Walking in Light With Christ - hip0's personal blog on System Administration, Free Software, Computer Security and Religion

1. Install apache2 on your Debian Lenny

server# apt-get install apache2


2. Install openssl and it's corequirements

server# apt-get install openssl ssl-cert


In case if you need php support as well on your Lenny:
server# apt-get install libapache2-mod-php5


3. Generate Self Signed SSL certificate

server# openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

You might consider changing the /etc/apache2/apache.pem to whatever you like your ssl certificate file to be called.
Now you must ensure yourself that the newly generated ssl certificate has proper permissions issue the command.

server# chmod 600 /etc/apache2/apache.pem
The default behaviour of the Apache server is to server unencrypted HTTP traffic on port 80, however in our case we need to enable SSL connections and therefore configure apache to serve and listen for traffic on port 443.

Therefore, we need to have Listen 443 in our /etc/apache2/ports.conf another thing we should do is to enable the ssl module with command:

server# a2enmod ssl


That should be it, now we have to restart the Apache webserver:

server# /etc/init.d/apache2 restart


To enable SSL on virtualhosts it's required to change NameVirtualHost * in /etc/apache2/sites-available/default file
to:
NameVirtualHost *:80
NameVirtualHost *:443


To use SSL encryption on a specific Virtualhost, all you need to do is:
include:

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem


Two days ago, I watched Grave of the Fireflies , a Japanese movie from 1988 which has taken the hearts and minds of dozen of people throughout the years. Yes I have to admit the movie is really increadinble in a sense it deals with Human personages, philosophy, love, hate. It's a good example why we humans should keep peace on earth and not start wars. The whole story is about a boy and a girl (a brother and sister), who live in Japan in the climax of the Second World War. Both the children are under the full legal age and face the "nightmares" and the terrible consequences of the war. Their mother dies and they have to go to live to some relatives (their aunts). However the war tragedy goes on, the bombing doesn't drop. The two children have to leave their aunt, cause she is unwilling to take care for them anymore, since they are not working and not bringing money / food in the house. They leave and find a sort of a tomb where start living on they own. Now the older brother has to provide his little sis with food, nomatter how. He uses all kind of tricks, cheats, thefts etc. to find the needed food to sustain his sister's life. Though the unhuman efforts to keep her alive, his sister gets a disease because of lack of nourishment and dies near the end of the movie. Though she dies, I won't call the movie a tragedy. Yes it's a sad movie but it's also really beautiful and touching. I could classify it amongst my movie list of spiritual movies that are, "a must see" ones.

Below are some valuable advices on Wireless Access Point initial install and configuration to better off your Wireless connection. It's worthy to note that the 2.4 GHz Wi-Fi signal range is divided into a number of smaller bands or "channels," similar to television channels. I decided to run my wireless on channel 12 since this there was no other wireless routers operating on that frequency, though most routers are preconfigured to spread it's signal on channel 6. There is a difference in channels available for setup for 802.11b and 802.11g wireless networks in the United States and the European Union. In the USA the wireless channels available are from (1 to 11) whether in the EU it's in the range of (1-13). Each of the Wireless channels run on a different frequency. The lower the number of the channel is the lowest the radiating frequence band on which data is transmitted . Subsequently, increasing the channel increases the frequency slightly. Therefore the higher the channel you select on your AP the lesser the overlap with other devices running on the same channel and thus the lesser the possibility to overlap and interference. It's quite likely that you experience problems, if you use the default wireless channel which is 6. If that's the case it's recommended to use either channel 1 or channel 11. In case of interference, i.e. overlap with other wireless networks, cellphones etc., there are 2 possible ways to approach the situation. In case of smaller interference, any change in channel on which there is no wireless device running could fix it up. The second way is to cho ose a wireless channel for your router in between 1,6 or 11 in (The USA) or 1,7,13 in Europe. Up to 3 networks can run on the same space with m inimum interference, therefore it would be a wise idea to check the list of wireless routers in your and check if there are others running on t he same frequency. As I mentioned in the beginning of the post I initially started running my wireless on channel 12, however after I discovered it is recommended to run your wireless router either on channel 1 7 or 13 in Europe I switched my D-Link DI-524 wireless router to transmit it's signal on Channel 13. I should testify that after changing the wireless channel, there was quite an improvement in my wireless connection. For instance before I change to Channel 13 (when my wireless internet was still streamed on channel 12) my wireless had constantly issues with disconnects because of low wireless signal. Back then My wireless located phisically in like 35 meters away set in another room, I can see my wireless router hardly connected on like 35%, changing to channel 13 enhanced my connection to the current 60% wireless router availability. It's also an interesting fact that Opened Wireless networks had better network thoroughput, so if you're living in a house with a neighbors a bit distant from your place then you might consider it as a good idea to completely wipe out Wireless Router security encryption and abandon the use of WEP or WPA network encryption. In case if all of the above is not working for you, you might consider take a close look at your Wireless Wireless LAN pc card and see if there are no any kind of bumps there. Another really interesting fact to know is that many people here in Bulgaria tend to configure there Wireless Access Points on channels either 1,6 or 11 which is quite inadequate considering that we're in the EU and we should use a wireless channel between 1, 7 or 13 as prescribed for EU citizens. Another thing not to forget is to place your wireless in a good way and prevent it from interferences with other computer equipment. For example keep the router at least few meters away from PC equipment, printers, scanners, cellphones, microwaves. Also try to put your wireless router on some kind of central place in your home, if you want to have the wireless signal all around your place. At my place I have a microwave in the Kitchen which is sometimes an obstacle for the Wireless signal to flow properly to my notebook, fortunately this kind of interference happens rare (only when the Microwove is used to warm-up food etc.).Upgrading 802.11b wireless card / router to a better one as 802.11g is a wise idea too. 802.11g are said to be like 5 times faster than 802.11b. You can expect 802.11b wireless network to transfer maximum between 2-5 Mbp/s whether 802.11g is claimed to transfer at approximately (12 to 23 Mbp/s). If even though the above prescriptions there is no wireless signal at some remote place at your home, you might consider adding a wireless repeater or change the AP router antenna. By default wireless Routers are designed to be omni-directional (in other terms they broadcast the wireless signal all around the place. Thus is quite unhandy if you intend to use your Wireless net only in certain room or location at your place. If that's the case for you, you might consider upgrading to a hi-gain antenna that will focus the wireless signal to an exact direction. Let me close this article with a small diagram taken from the net which illustrates a good router placement that will enable you to have a wwireless connection all over your place.

