fail2ban can be run as non-root using systemd This is a process to configure fail2ban to run as a dedicated system user,
Gathering statistics about communicalbe diseases is difficult. The best available statitics are rarely complete or current. This articile discusses some of the issues related to reporting Covid-19 statics
Instead of the packaged WordPress I run the version provided by WordPress. It is installed using a different userid from the userid the web server runs as. To enable updates from the Admin Dashboard, I enabled sftp (ssh). This is how I did it. Using the sftp option requires the php ssh module. This command […]
When installing third-party applications, they often default to running as root. The server applications for TeamSite/LiveSite are among those. I have applied a simple modification to the init.d scripts that starts them as a non-root user. It also allows the scripts to be run by members of an administration group via sudo. This approach is […]
i recently had an issue with frequent login attempts against on of my services. These were almost all from countries that should not be accessing my service. To resolve the issue I implemented geo blocking with TCP Wrappers. This is how I went about geo blocking connections.
This post will be continually developed. I recently designed some solutions to solve some issues with init.d and setup scripts. These may be of use to others, and I will likely reuse them.
This article provides a quick overview of the DNS records required for an email server and presents a minimal sample configuration. The example assumes that you are running servers for both email and the web. Comments indicating the changes if you are using a third party provider are provided.
I recently completed a garbage collection exercise on a variety of applications. In all, twenty WebLogic application clusters were tuned. A dozen of these are large busy application clusters. These provide a mix of Web Applications and Web Services. Tuning garbage collection is a matter of trade-offs. Large heaps take longer to garbage collect. Small […]
A StackExchange question on using HAProxy’s capture feature to pass data from TCP mode to HTTP mode prompted me to update my SSL configuration. This was intended to get an A+ rating from SSL Labs by sending non-SNI capable clients to a server with weaker ciphers. This was to enable clients on WinXP/IE8, Java 6, […]
I’ve done a little tuning to my WordPress setup. In order to keep up to date, I’ve switched from the Ubuntu installation to a downloaded installation under /opt/wordpress. This is owned by my user and served by apache running as www-data. Updates are done using the sftp add-on. Securing /opt/wordpress I added myself to the […]