I compiled an OpenVPN RPM package for FC6, from the current release 2.0.9 dated 2006.10.06. Fedora Core Linux’s extras Repository does have OpenVPN package. However, it is more of a cutting-edge 2.1.0.17.rc2. Appended below is information from ‘yum info openvpn’ on a up-to-date FC6 box.
Name : openvpn
Arch : i386
Version: 2.1
Release: 0.17.rc2.fc6
Size : 355 k
Repo : extras
Summary: A full-featured SSL VPN solution Read the rest of this entry »
In my previous post, I theorized that tzdata RPM from FC1 (Fedora Core 1) updates repository would be useful to prepare old Linux systems such as RHL 9 (redhat Linux 9) or older, without having to upgrade glibc and glibc-common packages. It turned out that the original RHL 9 release had /usr/share/zoneinfo as part of glibc rpm package. It remains to be the case unless glibc rpm is upgraded to version 2.3.2-64 (Mon Jul 28 2003) or newer. Therefore, the glibc actually does need to be upgraded to at least 2.3.2-64, to take advantage of the steps to prepare older Linux systems for 2007 DST changes using an updated tzdata rpm as discussed in an earlier post. Read the rest of this entry »
I thought tzdata RPM package alone should prepare RHEL/RHL/CentOS/Fedora Core linux systems for the coming 2007 DST changes. Well, it was not entirely true. It turns out many applications use a file called ‘/etc/localtime’, which is not part of tzdata, but of glibc RPM package.
As discussed in my earlier articles on how to secure wordpress server and other LAMP application servers (part I, part II), it is imperative to protect the big ‘L’ in the LAMP, the Linux host server itself. One main step is to restrict and secure access to the server. On a Linux server, OpenSSH (sometimes in couple with a VPN solution) is the most commonly vetted choice. It should be used in lieu of telnet and FTP.
The OpenSSH that comes with mainstream Linux distributions may not be as tailored as you want to afford maximum security you desired. This should not be much of a surprise, since any pre-packaged software needs to reach broader audience and wider range of use cases, plus the packager may not share the same information security principles as you and may assess the risks differently. Read the rest of this entry »
In part I of this article, we discussed how to secure wordpress server by applying PHP secure configurations such as to switch on safe_mode, and to switch off expose_php, enable_dl, and allow_url_fopen. This time we’ll cover more secure PHP configurations. Read the rest of this entry »