I enjoyed watching this two movies. Both are claimed to be movie classics and truly they're. Okay let me give you a short review about this classics.

1. Rear Window is a movie of Alfred Hitchcock. The movie is a story about a guy with a broken leg who is boredto death and as an escape of his boredom starts "spying" on his neighbours through the Window. The guy is an ordinary person with an extraordinary girlfriend and another old lady who is is responsible for his rehabilitation procedures. By accident the guy catch a sight of one of his neighbors acting really weird, putting a saw and a knife in his brief case. The guy used to went out of his home every evening at a certain time. His wife is missing for a couple of days. The guy starts, like an anonymous investigation on the case ... won't tell you more, if interested in the scenario just check out the movie.

2. The second one Chinatown , though a great movie was a rather odd movie. It's closing is far from the normal movie's "good guys win" plot. So let me tell you a few words about the movie. The story progresses around a private investigator who was hired by a woman to perform surveilance on her Husband as she has her doubts he is cheating on her. After a short follow-up the investigator recognizes that the woman's suspicion claimed to be true. The guy has been into an illegitimate affair with a woman. A picture of the love affair appears in the Los Angeles local newspapers and a big scandal arouses. Sooner the investigator is puzzled when he realized that the woman that hired him is actually not the guy's wife. Soon after the public outbreak the guy involved in the affair is find dead near one of the cannals, and it looked like an accident. However this is far from the truth, the investigator suspects the guy is murdered and finds that things the trace about the murder leads to a big conspiracy by a major business person who tries to manipulate the Los Angeles water supply. The movie turns a couple of unexpected turn arounds in the mean time. The killed person's wife happened to have a sister and be a mother of her sister (in other words her father raped her as a child and she bore a child ...). The movie is a mix of psychological drama and a mystery. Just check it out to see it's unexpected ending. Have a nice watching time.

Before we start it might be a good idea to check out apache-mpm-itk's official homepage to get a general idea of what apache mpm-itk is.
So please visit Apache2-mpm-itk's homepage here
Now let's continue with the installation;


1. Install Apache2-mpm-itk

# apt-get install apache2-mpm-itk


2. Configure Apache2-mpm-itk
In order to configure Apache-MPM-ITK we have to do it for each of the configured VirtualHosts, e.g. no global options are required.
There is only one configuration Directive that has to be included in each and every Virtualhost configured in your Apache.
This is the AssignUserId and takes two parameter, (user name and group name), this are the user name and group name that the files on the specified virtualhosts will be executed as.

3. Here is an example on how to configure it for the default Apache virtualhost and the "example" user and group id.
AssignUserId web1_admin web1
\

So for instance edit vim /etc/apache2/sites-available/default and place there;

AssignUserId web1_admin web1


4. Last step is to restart Apache for the new VirtualHost configuration to be preloaded.

# /etc/init.d/apache2 restart

The End :)

My daily duties as a sys admin today included installation and configuration of SuPHP .
SuPHP is an apache dynamic module for executing PHP scripts with the permissions of their owners. It consists basicly of two parts Apache module (mod_suphp) and a setuid root binary (suphp). The suphp module is invoked by the mod_suphp module and instructs Apache to change the user id (uid) of the process executing the PHP script.
SuPHP is not a standard Apache module so it's not 100% tested. Therefore from security point of view it's better not to use SuPHP.
So beware use it at your own risk! You better know what you're doing if you're installing this piece of soft.

The official SuPHP documentation is rather I would say archaic and it's completely out of date. Though according to the official documentation it's noted that suphp module won't work with Apache 2.2.x, it actually works perfectly fine.
I've checked and I couldn't find any tutorials on installing suphp on Debian Lenny therefore I decided to write this tutorial to shed some light on it.
So enough talk let's approach to the installation and configuration of suphp;

1. Install the module itself from the debian package

debian-server# apt-get install libapache2-mod-suphp

Debian will enable the mod_suphp automatically after installation, though this kind of behaviour is pretty stupid, since it won't disable mod_php5 which is enabled by default.

