Gentoo Hardened [Mostly] Ready for Servers

 Linux Guides  Comments Off
Sep 192010
 

Introduction

I’ve been using the minimal “server” profile on my Gentoo servers for a few years now (Ever since I first found out that hardened didn’t support the glibc version that the stage tarballs used).  This profile has been excellent for the minimal needs of a headless server but it constantly reminded me that I should be using hardened; so, I finally decided to take the plunge and moved all my Gentoo servers to the hardened profile. The migration was mostly painless (with the errors being my own fault as usual).

Migration Process

The process for migrating to hardened is actually well documented and very simple (I’m simply summarizing the Official Documentation).

  1. Switch to a hardened profile
  2. Install `hardened-sources` following the directives for PAX in the Documentation
  3. Reboot the machine
  4. Rebuild tool chain (gcc, glibc, binutils)
  5. Rebuild world
  6. Reboot the machine

That’s all there is to it. Once the reboot finalizes all processes should be working without an issue. Although, because you have now increased security you can expect some more strange bugs to work their way into your software: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2092.

Conclusion

Although strange things may be afoot I would still recommend making the plunge from a server profile to a true hardened profile. The stability far outweighs the issues that are to be encountered but be wary if something begins misbehaving in an unidentifiable manner.

 Posted by Alex Brandt at 3:38 PM  Tagged with: , , , ,

Deliver and Forward with Postfix

 Linux Guides  1 Response »
Sep 152010
 

Introduction

At times it would not only be nice but it is also necessary to have the ability to locally deliver mail for a domain as well as forward that mail to another domain (migrations, mail as a service, etc). How does one go about configuring postfix in such a way that it is able to accomplish this seemingly simple feat?

BCC to the Rescue

In this particular case, we are going to take advantage of the `recipient_bcc_maps` parameter. By setting this to a regexp lookup table:

recipient_bcc_map = regexp:

After this is in place it’s simply a matter of adding lines similar to the following to the map to forward mails:

/(.*)@example.com/ ${1}@other.example.com

Conclusion

Setting up a deliver and forward configuration on postfix is a breeze and simply requires a little thought about the mail delivery process.

References

  1. Auto BBC
 Posted by Alex Brandt at 2:03 PM  Tagged with: , , , ,

What is Load Average?

 Linux Guides  2 Responses »
Sep 092010
 

Introduction

Often in administration people make reference to a magic number known as load average but it’s not always clear what this number means (besides being a magical indicator of whether or not the server is going to barf in a terrible fashion soon). This number doesn’t have a whole lot of detail in and of itself (it’s meant to be a quick-glance overall health check afterall).

What is it already?

The load average is an exponentially damped/weighted moving average that is similar to a running n^2 average. This number is calculated not on every clock tick but in accordance with the jiffies the kernel is tracking. Every time slice (which can although shouldn’t be tweaked in the kernel) the average is calculated based on the previous values. This rolling average allows us to keep a minimal amount of information on hand and still have an average since boot.

The load that gets placed into this average algorithm is simply a count of the number of processes in the run queue at that instant. Thus, since processes who are waiting on I/O (those in the D state) need to periodically check in or wait to be woken up by the kernel; these processes can contribute to the count of processes in the run queue. Since these processes aren’t taking CPU time but are taking space in the run queue they can increase the apparent load on the server (thus bringing in the I/O wait of the system into the load average) without raising the CPU usage time.

Conclusion

The load average doesn’t tell you a whole lot of information but coupled with information from `iostat` or your CPU usage you can quickly use it to gauge whether your server is falling over itself or not. Since it reports the number of processes in the run queue it is safe to assume a reasonably efficient use of hardware would dictate you want n+1 as your load average where n is the number of cores in the system.

References

More information (including source code for this calculation) can be found here: http://en.wikipedia.org/wiki/Load_%28computing%29

An excellent reference on how the Linux process life cycle works is Robert Love’s Linux Kernel Development (which recently had a third edition released).

Another reference on the Linux process life cycle is http://wiki.kldp.org/wiki.php/ProcessManagement

 Posted by Alex Brandt at 10:05 AM  Tagged with: , , ,

MySQL SELECT Statement Explanation

 Linux Guides  Comments Off
Aug 132010
 

Introduction

SQL SELECT statements have the following form:

SELECT COLUMNS
FROM TABLES
[WHERE CONDITIONS]
[GROUP BY COLUMNS
[HAVING CONDITIONS]
]
[ORDER BY COLUMNS ASC|DESC]

The way SQL processes these directives is slightly different:

FROM TABLES
[WHERE CONDITIONS]
[GROUP BY COLUMNS
[HAVING CONDITIONS]
]
[ORDER BY COLUMNS ASC|DESC]
SELECT COLUMNS

FROM Clause

FROM TABLE [AS ALIAS] .. TABLE [AS ALIAS]

This lets SQL know which tables are being used for the query and any aliases they might be referenced as in the query. The aliases are only _necessary_ when an inner join is performed.

Examples

  • FROM table1, table2
  • FROM table1 as t1, table2 as t2
  • FROM table1 as t1a, table1 as t1b

This last example is a join and requires the aliases.

