Monday, March 19, 2007

Syracuse St. Patrick's Day Photos

Photography

On Saturday, March 17th, I attended the St. Patrick's Day Parade in Syracuse. I was experimenting with the Nikon N70, and I did my best to put it to good use.

You can also view the set of 60 photos as a slideshow.

Consolidation

My apologies for my SAMPP entry; it was way, way too long. I've consolidated it on my web host using the dojo toolkit to make tabs. You can view the amended version at theconfluence.org/projects/sampp .

Thursday, March 8, 2007

Compiled SAMPP build instructions

I was recently asked to do create and document a containerless configuration of a Solaris 10 web server with Apache 2.2.4, MySQL 5.0.33, PHP 5.2.1, and Perl 5.8.7. Apache, MySQL, and PHP have complete compilation instructions. I will include the necessary configuration files (Apache in particular; built from scratch) or modification instructions.

Notes:

  1. This instructions assume that Solaris 10 is already installed and configured.
  2. These instructions assume you're root.
  3. Apache includes a self-signed SSL certificate, user directories, mod_perl, authnz-ldap, server-status and daily log rotation.
  4. I was requested to consolidate everything web related into /web for ease of administration and backup.
  5. This is not a fully optimized build, as there is no universal configuration that will work equally well for everyone. Therefore, read the manual and tweak where necessary (especially Apache).
  6. Additional Applications
    1. AWStats 6.6 with automatic log analysis
    2. phpMyAdmin 2.9.2 for MySQL administration

These instructions are culled and edited from my notes. Please let me know if I got something out of order or left something out.

Notes

LDAP .htaccess files (you'll have to tweak the LDAP URL for your environment)

AuthName "Password"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://ldap:389/ou=people?uid
AuthzLDAPAuthoritative off 
require ldap-user "username"

Link

theconfluence.org - Compiled SAMPP build instructions

Wednesday, March 7, 2007

Jon's best practices for servers

This is a consolidation of general best practices for servers I've learned and developed over the years. Feel free to share some of your own as well!

  1. Never use telnet or ftp - use ssh or sftp instead.
  2. Never use HTTP with anything that could compromise the integrity of your system.
  3. Never login as root.
  4. If you install it, keep it up to date.
  5. If you don't use it, remove it.
  6. Always check the changelog before updating.

Host Naming Conventions

There are different philosophies for hostname conventions. In my experience, using a common theme and context adds logic to a potentially complicated network.

At home, I use spells from old Infocom interactive fiction games as my naming convention. While it may seem silly, my home network is small enough that I can remember the purpose of machines, and I've got a large corpus of potential names. I've also seen others use names of characters from television, movies or books. Use your imagination!

At work or in a shared environment, I use more descriptive names, such as web-dev-01 for a development web server. Security through obscurity causes more headaches than it's worth as it makes it more difficult for others to understand the layout, and the illusion of security that comes from giving a machine a wacky name will not protect you from malicious users.

Either way, once you've developed a schema, stick with it; mixing naming conventions just makes things more difficult.