2 Therefore we need to disable mod_php5 from executing to enable suphp.

debian-server# a2dismod php5


3. Enable suphp globally for the Apache
Edit /etc/apache2/apache2.conf and put in the end of the configuration file

# Enable SuPHP
suPHP_Engine on
suPHP_AddHandler application/x-httpd-php


In my case I'm not using Debian's default DocumentRoot website location for both my Apache and my VirtualHosts, therefore I need also to configure
suphp.conf

4. Edit /etc/suphp/suphp.conf and change;

;Path all scripts have to be in
docroot=/var/www/

to let's say:
;Path all scripts have to be in
docroot=/home/


5. Restart your Apache server

debian-server# /etc/init.d/apache2 restart


Now test if mod_suphp is working on your Apache. We will test it through a tiny php script;
Paste the script to let's say suphp.php

uid=33(www-data) gid=33(www-data) groups=33(www-data)


Now if suphp is working you'll see something like:
uid=1002(myuser) gid=1002(myuser) groups=1002(myuser)
instead of the default;
uid=33(www-data) gid=33(www-data) groups=32(www-data)

Now there are a few more drawbacks with SuPHP which I feel obliged to discuss.
On the first place suphp will excecute through php5-cgi and therefore the script execution
should be considered a way slower comparing to the default mod_php5.
I cannot precisely tell how much slower would be php script execution compared to mod_php5 but I
pressume at least 10 to 20% of the usual performance will be gone.
One of the possible ways to speed-up php execution in that case is to use mod_fastcgi.

I'm gonna do a fast walk through on installing and enabling mod_qos on Debian, original article is available in Bulgarian on mpetrov's blog .
So let's go...
1. Install required development files and tools to be able to proper compile:

debian-server# apt-get install apache2-threaded-dev gcc


2. Download the mod_qos latest archive from sourceforge

debian-server# cd /usr/local/src debian-server# wget http://freefr.dl.sourceforge.net/project/mod-qos/mod-qos/9.7/mod_qos-9.8.tar.gz


3. Unarchive (Untar) the mod_qos archive and compile the module

debian-server# tar zxvf mod_qos-9.8.tar.gz
debian-server# cd mod_qos-9.8/apache2/
debian-server# apxs2 -i -c mod_qos.c


You can see from the compile output module is installed to; usr/lib/apache2/modules

4. Now let us create mod_qos configuration files

debian-server# cd /etc/apache2/mods-available/
debian-server# echo "LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so" > qos.load


debian-server# vim /etc/apache2/mods-available/qos.conf

## QoS module Settings
IfModule mod_qos.c
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients              256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose      180
# minimum request/response speed (deny slow clients blocking the server,
# ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate       150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields      30
# QS_LimitRequestBody     102400
/IfModule

5. All left is to load the mod_qos module into Apache and restart the webserver

debian-server# a2enmod qos
debian-server# /etc/init.d/apache2 restart


Congratulations, Now slowloris and many other Apache DoS techniques won't bother you anymore!

I'm building a new subversion repository, after installing it and configuring
it to be accessed via https:// I stumbled upon the error;
Could not open the requested SVN filesystem when accessing one of
the SVN repositories. The problem was caused by incorrect permissions of
the repository, some of the files in the repository had permissions of the system user with which the files were imported.
simply changing the permissions with to make them readable for apache
fixed the issue.

Configuring some Virtualhosts on a Debian server I administrate has led me to
a really shitty problem. The problem itself consisted in that nomatter what
kind of the configured VirtualHosts on the server I try to access the default
one or the first one listed among Virtualhosts gets accessed.
Believe me such an Apache behaviour is a real pain in the ass! I went through
the VirtualHosts configurations many without finding any fault in them,
everything seemed perfectly fine there.
I started doubting something might prevent VirtualHosts to be served by the
Webserver. Therefore to check if VirtualHosts configurations are properly loaded
I used the following command:

debian-server:~# /usr/sbin/apache2ctl -S

Guess what, All was perfectly fine there as well. The command returned, my
webserver configured VirtualHosts as enabled (linked) in:
/etc/apache2/sites-enabled
I took some time to ask in irc.freenode.net #debian channel if somebody has
encountered the same weirdness, but unfortunately noobody could help there.
I thinked over and over the problem and I started experimenting with various
stuff in configurations until I got the problem.

The issue with non-working Virtualhosts in Debian lenny was caused by;
wrong NameVirtualHost *:80 directive
It's really odd because enabling the directive as NameVirtualHost *:80
would report a warning just like there are more than one NameVirtualHost
variable in configuration, on the other hand completely removing it won't
report any warnings during Apache start/restart but same time VirtualHosts
would still be non-working.

So to fix the whole mess-up with VirtualHosts not working I had to modify in;
my /etc/apache2/sites-enabled/000-default as follows;

NameVirtualHost *:80 changes to
NameVirtualHost *

The rest of the Virtualhost stays the same e.g.;

This simple thing eradicated the f*cking issue which tortured me
for almost 3 hours! ghhh

This is annoying error which occurs when you try to start, restart or
check apache configuration.
This error is caused by duplicate NameVirtualHost entries. In my case in Debian.
I had to comment it in /etc/apache2/ports.conf . Apparently,

NameVirtualHost *:80

was mentioned twice in my overall Apache configuration
files.
I should note that this is just a warning so Apache will be working just fine,
even when the error appears on Apache start-up.