WHERE Clause

WHERE CONDITIONS

This lets SQL know which rows should be selected from the table based on the conditions passed. The conditions can also be combined with the logical `or` and `and` operators (Which should be properly parenthesized to demonstrate priority).

The following operators can act on columns in a where clause:

* =
* <> (also !=)
* >
* <
* >=
* <=
* BETWEEN
* LIKE
* IN

Examples

  • WHERE t1.c1 = “string”
  • WHERE t1.c1 = t2.c1 and t1.c2 <> t2.c2
  • WHERE t1.c1 = t2.c1 and (t1.c2 <> t2.c2 or t1.c3 <> t2.c3)
  • WHERE t1.c1 in (value set)

This last example demonstrates using either an explicit set or a subquery where the subquery returns a list of values that filter this main query.

GROUP BY Clause

GROUP BY COLUMNS

This lets SQL know to group the table for aggregate filtering operations. For example if you need to sort based on the max sales of your sales people you could group by your sales members’ identifiers and then use a HAVING clause to filter based on their max(sales_amount). This clause is only really useful when a HAVING clause is useful.

Multiple GROUP BY columns just restricts the groupings to be tighter and tighter. For example, if you have three columns t1, t2, and t3 and you use a GROUP by t1, t2 you will end up with the following groupings:

——————————————————————————-
t1 and t2 are all the same in this group; t3 varies
——————————————————————————-
t1 and t2 are all the same in this group; t3 varies
——————————————————————————-

Examples

  • GROUP BY c1, c2
  • GROUP BY c1

HAVING Clause

HAVING CONDITIONS

This is very similar to the WHERE clause and the logical operators `and` and `or` can be used as in the WHERE clause. The difference here is that typically you’ll be filtering based on an aggregate operation on an ungrouped column to filter out groups.

Examples

  • HAVING max(t3) > n
  • HAVING average(t3) between x and y

ORDER BY Clause

ORDER BY COLUMNS ASC|DESC

This lets SQL know you want to sort the specified columns ascending or descending. The sorting will be applied to the columns in the order that they are specified. Thus it works similar to the way groups work it makes groups out of the first specification and then the second and so on. Performing the new operation only within the context of the previous. Thus the following data would be sorted as shown:

Before Sorting:

—————-
| c1 | c2 | c3 |
—————-
| aa | aa | aa |
| bb | bb | bb |
| aa | dd | ee |
| cc | cc | cc |
| aa | bb | cc |
—————-

After Sorting (ORDER BY c1, c2, c3):

—————-
| c1 | c2 | c3 |
—————-
| aa | aa | aa |
| aa | bb | cc |
| aa | dd | ee |
| bb | bb | bb |
| cc | cc | cc |
—————-

Examples

  • ORDER BY c1
  • ORDER BY c1, c2, c3

SELECT Clause

SELECT COLUMNS

This lets SQL know which columns (or what projection) of the table to actually display. One can also specify aggregate functions here to perform functions such as counting, averaging, etc.

Examples

  • SELECT col1, col2
  • SELECT col1, t1.col2
  • SELECT COUNT(col1)

Conclusion

Remember that SQL SELECT statements are not processed in the order that they are parsed. This will simplify the query building process to think of it as operations on a set of data (since that is what it is). The steps are as follows:

  1. Select the set to act on.
  2. Filter out elements from the set.
  3. Group the remaining elements.
  4. Filter out groups of elements.
  5. Sort the elements.
  6. Get the projection of the elements’ attributes.

All of this somehow translates to the SQL SELECT statement syntax we started this discussion with:

SELECT COLUMNS
FROM TABLES
[WHERE CONDITIONS]
[GROUP BY COLUMNS
[HAVING CONDITIONS]
]
[ORDER BY COLUMNS ASC|DESC]

References

 Posted by Alex Brandt at 12:25 PM  Tagged with:

Gearman-0.14 on CentOS 5.5

 Linux Guides  Comments Off
Aug 082010
 

Introduction

I was recently tasked with working on getting PHP 5.3 installed with Gearman on CentOS 5.5. I’ve learned quite a few of the pains of working with RPMs and have reminded myself why I don’t work with RHEL on a regular basis (for personal items anyway). I have had some success in getting everything working correctly and the following is the quick easy way to get this done on an x86_64 CentOS 5.5 install (although other RHELs should work as well).

Upgrade PHP

First, we need to upgrade PHP from the IUS Community Repository. Once you have the epel and ius repositories installed and working you simply:

yum remove php
yum install php53

If the second yum command complains simply remove all php packages listed form `rpm -qa | grep ^php’ and install the php53 equivalents.

Install Gearman

I recompiled the Fedora source RPMs (with a slightly modified spec file) to get Gearman to play nicely with the CentOS 5.5 environment. These RPMs are available in my repository. Simply install these RPMs (letting me know if there are any issues with them) and you should be ready to install the PHP Gearman Interface.

Install php-gearman

This is the easiest part once you have the requirements fulfilled. Simply `pear install channel://pecl.php.net/gearman-0.7.0` and you’re finished.

Conclusion

If you must use RHEL this guide should help you get gearman running with PHP in a snap.

 Posted by Alex Brandt at 1:49 PM  Tagged with: , , , , , , , , ,
 Older Entries  Newer Entries
© 2011 Alunduil's Hosting Suffusion theme by Sayontan Sinha