Search Results

Search found 6690 results on 268 pages for 'worst practices'.

Page 192/268 | < Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >

Managing Apache to Compensate for WebDAV's Security Masking

- by Tohuw

When a user creates a file via WebDAV, the default behavior is that the file is owned by the user and group running the Apache process, with a umask of 022. Unfortunately, this makes it impossible for unprivileged users to write to the files by other means without being a member of the group Apache runs under (which strikes me as a particularly bad idea). My current solution is to set umask 000 in Apache's envvars and remove all world permissions from the webdav parent directory for the user. So, if the WebDAV share is /home/foo/www, then /home/foo/www is owned by www-data:foo with permissions of 770. This keeps other unprivileged users out, more or less, but it's hokey at best and a security disaster awaiting at worst. From my research and poking around at mod_dav and Apache, I cannot find a reasonable solution short of a cron job flipping all the permissions back (I'd rather not have the load and increased complexity on the server). SuExec won't work, either, because WebDAV operations are not going to execute as a different user. Any thoughts on this? Thank you.

Read the article
Canonical Redirect on Dynamic Mass Virtual Hosts on Apache

- by Josh

I have a Web app on Apache that allows users to point their domain to the server. Right now I'm using Apache's dynamic mass virtual hosts with an entry VirtualDocumentRoot /www/hosts/%0/docs So with www.companydomain.com it points to /www/hosts/www.companydomain.com/docs The problem is when the user goes to companydomain.com it will point to /www/hosts/companydomain.com/docs Is there an easy way to automatically have Apache check to see if a directory exists for the virtual host, and if not, look for the host name with "www." in front of it? Other subdomains are fine (i.e. abc.domain.com should point to a diff. directory than def.domain.com) but the whole "www" issue is a mystery to me. I am using dynamic mass virtual hosts so the server does not have to restart after each registration for the application. If there is a different way that is fine as long as apache isn't restarted each time. How can I accomplish this? Worst case scenario if there were a way to redirect to a "default" location on the server if not found I could always do a check via PHP or something but I feel like that is a bit hacked together and there has to be a more efficient way. Thanks in advance!

Read the article
How to configure TFTPD32 to ignore non PXE DHCP requests?

- by Ingmar Hupp

I want to give our Windows guy a way of easily PXE booting machines for deployment by plugging his laptop into one of our site networks. I've set up a TFTPD32 configuration which does just that, and our normal DHCP server ignores the PXE DHCP requests due to them having some magic flag, so this part works as desired. However I'm not sure how to configure TFTPD32 to only respond to PXE DHCP requests (the ones with the magic flag) and ignore all normal DHCP requests (so that the production machines don't get a non-routed address from the PXE server). How do I configured TFTPD32 to ignore these non-PXE DHCP requests? Or if it can't, is there another equally easy to use piece of software that he can run on his Windows laptop? Since the TFTPD part is working fine, a DHCP server with the ability to serve PXE only would do. Worst case I'll have to set up a virtual machine with all this, but I'd much prefer a small, simple solution. I'm not interested in solutions that involve using the existing DHCP servers or separating machines on the network for deployment, the whole point is to be simple and stand-alone.

Read the article
Engineers are using explosives to remove hard rock outside our office building. What countermeasures should we take?

- by Karrax

Our building is located approx. 100 meters from the explosive charges. They happen several times per day, and really shake the entire building a lot. This is going to go on for many days and the blasts are supposed to get stronger. Our server rooms are nothing fancy; one of them has all the racks on hard concrete while the other one has a raised floor (the one which allows the cables to go beneath it). Does anyone have any tips, countermeasures or best practices for us? Currently we are thinking of the following countermeasures: Daily report of the server rooms status lights (HD lights, power supplies and so on). Nightly check disk scan on the most important servers Order in extra supply of spare harddrives Edit: Many good answers here! However one needs to be accepted. The highest voted answer at the time of this edit will get their answer accepted.

Read the article
how do i set index priorty on nginx in order to load index.html before wordpress' .php files

- by orbitalshocK

hello there, gents. I'm an absolute beginner in linux, the CLI, as well as nginx and wordpress. i'm trying to make a 'coming soon' landing page that will take priority over the main wordpress installation i just set up. I want to make .html load before php, or get information on the Best Practices approach to this. I just now realized i could easily use the wordpress' generic "under construction" page and modify it. I'm sure it has one; i'm sure there's a plugin. Stats linode 1024 ubuntu 12.04 nginx 1.6.1 single wordpress installation (for now) set up using easyengine, but going to restart and configure nginx for my linode specifically probably. I managed to find one piece of instruction on how to change the httpd file to specify priority for apache 2, but did not find the same documentation for nginx. If it's not on the first page of google, then serverfault needs the question answered! Viva la Server Fault first page results!

