Articles

These are Linux related articles I've written for my own reference which might be useful for others with similar interests. All of the articles here are mainly focused on Red Hat Enterprise Linux/CentOS unless otherwise stated in the title.

If you want to keep track of new articles I write, you can point your RSS reader to this page, it should automaticaly pick up the Atom feed   I recommend the spaRSS app if you have an Android device.


Documents       Sort by Name or Date

LAMP performance tips   

Some general tips in speeding up Apache+MySQL+PHP websites. Last updated: 2013-12-23

RHEL/CentOS 7 installation guidelines   

All of my RHEL 7/CentOS 7 installations have a signature style that my colleagues follow; you can think of it as sort of a checklist for a good production install, so that all your systems have a predictable base. Last updated: 2015-10-07

Quick software SAN setup for testing   

When testing clustering techniques, it's almost mandatory to have a SAN setup unless you're using DRBD. This is how you can have a quick software SAN setup on EL6 which can support a clustered filesysytem for testing. This is not even close to ready for production use. Last updated: 2013-10-03

Monitor setup: Asus PG279Q in Linux with Intel graphics   

I realize I may be in the minority having the Asus ROG Swift PG278Q gaming G-Sync monitor connected to Intel graphics on Linux, but if you happen to be in the same rare situation, here's how to get it to work in Linux. Last updated: 2016-10-08

System benchmark: HP DL380 G4 to G9 comparison   

A benchmark comparing different generations of HP DL380 servers, starting from the G4, all the way to Gen9, with my desktop thrown in as well. Last updated: 2015-09-14

Server security guide   

These are general basic technical guidelines for securing RHEL or CentOS servers. You may want to use this as a checklist before going into production. It's not comprehensive, and only covers what I perceive to be important, esp. for LAMP setups. Last updated: 2016-02-09

Logging commands run on your servers   

This is an extremely useful tip for recording every command entered on your servers, with the (logged in) username even if they use su. One can optionally even record keystrokes on terminal/SSH sessions. This isn't really for security, but really more for keeping track of who did what, or remembering what you did a long time ago. Last updated: 2016-01-13

RHEL6 Cluster   

This is sort of a checklist I follow when creating clusters for RHEL6 using the High Availability or Resilient Storage add-on. It's not a tutorial. Last updated: 2015-09-27

RHEL7 presentation - What's new   

A presentation I made on what's new in RHEL 7 for an event held in the Radisson Royal Hotel, Dubai. Last updated: 2015-02-24

Easy secure Firewalls with FireHOL   

Imagine if allowing incoming FTP connections to your ftp server with iptables was as easy as having a file containing the line "server ftp accept". Or if only allowing outgoing HTTP access by Apache to just your LAN just needed a line saying "client http accept user apache dst 10.1.2.0/24". Or imagine if you could just preview your firewall rules for 30 seconds before commiting them, saving yourself from being locked out with a bad rule? Stop dreaming, and start installing FireHOL on your servers. Last updated: 2015-09-24

RHEL/CentOS 6 installation guidelines   

All of my RHEL 6/CentOS 6 installations have a signature style that my colleagues follow; you can think of it as sort of a checklist for a good production install, so that all your systems have a predictable base. Last updated: 2015-07-31

Linux sysadmin cheats   

This is a collection of Linux commands that I refer back to when I need them, though it's helpful knowing many of these off by heart. Last updated: 2016-01-13

Secure backups with rsnapshot   

I have seen a lot of backup utilities over the years, both proprietary and open source, but my preferred solution is the open source rsnapshot project, preferably combined with LVM snapshots for a more consistent image. It does the actual work via rsync. rsnapshot is OK for backups, but excels in the use case of having a standby server that can (with manual intervention) take over your main server in the least amount of time. I recall a company spending days recovering data from a complete SAN failure (both controllers), but our rsnapshot based backup server got back up and running in 3 minutes once we got to the console. This even allows bare-metal recovery if you are good enough with Linux. Last updated: 2015-08-26

Server Benchmarking with Phoronix   

Benchmarking is normally a tedious process, but the Phoronix test suite makes it MUCH easier. If you haven't heard of Phoronix before, this is for benchmarking system/OS speed only. If you need to benchmark an application or website, you'd need something else like JMeter. Phoronix would be useful in comparing different hardware, or the same hardware with different OS optimizations, comparing cloud/VPS providers, etc. Last updated: 2014-11-18

