This article explains how to get around the problem of remote access to a non-public RDS database within Amazon’s AWS. The problem is that RDS databases can be set to public or private when being created but are not easy to change later due to DNS issues. There are ways
Read moreGet help with Linux, Automation, Cybersecurity and more. AGIX staff have the know-how and experience to help your organisation with best-practices, current technology in various Cloud environments including Amazon AWS. Our technicians support Ubuntu, Redhat, Databases, Firewalls, Ansible and Terraform, Storage and more.
This page shows examples of our work that AGIX shares freely with you. For a fully supported compute environment, contact our team to find out how we can help your organization move forward in the right way.
Contact our friendly team to get started.
Force SSHd to allow keys only, no passwords
This article is an example of a “/etc/ssh/sshd_config” file that forces the use of SSH keys. Password logins are disabled. Root logins are disable too. Tip for testing: You can login as root, apply these settings and then test it with a second session – this won’t kick you off
Read moreGentoo – Failed to emerge sys-devel/automake-1.11.6-r1
Just lately I reinstalled my Gentoo server and when it came to putting Handbrake back on the system Portage began complaining that it was failing to emerge automake version 1.11.6. After checking the system I could see that I already had version 1.15 but that should not be causing the
Read moreLetsencrypt With Apache and CentOS7
Feb 12th, 2018. I’ve updated this document to reflect recent changes to the command used to generate certiciates with Lets Encrypt. This article demonstrates how to add Letsencrypt SSL certificates to a CentOS 7 apache server. Some information for this article was obtained (and simplified) from here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7 This is
Read moreDisable logging for Named/Bind
This article demonstrates how to disable logging for the bind / named service. Why? Because you may not like DNS errors filling up your logs. Unlike most of our articles, this is not focused on CentOS or Redhat. Add the following to the end of you “/etc/named.conf”. This file sometimes
Read moreSimple Rsyslog/MySQL Log Viewer in PHP
I’ve previously documented how to configure Rsyslog to store logs in MySQL which gives a good tutorial on setting up MySQL as the Rsyslog backend and also remote logging to that Rsyslog server. To extend on that, you can easily view and filter the logs using the php web-app below.
Read moreLimiting access by IP to SSH on CentOS7 and RHEL7
This article explains how to use TCPWrappers to control which hosts can connect to a server using SSH. The two files we’ll be using are “/etc/hosts.allow” and “/etc/hosts.deny”. As the names imply, we’re controlling which “hosts” can access the server, not which users. Find out more here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-tcpwrappers-access.html Why not
Read moreSecure Log Remotely to Syslog & Store The Logs in MySQL | Redhat Linux & Centos
This article explains how to create an Rsyslog server that logs to MySQL (MariaDB). We’ve used CentOS 7 for this article. A few tips to save you time: If you’re logging from a remote node to this server, make sure you have proper host names because that’s what ends up in
Read moreClamAV on CentOS7/Redhat7 – Periodic disk scans
This article explains how to install and configure periodic scans with ClamAV on CentOS7 or Redhat (RHEL) 7 servers. Much of this came from “https://ismailyenigul.wordpress.com/2015/01/05/install-clamav-on-centos-7/”. I’ve updated this article with a work-around for the (seemingly common) cron issue. Clamscan doesn’t seem to run from “/etc/cron.d/whatever” but does from “crontab -e”. Install
Read moreRestricting access to Apache with htaccess
The .htaccess file can restrict access to web browsers to specific things. I’ve written about this (on this blog) previously. However, here i talk about file types. The snippets below are (or can be) the entire contents of the .htaccess file. Prevent access to bash files that shouldn’t be in
Read more