I've been installing subversion with WebDAV support on Apache2. After
configuring in the VirtualHost to have support for WebDAV:
I encountered the following error while testing apache configuration:
Unknown DAV provider: svn
In order to fix the problem I had to install libapache2-svn.
Here is how;

apt-get install the libapache2-svn


This fixed the issue.

Here is a quick way step by step instructions on installing Eaccelerator
(the PHP the accelerator & optimizer).

1. Add the following lines to /etc/apt/sources.list:

deb http://debian.mcmillan.net.nz/debian lenny awm
deb-src http://debian.mcmillan.net.nz/debian lenny awm
deb http://debian.schnuckelig.eu/ lenny main contrib non-free


2. Import the repository keys to prevent missing gpg key warnings.

# gpg --keyserver keyring.debian.org --recv-keys 0x8f068012;
# gpg --export --armor 0x8f068012 | apt-key add -
# wget -O - http://debian.schnuckelig.eu/repository-key.gpg | apt-key add -


3. Install the eaccelearor from the debian repository

# apt-get update
# apt-get install php5-eaccelerator


An alternative way for installation is the canonical way from source:

Eventhough installing eaccelerator from this Debian repositories sounds
like a good idea I don't want to risk using unofficial Debian repositories.
Therefore I decided to install it personally that way to prevent some possible
security threats.
Here is once again a step by step installing walk through:

1. Install some packages required for compilation of eAccelerator on
Debian platform.

# apt-get install build-essential php5-dev bzip2


2. Download, compile and install from source eaccelerator as a PHP5 module

cd /usr/local/src
server# wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
server# tar xvfj eaccelerator-0.9.5.3.tar.bz2
server # cd eaccelerator-0.9.5.3
server # phpize
server# ./configure
server # make
server# make install


3. Create eaccelerator disk cache directory

server# mkdir -p /var/cache/eaccelerator
server# chmod 0777 /var/cache/eaccelerator


4. Edit php.ini to enable eaccelerator module in PHP
Put the following after the last line in php.ini

extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/var/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"


Nevertheless, which way to install is used after the eaccelerator
installation is compileted it is necessery to restart apache in order to
load the new php.ini settings in the php module;
So we now, let's check apache for errors in configurations and restart it:

server# apache2ctl -t
Syntax OK
server# /etc/init.d/apache2 restart


Now try your apache with some apache benchmarking tool to check about
performance of php execution in apache.
See for yourself how eacceleator makes PHP script execution a way faster.


Today I've been to Obrotishte's village once again. We went there with Ceco,
Dimi and Rumi some good orthodox christian fellows as well as brothers.
We had a great time, the morning church service was unique. It situated
in the small church entrance where the Church entrance doors leading to the
main body of the church were closed, this was done because the church is really
big sized and is hardly heated. Heating this whole building is quite a loss
of gas, therefore the Hieromonk serving there Hieromonk Father Philip decided,
to have the services in the small entrance during the severe winter. Quite
an intelligent and practical move, since most of the church clergy and laymans,
were mid size aged ladies and gentlemen. The church was really grace filled,
and peaceful. After the nice morning lent opening church service we went to
have a coffee, because the monk has to go for a funeral procession. In the mean
time we went to see the sea-shore near Obrotishte. The panorama there is really
wonderful, laters as soon as I have the pictures may post some views from there.
One of the most impressive part of our whole journey was the visitation to the
local Tekke (Khanqah) . Tekke is a sort of Muslim medieval gathering building
(a sort of monastery) for the so called Sufi's brotherhood. Sufis are a Muslim sect
who had some interesting beliefs, where their beliefs combined slices taken from
both christianity and Islam with some other major eastern religion beliefs.
I've said already few words for the Sufis in one of my previous posts, so for more
info please check there. This Obrotishte Tekke is believed to have buried a Sufists
saint in the center of the Tekke. The Tekke itself is dating from the 16th century
It's believed that this Tekke possesses some healing energy eminating from
the Sufi's saint buried body. There is a small whole with a size graven in the stone
covering the Sufi's saint's body. According to the old tradition if a visitor pushs his
hand in with faith he can get a miraculous healing from sickness.
Nowadays this Sufists holy place is serving as mainly a museum, however there
are some people who also go there as a pilgrims. It's reported by them
that they have received various body healings when they have approached the place with
faith. If you're visiting Bulgaria and you are travelling near Dobrich make sure
you visit this Tekke, I guarantee you'll have a nice experience.
Eventhough I am a Orthodox Christian by faith I should acknowledge I felt peace
on that place. The Tekke was partly ruined during the Russian / Ottoman Empire
Bulgaria's liberation war. Luckily the largest and most important of this ancient Sufi
sanctuary is still intact. We also visited a special place near the Tekke, itself which
was used by the Sufi believers as a sort of ancient kitchen, this place had 7 pillars,
because in both Muslim and Christian, tradition it symbolizes God himself.
Anyways, after we completed the Tekke visitation, we went to the Father Philip's
living place (a tiny apartment). He was quite hospitable as always and we had a nice
dinner with (Banica with potatoes) during the dinner we had a spiritual talk.
After that we moved on to the Church for the night services, the services was awesome
once again right after the church service we took begged each other for forgiveness
(as it's an old orthodox lent starting tradition). Then we the Church present people,
had a nice improvised supper composed of food like:
Cakes, Fish, Fried Potatoes, Cheese, Yellow Cheese etc.
The time was short so we had to head back home and we said goodbye to all the people in
the church and to father Philip and took a route to Dobrich. On our way home, we noticed
a large burning fireplaces with gipsy people gathered all around.
I and Ceco to say hello to the people and take some pictures around the fire.
This large fires is rooted in an ancient bulgarian pagan tradition, where people used
to leap through the fire. This fire leaps according to ancient Bulgarian tradition
is said to guarantee you good health and fortune in the coming year.