System benchmark: HP DL380 G4 to G9 comparison with AWS   

The HP Generations benchmark, compared with AWS instances (us.east). Last updated: 2015-10-03

Zimbra 8.x production setup   

Some steps in setting up a Zimbra 8 server for a production internet-facing server. This is not a tutorial, and is designed for those who already have a familiarity with setting up Zimbra. Last updated: 2015-09-02

AWS CLI tips   

Some AWS CLI tips for interactive use, scripts, Ansible and Jenkins. Last updated: 2017-02-25

oVirt SPICE console from a Mac   

Getting the "Console" button in oVirt working on a Mac Last updated: 2017-03-14

PXE network installation server setup   

You really ought be using Cobbler for PXE installs, but sometimes it helps knowing exactly how things are set up and working. I sometimes having something like this either on my laptop with a cross-cable connected to a server, or on a network without needing to replace the local DHCP server with proxyDHCP. Last updated: 2014-06-13

Web browser security - Running Firefox/Chrome as a different user   

Consider this: you could have your SSH keys, personal files and password manager databases uploaded to a cracker on the internet right now; all it would take would be for you to just visit a website that has an exploit for your browser, and they can run anything you can; including overriding your shell commands with theirs. Add a layer of protection by running your browser as a different user; so that the single most vulnerable application that is directly exposed to the big bad internet doesn't have access to your files. Last updated: 2016-11-05

Faster AWS/PayPal/TOTP two factor auth with Yubikey   

Using two factor with AWS or Paypal is a very good idea. However, both these services have an annoyance compared to other providers who use two factor authentication: AWS and Paypal _always_ ask for your 6-digit token before you can log in, unlike say Google where it wouldn't ask for your OTP for the same device. However, you can use a Yubikey to ease some of the pain, and have a shortcut enter the token when your Yubikey is plugged in. Last updated: 2018-01-30

BitFenix Icon display on Linux   

If you have the BitFenix Pandora case, and use Linux, you might have been disappointed to find out there is literally no information on changing the ICON display image in Linux anywhere on the internet, but I managed to modify the BitFenix icon source code to get it working; so you no longer need to have Windows around to change the image. Last updated: 2016-10-08

Encrypting CrashPlan backups in Linux   

CrashPlan is a fairly cost effective backup strategy for your personal files. However, since it's closed source, I'm extra paranoid about how it works, and though they say the data is encrypted, the closed source client still has unencrypted access to your data. This article goes through setting up a separate (virtual) machine dedicated for CrashPlan that only has access to an encrypted view of the data to back up. Last updated: 2016-05-16

System benchmark: DDR3 1333 MHz vs 1866 MHz   

A benchmark to see if spending the extra dough on 1866MHz DDR3 CL9 RAM sticks makes any noticable difference to the OS performance vs. cheaper 1333 MHz CL9 ones . Last updated: 2015-02-20

ejabberd XMPP chat server   

This walks through setting up ejabberd, a lightweight XMPP/chat server, on RHEL/CentOS 6 or 7, along with details on integrating it with Zimbra's authentication. Last updated: 2015-04-29

AWS: CloudFormation-Init and CodeDeploy snippet on CentOS 7   

AWS CloudFormation::Init is great for integrating basic configuration management (files, services and packages) into your CloudFormation based instances or launch configurations. CodeDeploy is interesting in deploying your code to multiple AWS instances. There are lots of documentation of getting AWS::CloudFormation::Init or CodeDeploy working with Amazon Linux, but nothing on CentOS 7; so here are some snippets to get you started. Last updated: 2016-10-09

Two factor authentication backup on Android   

You really should be using two factor authentication for your online accounts; a browser exploit or malware could get your passwords, and with two factor enabled, your password won't be useful to them. It's not as much of a hassle as it sounds because you will only be asked for a One Time Passcode (OTP) when logging in from a new device/browser. However, though two factor authentication is great, it stops being fun when you lose your phone. Though some like Google provide one-time recovery codes, many do not, resulting in possibly losing access to your account if your lose your phone. This article talks about backing up your OTP database on Android, so you can confidently enable two factor authentication without worrying about relying on one physical device forever. Last updated: 2016-06-19

Salt configuration management   

This talks about setting Salt, which is a wonderful configuration management system written in Python that I find easier to work with than Puppet, and has one advantage over Ansible. There are many Salt tutorials, but this one is geared towards a more small-production setup in a way that makes it easy to add specific entries for certain hosts. It is not for designed for absolute beginners. Last updated: 2015-09-06