Auditors who ask IT people stupid questions

By | AGIX Discussion, All Linux HowTo's | No Comments

riskHonestly, the next time i am on the receiving end of an IT audit and am asked if the workstations have antivirus installed, i’ll go crazy! It’s like all auditors who aren’t “real auditors” simply go through the same old questions and fail to ask the questions that matter. I get asked “do you have antivirus installed, do you have password strength policies, are staff required to change passwords, do you take regular backups and who has access to the server room?”. None of which focus on the businesses risks.

read more

Share This:

Do this every time you log into a Linux server

By | All Linux HowTo's | No Comments

This is a list of things i do every time i log into a Linux server. It’s habit now and something you might consider doing too. Essentially we want to know who’s on the server, what the server state is and how different it is to normal.

Check who’s on the server

Check who else is on the server is the “w” command. You can then broadcast a message to those other technicians to let them know they have company.

[agixuser2@www.example.com ~]$ w
 12:21:18 up 402 days, 23:34,  4 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
agixuser1 pts/6    192.168.1.2  03:38    8:19m  0.28s  0.45s sshd: agixuser1 [priv]
agixuser2 pts/7    192.1678.1.6  12:21    0.00s  0.13s  0.09s w

You can see from the above that we have two users on that server including myself.

Say hi to the other logged-in technicians

I will let all other users (in this case just agixuser1) know i am here.

[agixuser2@www.example.com ~]$ wall "I'm glad to see you working on the weekend."

Check the servers uptime

Check how long the server has been up and what the load averages are:

[agixuser2@www.example.com ~]$ uptime
 12:36:31 up 402 days, 23:49,  2 users,  load average: 0.00, 0.00, 0.00

read more

Share This:

Rsync and the “Argument list too long” problem

By | All Linux HowTo's | No Comments

If you try to rsync a subset of many files from a single directory, you might get the error “Argument list too long”. Actually, you can get this error with many bash commands. This article explains how to work around it.

read more

Share This:

Inbound and Outbound SMTP Design for No Spam

By | AGIX Discussion, All Linux HowTo's, Security HowTo's | No Comments

smtp
Spam starts and ends with us technicians. It’s our servers that get compromised and it’s our servers that receive it at the other end. With this in mind, we need to ensure only “good” email is going out to the Internet and only “good” email coming in from the Internet.

Let’s deal with the outbound email solution first. Then we’ll look at inbound email. Outbound email has this configuration: a) Email leaving the business must originate from ‘only’ the internal email server and this should be enforced in the network firewall’s ACL configuration. b) Subscribe to an SMTP relay such as Amazon’s SES service and configure your internal email server to that service as the relay (smart host). These SaaS’s don’t get labeled as spammers and they’ll let you know pretty quickly if you have spam originating from your network. Again, use your firewall’s ACL configuration to enforce this policy. c) Check your internal email server’s logs and ensure that everything is working as you’d expect. A final note on this is to test this configuration before moving into production.

read more

Share This:

Varnish, Apache and NginX – Side by Side

By | All Linux HowTo's | No Comments

This article explains how Varnish, Apache and NginX fit together and/or differ. Varnish is an excellent cache and speeds up web-sites significantly. Terminate the HTTP connection at Varnish on port 80 and point Varnish internally to an NginX server listening for HTTP on port 81 (they can’t both be on port 80). The NginX server terminates the HTTPS connection on port 443. With this configuration you can have high-speed and secure content from a single server combining the great features of both Varnish and NginX. Don’t think we’ve forgotten Apache. Apache and NginX essentially serve the same purpose. Read on to find out how this all works.

read more

Share This:

New Moodle Hosting with High Availability – Free for now

By | AGIX Discussion | No Comments

enterprise-lms-moodle-hostingAGIX is proud to be part of a very exciting project to build the Rolls-Royce or Moodle hosting services. The business is called Enterprise LMS (www.enterpriselms.com) and AGIX has been working with the eLMS team to get the new platform up and running and ready for use.

Right now the service is fully functional and being tested by e-learning organisations. If you’re interested in moving to a new Moodle host, consider Enterprise LMS. They aren’t charging for hosting yet so all “instances” (Moodles) are free until the charging system is turned on. The pricing model is highly competitive and the infrastructure accommodates small and large Moodles.

read more

Share This:

Create a Samba3 simple printer server

By | All Linux HowTo's | No Comments

In this article we’re adding a Samba 3 server to a Workgroup and configuring the Samba server to serve a printer. This article includes CUPS but not Printer Drivers. I’ve made some comments at the end of this article which are worth your time to read if you need direction in that area. Otherwise this article is the Samba and CUPS components only.

The “/etc/samba/smb.conf” file looks like this:

[global]
  # Give your new printer server a nice name.
  netbios name = PrinterServer
  workgroup = WORKGROUP
  security = share
  encrypt passwords = yes 
  # Is there already a WINS server on this network? If so, point to it here.
  wins server = 192.168.1.1
  wins proxy = yes 

[print$]
  path = /var/samba/drivers/
  comment = Printer drivers
  writeable = yes 

Create the printer driver directory:

mkdir /var/samba/drivers/ -p

Configure CUPS by populating the “/etc/cups/cupsd.conf” file with the following:

LogLevel debug
SystemGroup lpadmin
Port 631
Listen /var/run/cups/cups.sock
Browsing On
BrowseOrder allow,deny
BrowseAddress @LOCAL

<Location />
  Allow localhost
  Allow 192.168.*.*
  Order allow,deny
  Allow all
</Location>

<Location /admin>
  Allow 192.168.*.*
  Encryption Required
  Order allow,deny
  Allow all
</Location>
    
<Location /admin/conf>
  Allow 192.168.*.*
  Order allow,deny
  Allow all
</Location>

read more

Share This:

WordPress Multisite example for SysAdmins

By | All Linux HowTo's | No Comments

If you’re a system administrator and you’ve been asked to create a WordPress Multisite, you’re in the right place. You simply need to add the following line to the “wp-cofig.php” file right above the “/* That’s all, stop editing! Happy blogging. */” line.

define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'blog.example.com');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);

And then change your “.htaccess” file in the document root to have the following:

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

read more

Share This:

Scanners remember everything

By | Security HowTo's | No Comments

As part of your IT Security policy, you should consider that modern scanners (possibly part of a multi function device) have hard disks which store scanned documents. These hard disks would allow others who acquire your discarded scanner to view your scanned documents.

My suggestion is to remove the hard disk from anything you decommission and either destroy it (the disk) or place it in a safe location for later use.

Share This:

Changing the speed and duplex of Ethernet

By | All Linux HowTo's | No Comments

This article shows how to set and change the speed and duplexing of an Ethernet device. You can see more examples at “http://www.cyberciti.biz/faq/linux-change-the-speed-and-duplex-settings-of-an-ethernet-card/”.

read more

Share This:

Share This:

Contact AGIX Support

Level 12, 101 Grenfell Street
Adelaide, South Australia
Phone: (08) 7324 4429
or 0422 927 598
support@agix.com.au