Since quite a time I've been enjoying the wonderful arcade game review videos,
made by a psycho who calls himself James Nintendo Nerd .
This guy is reviewing all kind of ancient stuff from Atari, Nintendo, Game Boy,
Sega to the some almost new computer games. His homepage is cinnemassacre.com
He has already produced a dozen of funny parody videos of some of the shittest
and greatest arcade games made ever notable movies like let's say: Friday the 13th
, Nightmares on Elm Street, Back to the Future, Turtles Ninja, Ghostbusters etc.

James Nintendo Nerd has obviously been in deep love with movies direction,
plot writteng etc. He does a really cleverly reviews an old stories in a innovative
and really funny way! Every oldschool hardcore gamer will be completely charmed
by the nice gaming temper this crazy guy has developed. Watching him and his
old arcade games reviews bring backs memories of the great old times when
Video Games were king and enriches my daily sometimes boring life every now and
then. Watching his performances guarantees you a great laugh time.
I'm gonna blog here just a few of my favourite of his videos in youtube.
Hope you'll enjoy them!













You like it I laughted out my internals watching this funny crap!
Check out his website and youtube for more crap from the Nintendo Nerd!

Recently I watched Seven Samurai .
What incited me to watch that old movie from the distant 1954 was a list on
youtube according to which it is placed amongst 100 best movies
. The movie is a really slow one and if you like motion, it'll definitely
break your patience. The first 20 or 30 minutes are the most hardly one to bear,
in this movie time interval almost nothing is happening.
The whole story behind the movie revolves around a villagers in Japan in past
time, which had been robbed by a group of felon samurais (In other words,
there are good and bad Samurais in the movie). The people in the village are
starving since the samurais has stolen all their rice, which is their basic food.
People in the village come to the conclusion they need to hire Samurais to
protect them from the evil doers. But looking for Samurais is a tough job since,
everything the peasents can provide to the Samurais as a wage is a bow of rice
3 times a day.
Consequently Seven Samurais bring together, thanks to an initiator and start
working on various plans on how to protect the village.
One of the Samurai guys is not really but an ex-villiger (quite a funny guy).
After the crop is gathered the bandit samurais come along to plunder the
the crops but this time they're not going to meet just a fragile villagers
as in last years.

Apart from the movie it might be interesting for you to check out the
100 best movies ever made;

Today I start my work as a system administrator for a new IT company.
My first duties include configuration and installation of some usual programs
used in everyday's sys admin job.
In that manner of thoughts I have long ago realized there is a common group of
tools and software I had to install on almost each and every new configured
Debian GNU / Linux running Server.
Here is a list of packages I usually install on new Debian systems,
even though this exact commands are expected to be executed on Debian (5.0) Lenny
I believe they are quite accurate for Debian Testing and Debian Testing/Unstable,
bleeding edge distributions.
Before I show you the apt-get lines with all the packages, I would advice you to install
and use netselect-apt to select the fastest Debian package mirror near you
So to install and use run the following commands;

aptitude install netselect-apt
netselect-apt -n lenny


Now as netselect-apt would have tested for the fastest mirror and created sources.list
file in your current directory, open the sources.list file and decide what should enter your
official /etc/apt/sources.list file or in other words merge the two files as you like.
Good, now as we have a fast mirror to download our packages let's continue further with the
packages to install.
Excecute the following command to install some of the basic tools and packages:

# install some basic required tools, software and header files
debian-server:~# apt-get install tcpdump mc ncurses-dev htop iftop iptraf nmap tcpdump apache2 apachetop \
mysql-server-5.0 phpmyadmin vnstat rsync traceroute tcptrace e2fsprogs hddtemp finger mtr-tiny\
netcat screen imagemagick flex snort mysql-server-5.0 sysstat lm-sensors alien rar unrar util-linux curl \
vim lynx links elinks sudo autoconf gcc build-essential dpkg-dev webalizer awstats ntp ntpdate


Herein I'll explain just a few of the installed package and their install
purpose,as they could be unknown to some of the people out there.

apachetop - monitors apache log file in real time similar to gnu top
iftop - display bandwidth usage on selected interface interactively
vnstat - show inbound & outbound traffic usage on selected network interfaces
e2fsprogs - some general tools for creation of ext2 file systems etc.
hddtemp - Utility to monitor hard drive temperature
mtr-tiny - matt's traceroute great traceroute proggie
netcat - TCP/IP swiss army knife, quite helpful for network maintance tasks
snort - an Intrusion Detecting System
build-essential - installs basic stuff required for most applications compiled from source code
sysstat - generates statistics about server load each and every ten minutes, check man for more
lm-sensors - enables you to track your system hardware sensors information and warn in CPU heatups etc.


