-orthodox countries one of which for instance is England.
Some of the monks here in the monastery used to say it’s St. George himself who invited me to the monastery for a blessing since I myself am named after the saint.
Many people from Pomorie and near Burgas’s region and even from afar are gathered to commemorate St. George’s Martyrdom and celebrate the Saint George’s day . It’s the second time I’m in Pomorie’s monastery which by the way is a Male monastery. I’m really happy that such a cloisters still exists in this troubles times in sense of spirituality.
The place is really peaceful and the fact that it’s georgraphically located near the sea makes it a must see destination if you’re visiting Bulgaria or travelling through the country.
The history of the monastery is also very interesting. Currently the brotherhood includes 6 monks. The monastery abbot is a really kind and gentle man and the brothers are united in comparison to the observed dividement between monks walking the way of salvation in spiritual abbeys nowadays.
The main reason people are coming on the feast of st. George is to beg for the prayer intercession of the Saint for us the sinners in front of God, that God has mercy and forgies our trespasses and have mercy on us.
Each eart Saint George takes place here in Bulgaria on Sixth of May (06.05) and is one of the greatest christian as well as secular celebrations in Bulgaria. The 6th of Many is also an official holidays within the country and the official feast of the bulgarian army.
St. George is considered one of the greatest Christian saints in the Orthodox, world and even more venerated in Bulgaria.
It’s a common practice in Bulgaria as well as in Greece that spiritual abbeys or Churches are named after St. George.
What makes St. George even more special for us the fact that the Bulgarian Orthodox Church possesses a whole monastery named after st. George located in Mounth Athos. You can read more about St. George (Zograf) Bulgarian Monastery located in Mount Athos here
St. George’s monastery in Mount Athos is named Zograf after a miraculous icon located in the Monastery which dates back to the 14th century.
St. George Fanuilska miraculous icon Zograf Monastery
Saint George Zograf Miraculous icon owned by Zograf’s Monastery – Holy Mount Athos

The Holy Lord has completed many miracles through the icon of st. George Zograf. Many people received physical or spiritual healing, whilst others has received according to their prayers when they approached the icon as great relic to honour God.An interesting fact is that Pomorie Monastery also possesses a great relic a miraculous icon of st. George

Saint George Pomorie Monastery miraculous icon, relic
a miraculous icon of St. George Pomorie

In the center of Pomorie Monastery is located a Holy Fountain St. George. The wholy history of the monastery is related to the Holy Fountain.
According to bulgarian orthodox church tradition the Monastery was established by a Turkish bey in the 13th or 14th century. In that time the bay got an incurable sickness. He tried everything a man could try to get a relief or a cure. He went to a physician, he tried herbs, he tried going and praying to Allah in the mosque an imam praied over him to beg for Allah’s blessing and healing etc …
But nothing helped. One night the bey had a dream that a holy fountain is springing out of his house yard.
When he awoke from his sleep he went and digged on the same place where the holy spring has emerged. And oh miracle ! A spring emerged. He drinked from the water and got healed from his illness.
In the pit where he digged he found an image of St. George which is currently embedded in one of the walls of the tower of the holy spring in Pomorie’s monastery.
Afterwards the bey according to God’s revelation to establish Pomorie’s Monastery while all his family members accepted monastic life.
The bey has give away all hid possesseions (land, money) etc. to the monastery just established.
In the years since then the monastery has been destroyed once and rebuilt, many people has received a relief or healing while drinking from the Holy Fountain.
This year God has blessed the monstery even more abundantly. The abbot and one of the monks has temporary taken some Saint remains and brough them for pilgrimage in the monastery.
The saint remains are of St. John Chrysostom , St. Gregory the Theologian , st. Gregory Palamas
Some of the other relics which are available for pilgrimage in Pomorie monastery until 10th of May are st. remains of Glinsk elder hermits as well as

Saint Martyr Dasius icon
St. martyr Dasius who was tortured and slained here in Bulgaria for his faith in our Lord and Saviour Jesus Christ.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Christianity | 1 Comment »

Mirroring web site content ignoring the robots.txt prohibition rules with wget on Linux

Tuesday, May 4th, 2010

I wanted to mirror a content of a website which included a robots.txt file with specificdirectories Disallow rules e.g. ,it included some code like for instance:

User-agent: *
Disallow: /privatedir/

Since the restriction on automated downloads on /privatedir/ was at hand I needed toget around the restriction using some command line downloaded like wget .After a quick look online I found the wget FAQ which included a good description on how to ignore the robots rules in robots.txt.
Furthermore I consulted with wget‘s manual because I wanted to mirror only a partfrom the whole website (mirror only a data of a certain directory). Finally I ended with the following wget rule which got me around robots.txt Disallow restrictions:

freebsd# wget -e robots=off --wait 3 --mirror --level 1 --convert-links http://www.domaincom/privatedir/index.html

Issuing the above command mirrored the whole privatedir without any restrains, here is what does the option convert-links does:

–convert-links’ – After the download is complete, convert the links in the document to make them suitable for local viewing.This affects not only the visible hyperlinks, but any part of the document that links to external content, such as embedded images,links to style sheets, hyperlinks to non-HTML content, etc.