Read the article
Migrating Roaming Profiles from one drive to another

- by Jared

As the title suggests, how can I migrate roaming profiles located in one drive (starting to fill up already) to another? Current share is like this "SVR1\Shares\UserProfiles\%username%\ But of course, this is located in C:/Shares/UserProfiles/%username%/ What do I need to do? Do I simply copy/paste into the bigger(RAID1) drive and then repoint all the profile paths (using AD Users&Computers profile properties)? What if I can point this to a different file server all together? Best practices? tips? anything you guys can suggest. Thanks!

Read the article
Disabling Skype automatic update

- by user13267

How to stop skype from searching or at least downloading update without consent? I want that annoying "Update skype now" dialog box that keeps popping up before I log in to Skype and after I log in to Skype from appearing at all. Few months ago this used to work: 1) C:\Users\”YourName”\AppData\Local\Temp folder. 2) Find the file called SkypeSetup.exe, and delete it. 3) Create a text file in the folder, rename it to SkypeSetup.exe 4) Right click on the new file you just created and ask for properties. 5) Next left click the security tab then left click the advanced button. 6) Now left click “Change Permissions” and then “Add”. Enter “Everyone” (without the quotes) where it sez’, “Enter the object name to select (examples):” and click “OK”. 7) Now check the “Deny” box for “Full control” and click “OK”. obtained from HERE, but now it seems this has stopped working. The worst part is Skype seems to download ~30MB of executable setup file without my knowledge before bugging me with the dialog box to update it, and there seems to be no direct way to disable this download. And disabling the skype updater service does not seem to work either. Is there any kind of patch or registry hack I can use to stop skype from auto updating? Or should I start looking for an alternative to Skype altogether?

Read the article
How to prevent blocking http auth popups on firefox restart with many tabs open

- by Glen S. Dalton

I am using the latest firefox with tab mix plus and tabgoups manager. I have maybe 50 or 100 tabs oben in different tab groups. When I shutdown firefox and start it again all tabs and tab groups are perfectly rebuilt. But I have also many pages open that are behind a standard http auth, and these pages all request their usernames and passwords. So during startup firefox pops up all these pages' http auth windows. And they block everything else in firefox, they are like modal windows. (I am involved in website development and the beta versions are behind apache http auth.) I have to click many times the OK button in the popups, before I can do anything. All the usernames and passwords are already filled in. (And the firefox taskbar entry blinks and the firefox window heading also blinks, and focus switches back and foth, which also annoys me. And sometimes the popups do not react to my clicks, because firefox is maybe just switching focus somewhere else. This is the worst.) I want a plugin or some way to skip those popups. There are some plugins I tried some time ago, but they did not do what I need, because they require a mouse click for each login, which is no improvement over the situation like it already is. This is not about password storage (because firefox already stores them). But of course, if some password storing plugin could heal this it would be great.

Read the article
Standalone firewall + antivirus or combined security tools?

- by pukipuki

For years I'm using some antivirus software and different firewall. Now every antiviruses have got some firewall features and there are complete "internet security" complexes... and every firewall get some antivirus functionality and there are "internet security" versions. Firstly, it is hard and sometimes impossible to install and use standalone AV and FW. Sometimes I can't avoid them (i can't install KAV2010 without removing Outpost firewall etc). Secondly, complex solutions have some disbalance. Farewall from famous antivirus-brand is so user-friendly that is not suitable for me (lack of details in Norton Internet Security for example) and antiviruses from famous firewall-brands are still weak, it is proved by tests. What is today best-practices in case of functionality and security?) Some internet-security complex or two standalone applications from different vendors?

Read the article
best practice with memcache/php - multi memcache nodes

- by user62835

So I am working on a web app - that has to be built for scalability. It stores frequent MySQL querys into the cache. I have pretty much everything built and ready to go - but I am concerned on best practices on handling where to cache the data. I've talked to a few people and one of them suggested to split each key/value across all the memcache nodes. Meaning if i store the example: 'somekey','this is the value' it will be split across lets say 3 memcache servers. Is that a better way? or is memcache more built on a 1 to 1 relationship?. For example. store value on server A till it faults out - go to server B and store there. that is my current understanding from the research I have done and past experience working with memcache. Could someone please point me in the right direction in this and let me know which way is best or if I completely have this mixxed up. Thanks

Read the article
How do I handle mysql replication in EC2 using private IPs?