I believe the rest of them are no need to be explained, if you're not familiar with them check the manuals.
So far so good but this is not all I had to install, as you probably know most Apache webservers nowadays
are running PHP and are using a dozen of PHP libraries / extensions not originally bundled with PHP install
Therefore here are some more packages related to php to install that would install some more php goodies.

# install some packages required for many php enabled applications
debian-esrver:~# apt-get install php-http php-db php-mail php-net-smtp php-net-socket php-pear php-xml-parser \
php5-curl php5-gd php5-imagick php5-mysql php5-odbc php5-recode php5-sybase php5-xmlrpc php5-dev

As I said that is mostly the basic stuff that is a must have on most of the Debian servers I have
configured this days, of course this is not applicable to all situations, however I hope
this would be of use to somebody out there.

A friend of mine, brought his computer home because his machine needed a repair.
After installing Spybot S&D and checking the machine for SpyWare.
The program found like 26 spyware / adware infections. After fixing them,
I decided to run once again the program just to assure myself that the infections has been properly removed.
After scanning his hard drive a second time with SpyBot S&D, just one infection
was found though I have to admit a really tough one!
The questionable spyware found was called virtumonde.dll
I followed instructions from fixvirtumondedll.com to remove the cursed spyware.

Here are the instructions removing virtumonde.dll in a
"quick" way.

1. Buy or find cracked version of Spyware Doctor and check the system with SpyWare Doctor under Safe Mode
2. Use SuperAntiSpyware


After installing and running SuperAntiSpyware a test on the Windows Vista system,
in Safe mode, the software happily found and removed a dozen of malicious spyware.
However I decided to check the system afterwards with Spyware Doctor
cause I wanted to be certain that all the Spyware on the system is removed.
Once again checking the Fujistu Siemens notebook with Spyware Doctor
it rendered that some more 40 pieces of spyware was left undetected
by SuperAntiSpyware.

3. Download and install VundoFix
In my case VindoFix found nothing.
However removing.

Again I launched SpyBot to check the system for spyware, cause I wanted to be sure all that Virtumonde is removed.
Not so surprisingly the cursed Virtumonde was still there
SpyBot reported to be hiding in a in C:\Windows\System32\KBDLV9.DLL
I endeavoured a manual removal attempt using the
attrib commannd.

This is how I tried to remove all (system, hidden, read only, archive) attributes of the file
cd
attrib -s -h -r -a C:\Windows\System32\KBDLV9.DLL
Anyways all was futile, the file was already loaded by a program so I was not able to touch it
Everything I tried failed.
Since the described automatic procedures failed, I started thinking about manually removing
Virtumonde.dll, though after reading some instructions and realizing it would take me at least
a day I decided to give a try to a tool called SmitFraudFix
Many people reported this small tool fixes definitely the problems with the damned Virtumonde.

It's required that SmitFraud be executed in Safe mode, the program is text based which make
me even more feel at home.
Fortunately at last this program was able to remove the final few last remains from VirtuMonde!
Ghhh What a Windows Nightmare
After removing the security threads lastly with Spyware Doctor, now the
system is perfectly clear.

Imagine what could have happened if Computers were available during
the Second World War.
Now stop imagining and see the video below:

During my professional experience as a system administrator, it was a common misfortune in newly
configured unix servers mod_rewrite not to be serving .htaccess files.
Everytime I had to fix issue in which mod_rewrite was not working I loosed a lot of my precious time
The same story happened once again I had to check why mod_rewrite is not configured correctly and I cannot
apply some redirection rules in Wordpress necessery for me
to exercise some SEO on my wordpress blog .
Therefore this time I decided to blog a step by step check on in order to:

1. Determine if mod_rewrite is installed & loaded correctly in Apache
2. Find out if mod_rewrite is configured to serve .htaccess files correctly
Going through this two scenarios I would be able to determine why I cannot get wordpress SEO optimization
mod_rewrite redirection rules to work as they should.
Okay, so let's go through the two scenarios:

1. Here is a tiny script in PHP to determine if mod_rewrite is installed and loaded in Apache correctly
To use the script save it somewhere in your Domain document root with a .php extension
Here is the code of the script as well:

Array ( [0] => core [1] => mod_so [2] => mod_watchdog [3] => http_core [4] => mod_log_config [5] => mod_logio [6] => mod_version [7] => mod_unixd [8] => mod_access_compat [9] => mod_alias [10] => mod_auth_basic [11] => mod_auth_plain [12] => mod_authn_core [13] => mod_authn_file [14] => mod_authz_core [15] => mod_authz_groupfile [16] => mod_authz_host [17] => mod_authz_user [18] => mod_autoindex [19] => mod_cache [20] => mod_cgi [21] => mod_dav [22] => mod_dav_fs [23] => mod_dav_lock [24] => mod_deflate [25] => mod_dir [26] => mod_env [27] => mod_evasive20 [28] => mod_expires [29] => mod_filter [30] => mod_headers [31] => mod_include [32] => mod_mime [33] => prefork [34] => mod_negotiation [35] => mod_php5 [36] => mod_proxy [37] => mod_proxy_connect [38] => mod_proxy_http [39] => mod_remoteip [40] => mod_reqtimeout [41] => mod_rewrite [42] => mod_setenvif [43] => mod_slotmem_shm [44] => mod_socache_memcache [45] => mod_socache_shmcb [46] => mod_speling [47] => mod_ssl [48] => mod_status [49] => mod_userdir [50] => mod_vhost_alias [51] => mod_xml2enc )

If your mod_rewrite module is configured correctly you'll see it in the php array containing
all your apache loaded modules.