Also as you can see from the above command line I’ve used the “–wait 3” because I wanted to be sure that some mod rewrite regular expression rules on the server won’t cut my access to the /privatedir/ directory, because of the rapid file fetch.
The ignore of the robots.txt itself is done via the:
-e robots=off wget parameter.

Tags:
Posted in System Administration, Various | No Comments »

How to fix unbootable Windows with “Windows could not start because the following file is missing” \WINDOWS\SYSTEM32\CONFIG\SYSTEM

Tuesday, May 4th, 2010

The Desktop computer system that my sister is using is running a Windows XP Professional Service Pack 2 (SP2).
The Windows installation is almost 2 years old, however I was really surprised how the damned Microsoft software broke.
Here is how, one day I got really mad at my sister she completely drove me out of myself.
Being affected by her continuous unethical behaviour I decided to return it back to her and logged in with Window’s
administrator account and changed her password.
The Spybot Search and Destroy (S&D) spyware active protection (Tea Timer) warned me that some registry settings will be changed whileI was changing my syster’s Windows password and I accepted the change.Hereafter I restarted the system afterwards and guess what? Windows couldn’t boot anymore!
Let me ask you a question is that unsual for the shitty Windows operating system? NO IT’S ABSOLUTELY NORMAL :)!
That pissed me off a bit so I left the machine with unbootable Windows System for a few weeks ’till today.
The error message which occured during Windows boot time was:

Windows could not start because the following file is missing
or corrupt:
WINDOWSSYSTEM32CONFIGSYSTEM

You can attempt to repair this file by starting Windows Setup
using the original CD-ROM.
Select ‘r’ at the first screen to start repair.

To fix the issue I had to call a friend (Alex) and ask him for a Windows XP SP2 install cd.
We used the Windows System Recovery console to boot up and access the file system. After the Recovery Console loadedwe tried to switch to the C: drive but the hard drive was taking ages scraping through the drive, with thehdd led indicator blinking all the time.
First I suspected something could be wrong with the hard drive on the physical hdd layer. However I instructed Alex,to issue the CHKDSK command to see if that would do any good.

That’s it the good old CHKDSK fixed the file system issues and we rebooted. And hooray such a joy!
Unbelievable the System worked again! Hooray! 🙂

Tags:
Posted in System Administration, Windows | No Comments »

Defending Apache on FreeBSD from Slowloris Denial of Service Attack (DoS) with mod_antiloris

Monday, May 3rd, 2010

Here is a quick way to defend FreeBSD 7.2-RELEASE-p4 system from the Recent Apache Slowloris Denial of Service.

1. Install the mod_antiloris freebsd Port

freebsd# cd /usr/ports/www/mod_antiloris
freebsd# make install clean

2. Edit your /usr/local/etc/httpd.conf

Find the following line in your bsd httpd.conf:

#LoadModule antiloris_module libexec/apache2/mod_antiloris.so

As you can see the LoadModule line loading the mod_antiloris slowloris Denial of Service prevention is commented,so you will have to uncomment it to read as:

freebsd# vim /usr/local/etc/httpd.conf
LoadModule antiloris_module libexec/apache2/mod_antiloris.so

Next we restart the Apache Webserver in order to load the newly enabled module mod_antiloris in Apache.
However before the Apache restart, we check Apache configurations are fine to be sure Apache will re-launch,after restart.

freebsd# /usr/local/etc/rc.d/apache2 configtest
Performing sanity check on apache2 configuration:
Syntax OK

Now as we have assured ourselves Apache httpd.conf syntax is fine we restart the Webserver.
freebsd# /usr/local/etc/rc.d/apache2 restart
Syntax OK
Stopping apache2.
Waiting for PIDS: 60920.
Performing sanity check on apache2 configuration:
Syntax OK
Starting apache2.

Of course all the above simplified install example assumes your port tree is uptodate.
I did the install on my FreeBSD box:
FreeBSD pcfreak 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct 2 12:21:39 UTC 2009 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386

If your ports tree is update the upper install mod_antiloris FreeBSD install guide will be all you need.
Yet if your port tree is not update you might consider updating your port tree before you proceed.