- by chris

I am trying to set up a mysql master/slave configuration in two EC2 instances. However, every time I reboot an instance, the IP address (and hostname) changes. I could assign an Elastic IP address, but would prefer to use the internal IP address. I can't be the first person to do this, but I can't seem to find a solution. There are a lot of "getting started" guides, but none of them mention how to handle changing IP addresses. So what are the best practices to manage master/slave replication in EC2?

Read the article
serving static file from cookieless domain: alternative cookieless directory

- by Simone Nigro

I'm trying to follow all the guidelines of "Google Page Speed??". The directive "Minimize request overhead" requires static content (images, js, css, etc.) on a static server (ie cookieless): https://developers.google.com/speed/docs/best-practices/request I do not want to buy a new server and I was thinking of just setting a directory of my site without cookie with htaccess www.mysite.com/static/.htaccess Header unset Cookie Header unset Set-Cookie I do not know if it can be problematic. Looking on google it seems that no one ever has adopted this type of solution, so I think that it is incorrect. What do you think? alternatively you could do www.mysite.com/.htaccess <FilesMatch "\.(css|js|jpg|png|gif)$"> Header unset Cookie Header unset Set-Cookie </FilesMatch>

Read the article
Green System Administrator looking for helpful tips

- by Joshua Anderson

I have just been promoted to Systems Administrator for our product. We are designing a application that communicates with the cloud(Amazon EC2). I will be in charge of maintaining all Instances and their underlying components. So far this involves a set of load balanced services instances that connect to a central DB in a multi-tennant DB design. Im interested in what other Sys. Admins have discovered as invaluable tools or practices. Any resources provided will be greatly appreciated.

Read the article
VMware Workstation 9 Security Best Practice Guides

- by slickboy

Could someone please point me in the direction of where I could find some best practice securiy guides for VMware Workstation 9 please? I've searched the VMware site and to say it's badly organised is an understatement! I've been able to find general setup guides but nothing with a specific focus on security. I'm also wondering is there any best practice guides that I should follow when installing Windows 7 Professional and Windows Server 2008 R2 on VMware Workstation 9? I obviously will be implementing Microsofts recommended security best practices but I'd be very interested in any recommendations for virtualizing these operating systems. Any help is much appreciated.

Read the article
How is Apache still working?

- by PJ

Recently, I decided to set up a local development environment for my work projects. I'm a PHP developer, with just enough knowledge of Linux and Apache to break things mightily. To get the local environment looking like my work environment, I had to upgrade PHP. When I did, Apache wouldn't restart. I decided I wanted to start fresh (this is where things went wrong) and that I'd reinstall Apache and PHP using MacPorts. So, I went through and tried to delete all the Apache files. Yup. I ran locate apache2 and deleted any folders that looked important. (I know, I know) Then I did a /usr/libexec/locate.updatedb to make sure everything was up to date. I even restarted my machine, just to make sure. The issue is, http://localhost still works. As does an alias I set up, http://butler. Shouldn't they not work? Now that I'm this far in, are there any tips for how to completely remove Apache so I can start over? Worst case, I have a timemachine backup, so I can always just restore that... Thanks in advance.

Read the article
IIS6 host multiple websites under same sub-domain (or something similar)

- by user28502

I'm trying to figure out a structure for a hosted application that i'm working on. I've got a domain lets call it app.company.com (a sub-domain company.com of course) that is setup to redirect to my IIS 6 web server. I would like to set up one website in IIS for each client that will use this application. And have the URL schema be like this: app.company.com/clientA -- would point to ClientA website in IIS app.company.com/clientB -- would point to ClientB website in IIS Do you guys have any pointers or best practices for my scenario?