2. Now we continue, further on with another script that has to be installed somewhere in Apache's DocumentRoot
I decided to install it in a directory /test/ so in my case it's installed in pc-freak.net/test/
Here is a link to the script you need to find out if mod_rewrite is configured to serve .htaccess files for your preferred domain name's DocumentRoot.

Now save this file and again make sure it has a .php extension.

Now you need to create an .htaccess file in the directory where you have rewrite.php file stored.
The content of the .htaccess file should be the following:

RewriteEngine On RewriteOptions Inherit RewriteRule ^link([^/]*).html$ rewrite.php?link=$1 [L]

Make sure the permissions of the .htaccess are correct, for example the file should have at least read
permissions for your webserver.
So let's execute:

chmod a+r .htaccess to ensure the newly created file has proper permissions
So let's check if mod_rewrite is enabled for my domain DocumentRoot by visiting:
this link
Hopefully if all is okay you'll see:
Congratulations!! You are using Apache mod_rewrite whenever you press the TEST2 link
on the upmentioned webpage.

In case if you get a 404 error message, then most probably you don't have mod_rewrite configured
to serve .htaccess files for your domain.
This often happens because of missing:
AllowOverride All in your main Directory directives in your webserver configuration file.
In my case I had a problem where mod_rewrite rules were not red from the .htaccess file:
To solve my issue I had to change:
Directory / AllowOverride None Order Deny,Allow Deny from all Directory in my httpd.conf to

Directory / AllowOverride All Order Deny,Allow Deny from all /Directory

So well, That's all Folks!

I've found a nice guide discussing some major common problem with pulseaudio and VLC,
sound and video streaming annoyances.
The guide was available only through fedoraforum.org
and in order to fetch it the user needs account in fedoraforum, that is incredibly annoying.
Originally the guide targetted Fedora and other RedHat based distributions, however most
of the information in the tutorial is pretty accurate on other distributions as well.
For instance I use Debian and almost everything described in the tutor is equivalent;
So, Here is download link to the F11_VLC_and_PulseAudio_Guide.pdf
I hope this mirror of F11_VLC_and_PulseAudio_Guide.pdf
would save some time and nerves needed for registration in fedoraforum.org in order to download the file

We are going to fix the chopping, skipping and stutter of the audio with VLC Media Player that sometimes is experienced.
First, open VLC and go to Tools > Preferences. (CTRL+P for those who cant find it)
Hit the Audio tab and change Output: Type to Pulseaudio audio output;
As shown in the picture below:



Now, change the Show settings option to All and go to Input / Codecs > Access Modules > File ;
Change the caching value to 1500 (there are 1000 milliseconds in a second), 1200 should be okay as well.



You can adjust this a little higher or lower later. As long as it's 1000 or above, it should be fine.

I've encountered a shitty problem while trying to access my phpmyadmin.
Here is the error:

phpMyAdmin - Error "Cannot start session without errors, please check errors given
in your PHP and/or webserver log file and configure your PHP installation properly.

After some time spend in investigation I've figured out something wrong is happening with my
php sessions, therefore I had to spend some time assuring myself php sessions are working correctly.
To achieve that I used a php code taken from the Internet.

Here is a link to the PHP code which checks, if sessions are correctly configured on a server .
Executing the code proove my sessions, are working okay, however still the problem remained.
Everytime I tried accessing phpMyAdmin I was unpleasently suprised by by:


After reconsidering the whole situation I remembered that since some time I'm using varnishd
therefore the problem could have something to do with the varnish-cache.
After checking my default.vcl file and recognizing a problem there I had to remove the following piece
of code from the default.vcl file:

#sub vcl_fetch {
#        if( req.request != "POST" )
#        {
#                unset obj.http.set-cookie;
#        }

#        set obj.ttl = 600s;
#        set obj.prefetch =  -30s;
#        deliver;
#}

Now after restarting varnishd with:

/usr/local/etc/rc.d/varnishd restart

All is back to normal I can login to PhpMyAdmin and everything is fine!
Thanks God.

We were obliged in Arnhem Business School to read the book, The way of the rat: A Survival Guide to Office Politics
I looked for the book everywhere online in Torrents, all kind of download areas etc. and I couldn't find the book
anywhere. I finally surrendered and decided to purchase the book via ebay
It took it a month or so to come to my address, anyways in the meantime I met a friend, who borrowed the book
from a friend and scanned the entire book.
I asked if I can own the copy so he was generous and shared it, so I thought many other students like me
would be looking for the book in a desperate attempt to save some approximately $10 EUR (that's the book costs).

That is why I copied the scanned version of the Way of the Rat to my personal apache web server and decided to
share it here.

Follow the link below to download:
Download here The way of the Rat: A Survival Guide to Office Politics
I have to warn you the scanning quality is terrible, though the text is readable.
Hope the book would be of use to some students out there who are studying business management.

About a week and a half, everytime I do start my epiphany browser a really annoying prompt
occurs. Here is a screenshot of the gnome default keyring to unlock I was required to fill in,
everytime I started epiphany.



I know one possible solution was to completely eradicate gnome-keyring package, however
that is definitely not a wise idea.
To fix this mimor though annoying issue I did the following:

1. Opened gnome-control-center (e.g. pressed alt+f2 and issued the gnome-control-center command)
2. Next find the "Encryption and Keyrings" menu and click on it
3. On the "Encryption and Keyrings" submenu "PGP Passphrases" I had to select
"Always remember passphrases whenever logged in

This is it, the annoying prompt won't bother you anymore!
:)

I wanted to convert an html document character encoding to UTF-8, to achieve that of
course it was first needed to determine what kind of character encoding was used in
creation time of the file.
First thing I tried was:

hipo@noah:~/Desktop/test$ file File-Whole.htm
File-Whole.htm: HTML document text

as you can see that's shit cause for some reason mime encoding is not printed by the file
command.
Next what I tried was:

hipo@noah:~/Desktop/test$ file --mime File-Whole.htm1
File-Whole.htm1: text/html; charset=unknown-8bit



Here you see that character encoding is reported as charset=unknown-8bit which
ain't cool at all and is of no use and prompts an error if I try it in iconv
Here is why I needed concretely to determine what kind of character set my file uses to later
be able to convert it using iconv .
To achieve my goal after consulting with Mr. Google , I found
out about enca -- detect and convert encoding of text files
It's obviously my lucky day because good guys from Debian has packaged enca so, everything came to the point of
apt-getting it.


# apt-get install enca

On FreeBSD enca port is available, so installing it cames simply to installing it from port tree.
Here is how:

pcfreak# cd /usr/ports/converters/enca;
pcfreak# make install clean

Now I tried launching enca directly without any program parameters, but I was unlucky:

hipo@noah:~/Desktop/test$ enca file-Whole.htm
enca: Cannot determine (or understand) your language preferences.
Please use `-L language', or `-L none' if your language is not supported
(only a few multibyte encodings can be recognized then).
Run `enca --list languages' to get a list of supported languages.

I gave it another try, following prescribed usage parameters though I first checked my possibility
as a languages I can pass by to enca's -L parameter.
Preliminary knowing that my text contains text in Bulgarian language, it wasn't such a big deal
for me to determine the required language:

hipo@noah:~/Desktop/test$ enca -L bulgarian File-Whole.htm
transformation format 8 bits; CP1251

Knowing my character set all left for me was to do do the convert to UTF-8 to make text,
much more accessible.

hipo@noah:~/Desktop/test$ iconv --from-code=unknown-8bit --to=UTF-8 File-Whole.htm > File-Whole.htm.new
hipo@noah:~/Desktop/test$ mv File-Whole.htm.new File-Whole.htm

Well here we are conversion mission accomplished

I decided to blog about Sufism , cause I found it really interesting. I first heard about Sufism, as a religious stream as a reference following some readings about Rumi Mevlana after
I've been shown a video about his attained great wisdom by an ex-student
Turkish colleague of mine (Burdji).
Mevlana (or Mowlana) as he is also known is famous for a couple of major things
among Muslims.

1. He used to be a great Persian Poet of his time
2. A great Persian Theologian
3. He was a Major figure in Sufism
5. He was a notable musician of his time
4. His Life inspired the creation of Sufi Dances (Whirling Dervishes).


Here is a nice video with quotes from various Sufi teachers including
Rumi Mevlana himself:



It's interesting that even though from Christian perspective Rumi Mevlana
and Sufism in general is a Heretical teaching it's teachings, are closer
and more closer to Christianity than Islam is.
Happy Watching.

Dear reader, I thought it's a nice idea to link that nice video
It's compiled by some Orthodox Brother with God's mercy.
The scale of Orthodox Christianity is really amazing. Almost 600 000+
people around the world are orthodox christians.
As Orthodoxy claims to be a direct descendant of original christianity,
faith and traditions.
Well Enough talk, Enjoy the wonderful video!

Disabling php execution for a certain virtual domain is incredibly simple:
All you need to do is add:

php_value engine off

That could be anywhere in your VirtualHost directives.
Another possible approach is through enabling .htaccess for a domain, e.g.:

Adding:

AllowOverride All

to your domain of choice.

After which you had to put:

php_flag engine off to htaccess file

Now there you go! php scripts won't execute anymore.

Since a couple of days, I've noticed that client IP addresses are logged twice in my Apache log file
httpd-access.log. That's definetely shit. Here is how I solved the issue:

I modified my:
/usr/local/etc/varnish/default.vcl that after the modification the file looked like:

backend default {
.host = "127.0.0.1";
.port = "8080";
}

sub vcl_recv {
  if (req.url ~ "\.(jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|mp3|mp4|m4a|ogg|mov|avi|wmv)$") {
  lookup;
  }

  if (req.url ~ "\.(css|js)$") {
  lookup;
  }
  }
  sub vcl_fetch {
  if( req.request != "POST" )
  {
  unset obj.http.set-cookie;
  }

  set obj.ttl = 600s;
  set obj.prefetch =  -30s;
  deliver;
  }

Well that's it after restarting varnishd with:
/usr/local/etc/rc.d/varnishd restart
Client ip is now logged only once in Apache's log file, Cheers! :)