You might like to use my FreeBSD 7.2 stable supfile downloadable from here

To update simply using the my FreeBSD 7.2 supfile then issue the followingcommands:

freebsd# cd /etc/
freebsd# fetch https://www.pc-freak.net/files/stable-supfile-7.2
freebsd# csup -g -L 2 /etc/stable-supfile-7.2

There as you should have the latest stable port tree for FreeBSD 7.2, then just continue step by step from as explained in Step 1. hereinbefore.
I’m convinced the installation on FreeBSD 7, 7.x and FreeBSD 8 and 8.x will be analogous.
So I hope this small article will be helpful to somebody of the FreeBSD novice crowd out there.

If you want to be absolutely sure The Apache is Secured against the Slowloris attack on your FreeBSD box, download the slowloris denial of service attack tool andissue Attack against your Apache Web Server.

perl slowloris.pl -dns yourdomainname.com -port 80 -timeout 1 -num 300 -cache

That’s all folks!

Tags:
Posted in System Administration | 3 Comments »

Adding Multiple Language support and Fixing issues with slovenian symbols on Squirrelmail Web Mail on Linux

Saturday, May 1st, 2010

No doubt Squirrelmail Web Mail is one excellent piece of software you can useon top of Qmail mail server.
However as with every piece of software you face issues every now and then.
The issue that a colleague of mine has encountered at the Company where are work is was caused by a broken character encodingof some of the slovenian letters like the Slovenian “c” and Slovenian “s”.
Besides that I’ve noted that the basic Squirrelmail installation I have previously done, some time ago wasmissing the all languages squirrelmail internationalization pack.

I revealed the missing Squirrelmail internationalzation by going to Squirrel Web mail’s installation directory /var/www/squirrelmail/locales/ and listing the content of the directory.:
The locales directory listing displayed only 4 files README.locales, index.php and timezones.cfg as well as a directory containing the default encoding configured to squirrelmail

The file README.locales explains thoroughly how to install all of the available translation languages to squirrelmail.
If you feel uncertain / informed on what you do I suggest you read The documentation available on Internationalization on Squirrelmail’s website
Anyways here is how for the lazy ones step by step walk through:

debian-server:~# mkdir /root/locales/;
debian-server:~# cd /root/locales/
debian-server:/root/locales# wget http://bit.ly/bKbrid"
debian-server:/root/locales# tar -zxvvf all_locales-1.4.18-20090526.tar.gz

The above commands will download all locales for the 1.4 generation stable release of Squirrelmail.

Note that it’s would be a good idea to download the latest all_locales on squirrelmail’s download webpage .

Now you will have in your /root/locales/ the following directory structure.

all_locales-1.4.18-20090526.tar.gz COPYING.locales images/ locale/ TRANSLATORS
ChangeLog.locales help/ install* ReleaseNotes.locales version

To install all the locales addons to squirrelmail to achieve internationalization of your Web mail you’ll have to invoke the install script which can be seen from the above file list.

debian-server:/root/locales# ./install
Please enter path to your squirrelmail installation: /var/www/squirrelmail/

Above in the prompt urging you to enter a directory enter the location to your squirrelmail installation in my case as shown above it’s /var/www/squirrelmail

That’s all now all necessery files will be merged with your squirrelmail installation directory.

Now you can safely remove the /root/locales squirrelmail internationalization installer files
debian-server:~# rm -rf /root/locales

However there is one more vital step to partake to assure Slovenian Symbols as well as other character encoding written in the UTF-8 standard will appear in your email communcation in squirrel web mail.
You’ll be required to change Squirrelmail’s Default Language
debian-server:/var/www/squirrelmail# ./configure

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

In the above screen Choose: 10. Languages The following screen will Appear.

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Language preferences
1. Default Language : en_US
2. Default Charset : iso-8859-2
3. Enable lossy encoding : false

R Return to Main Menu
C Turn color on
S Save data
Q Quit

Here you’ll need to change the variables: 2. and 3..
There Default Charset variable should be changed to utf-8 as well as the Enable lossy encoding variable should be switched to true.

If you wonder what Enable lossy encoding does please read the Supported Charsets documentation section on Squirrelmail’s website
The description for Lossy Encoding on the above link is:
Lossy Encoding – allows charset conversions when the output charset does not support all symbols used in the original email charset.

Hopefully this will solve your issues with broken Slovenian encoding in Squirrelmail and will add internationalization support in your Squirrel Web Mail.
If use the commend form and inform me about the issues you encounter and I’ll try to help!

Tags:
Posted in System Administration | 14 Comments »

Newer Entries »