Read the article
Sync Two Exchange accounts or Ready Only access to subfolders

- by cpgascho

This is two questions kind of. The situation is as follows. I am running SBS 2008 with Exchange 2007. There is a shared account which has subfolders to keep track of the process of jobs that are coming into the company (ie: sales) I need to give other people in the company read access to this mailbox not full control. When I give ready only access to the root other users can only see the Inbox and not subfolders. Permissions have to be applied to each folder. One solution I have considered is creating a secondary mailbox that everyone could have full access too which would have a one way sync from the sales mailbox to the secondary mailbox. Then people could see what was happening without messing up the main mailbox by accident (at worst they would mess up the secondary mailbox) Ideally I could find a way to propgate the READ ONLY Permissiosn to all the subfolders. I have tried using PFDavAdmin to do this but have not been able to get it to connect successfully from Windows 7 To Exchange 2007 Any idea on how to 1. Propogate permissions (get PFDavAdmin to work??!) 2. Sync mailboxes 3. Other solution? Thanks Chris

Read the article
Postfix relay gives error 450 while it should be 550

- by dieter-be

Hi, we use postfix to do relaying. We get several messages like the following in /var/log/mail (slightly edited) Apr 13 13:30:29 linserver postfix/smtpd[1064]: NOQUEUE: reject: RCPT from unknown[$ip]: 450 4.1.1 <[email protected]>: Recipient address rejected: undeliverable address: host domain.be [$ip] said: 550 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command); from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<BLUESTREAK.domain.local> Now, when the master mail servers gives a 550, claiming that the user does not exist, I want the relay to also give a 550 back. What happens now is that it seems to return a 450, causing clients to keep messages queued, keep trying and only notify users after a certain period has passed. According to what I could find, the soft_bounce could cause this. But we have not enabled this option (and by default it's off according to postfix docs) It might also have something to do with the *_reject_code postconf values. Especially since the log message complains the unknown ip. But as you can see in the postconf output below, smtpd_sender_restrictions and smtpd_client_restrictions are empty. So even if it would try to do any restrictions there, 550 is the "worst" error going on, so that's what I expect to be returned to the client. postconf: http://sprunge.us/JYgB Thanks, Dieter

Read the article
How secure is Remote Desktop from Mac OS X to Windows Server 2003?

- by dwhsix

It's unclear to me exactly how secure Remote Desktop access from Mac OS X to a Windows Server 2003 machine is. Is the communication encrypted by default? What level of encryption? Are there best practices for making this as secure as possible? I found http://www.mobydisk.com/techres/securing_remote_desktop.html but it's unclear how much of that is still relevant for current versions of RDP and Windows Server. I know I can tunnel RDP over ssh, but is that overkill or redundant?

Read the article
How to fix display on external Samsung Syncmaster shifted to the right when connected to Macbook Pro?

- by joe larson

Is there something special I need to do to be able to use external LCD displays with my new MacBook Pro? Do I need extra software, or do I possibly need a different cable? I'm attempting to use an external display with my MBP. I've got a "Mini DisplayPort to VGA Female Adapter for Mac", plugged into the thunderbolt port on my MBP, which I understood should be compatible with thunderbolt. I've tried this with three different SyncMaster models: a B2330 (21.5"), a EX2220 (22"), and a third (also 22" ish) which I don't have the model # for -- but all are 1920x1080 resolution; plus an additional HP monitor of similar size and resolution. In all four cases, the MBP recognizes the screen and choses the correct resolution. However, the display is shifted over about 1 inch. This is true no matter if I change screen resolutions also. The controls on the monitor for horizontal position don't help. Also, sometimes (especially if I drag an app over into the second screen), the screen starts skipping left to right and having bands of fuzz. Additionally, the monitor will periodically blink off for a moment, trying to switch from Digital to Analog and back (the Syncmaster shows text on the screen to tell you it's trying to do this). Often when it comes back from one of these blank-outs, it will show OK (no skipping or fuzz) but still shifted right; then after a few seconds it will go wrong again skipping and fuzzy. This photo shows the worst of it. I've added red rectangles to show the physical edge of the screen, and a yellow rectangle to show the empty space on the left of the screen. (Sorry for the awful quality and lighting!) Also, it's worth noting I am on Mac OS X 10.6.7, and yes I have this update 1.4 installed.

Read the article
Firefox is very slow when establish SSL sessions

- by yanglei

Using wireshark, I discovered that Firefox v3.0 gets stuck every time before "client key exchange, change cipher spec" stage when establishing a SSL session. Specifically, it takes 0.8~1.8 second before Firefox send "Client Key Exchange" request. This is unacceptable since our application is HTTPS only. I tested this on IE6 and IE8, both works well. Any clues? [Update] Finally, I found the reason of 1 ~ 2 seconds stuck by displaying all captured packets in Wireshark. After the "server hello" stage, Firefox makes a request to ocsp.verisign.com combined with an additional DNS lookup for that domain. Firefox must wait the revocation status from OCSP before entering the next stage of SSL. Depends on whether DNS cache is in effect, this process takes 1 ~ 2 seconds. A interesting observation is that the IP packet contains "client key exchange" has a high possibility to get lost and thus a TCP retransmission is necessary. When this happens, the process can take 3 seconds at worst. I'm not sure if this is a coincidence or a bug. Anyway, here is the result from Wireshark: (delta-time) 0.369296 src-ip dst-ip TCP [ACK] Seq=161 Ack=2741 Win=65340 Len=0 2.538835 src-ip dst-ip TLSv1 Client Key Exchange, Change Cipher Spec, Finished 2.987034 src-ip dst-ip TLSv1 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Finished The difference between Firefox and IE is this: Firefox 3 enables OCSP checking by default where as IE only supports it. So, there is no problem with both IE6 and IE8. This is indeed a "certificate revoke" problem. Thanks

Read the article
Nagios configuration management

- by HannesFostie

I am going to implement Nagios (most likely anyway, could turn out to be another tool as well) and I was wondering if anyone would like to share their best practices when it comes to creating, managing and maintaining the config files when it comes to scalability and managability as I find that it might quickly become a real big mess. Any tips, examples or even full configurations would be most welcome and I'd happily look them over. Tools would be welcome as well. Tried out NConf so far, but the generated config files don't seem to do what was promised (not including the parent information for one, and just a PITA to get them working - they generate a ton of errors when checking the config files with the script supplied by nagios) Thanks

Read the article
GRE Tunnel over IPsec with Loopback

- by Alek

Hello, I'm having a really hard time trying to estabilish a VPN connection using a GRE over IPsec tunnel. The problem is that it involves some sort of "loopback" connection which I don't understand -- let alone be able to configure --, and the only help I could find is related to configuring Cisco routers. My network is composed of a router and a single host running Debian Linux. My task is to create a GRE tunnel over an IPsec infrastructure, which is particularly intended to route multicast traffic between my network, which I am allowed to configure, and a remote network, for which I only bear a form containing some setup information (IP addresses and phase information for IPsec). For now it suffices to estabilish a communication between this single host and the remote network, but in the future it will be desirable for the traffic to be routed to other machines on my network. As I said this GRE tunnel involves a "loopback" connection which I have no idea of how to configure. From my previous understanding, a loopback connection is simply a local pseudo-device used mostly for testing purposes, but in this context it might be something more specific that I do not have the knowledge of. I have managed to properly estabilish the IPsec communication using racoon and ipsec-tools, and I believe I'm familiar with the creation of tunnels and addition of addresses to interfaces using ip, so the focus is on the GRE step. The worst part is that the remote peers do not respond to ping requests and the debugging of the general setup is very difficult due to the encrypted nature of the traffic. There are two pairs of IP addresses involved: one pair for the GRE tunnel peer-to-peer connection and one pair for the "loopback" part. There is also an IP range involved, which is supposed to be the final IP addresses for the hosts inside the VPN. My question is: how (or if) can this setup be done? Do I need some special software or another daemon, or does the Linux kernel handle every aspect of the GRE/IPsec tunneling? Please inform me if any extra information could be useful. Any help is greatly appreciated.

Read the article
SBS 2008 DNS issues in BPA

- by evesirim

I'm gettng constant Critical Issue events in the Small Business Server Best Practices Analyser & resulting SBS Console reports that begin "The DNS client is not configured to point only to the internal IP address of the server.". When I check the DNS Manager, there are two separate IPs listed, one ***.***.***.2 and the other ***.***.***.28. I have checked online after an ipconfig /all and have found the reason for this to be that the second IP is created by DHCP for RAS & VPN purposes. It seems to cause no conflicts of any detrimental result apart from constantly sending me error messages and alerted reports. Does anyone know of a way that I can change settings somewhere so that Windows accepts this second IP, or at least stops alerting me of its prescence? Perhaps a registry hack of some kind...? Many thanks in advance

Read the article
What is good book for administration & configuration of Storage logical arrays?

- by unknown (yahoo)

I am looking for a book which can explain pros and cons of different combination of configurations/policies of storage Arrays and may also suggest some best practices for certain scenarios for e.g. when data availability & security is very important. There are a lot of "books for dummy" but they don't go in depth, I am a more of developer so I would like to understand how and why exactly it works beneath policies & configuration settings. I am working with EMC clarion logical array but I will have to work with EMC Symmetrix or NetApp or any other types of disk arrays.

Read the article

< Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >