How To Block Spammers/Hackers With Apache2's mod_spamhaus (Debian Etch)
How To Block Spammers/Hackers With Apache2′s mod_spamhaus (Debian Etch)
mod_spamhaus is an Apache module that uses DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address.
1. Installation
In order to compile mod_spamhaus, you must have apxs2 (APache eXtenSion tool) tool installed.
The follow command will install it:
apt-get install apache2-prefork-dev
Now we need to download the source package present at http://sourceforge.net/projects/mod-spamhaus/ or download it using wget application and this direct link to the repository:
wget http://kent.dl.sourceforge.net/sourceforge/mod-spamhaus/mod_spamhaus05.tar.gz
Next open archive, compile and install module with those commands:
tar zxvf mod_spamhaus05.tar.gz
cd mod-spamhaus
make
make install
You must add LoadModule directive to the main config file of you’re web server to load mod_spamhaus module.
vi /etc/apache2/httpd.conf
[...] LoadModule spamhaus_module /usr/lib/apache2/modules/mod_spamhaus.so
2. Configuration
Before we are able to write our configuration, we should known what directives are supported by mod_spamhaus:
MS_Methods – If the httpd’s method used by the visitor match, module verify user’s ip address
MS_WhiteList – A simple whitelist file where you can put ip address to bypass
MS_DNS – DNSBL to use. Usefull if you want make a local rbldnsd instance
MS_CacheSize – Number of cached addresses
Now we open config file of our web server in order to write a basic configuration:
vi /etc/apache2/apache2.conf
[...] <IfModule mod_spamhaus.c> MS_METHODS POST,PUT,OPTIONS,CONNECT MS_WhiteList /etc/spamhaus.wl MS_CacheSize 256 </IfModule> [...]
Next we create an empty whitelist file:
touch /etc/spamhaus.wl
Finally we restart Apache2:
/etc/init.d/apache2 restart
That’s all!
3. Links
- mod_spamhaus: http://sourceforge.net/projects/mod-spamhaus
- Apache: http://httpd.apache.org
- Debian: http://www.debian.org
This page is released into the public domain.
Related Tutorials
Port-Forwarding With rinetd On Debian Etch
Port-Forwarding With rinetd On Debian Etch
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 08/08/2008
This article shows how you can do port-forwarding with rinetd on Debian Etch. rinetd allows you to forward ports from one system to another. This useful if you have moved your web sites to a new server with a different IP address. Of course, you have modified your DNS records, but it can take a few days until DNS changes become effective, and that is where rinetd comes into play. If clients still use the old DNS records, rinetd can redirect them to the new server. With rinetd, you do not have to fiddle with iptables rules.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
In this example I’m trying to redirect HTTP traffic (port 80) from the IP address 192.168.0.101 to the IP address 192.168.0.100.
Please note that rinetd is not able to redirect FTP because FTP requires more than one socket.
2 Installing And Configuring rinetd
To install rinetd, we simply run
apt-get install rinetd
rinetd’s configuration file is /etc/rinetd.conf. To forward HTTP traffic from 192.168.0.101 to 192.168.0.100, we add the line 192.168.0.101 80 192.168.0.100 80:
vi /etc/rinetd.conf
# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 192.168.0.101 80 192.168.0.100 80 # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon
Then we restart rinetd:
/etc/init.d/rinetd restart
Now run
netstat -tap
and you should see that rinetd is listening on port 80 (www):
server2:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 1956/portmap
tcp 0 0 server2.example.com:www *:* LISTEN 2485/rinetd
tcp 0 0 *:3025 *:* LISTEN 2347/rpc.statd
tcp 0 0 *:auth *:* LISTEN 2306/inetd
tcp 0 0 localhost.localdom:smtp *:* LISTEN 2294/exim4
tcp6 0 0 *:ssh *:* LISTEN 2326/sshd
tcp6 0 0 server2.example.com:ssh ::ffff:192.168.0.3:4776 ESTABLISHED2409/0
server2:~#
Now when you direct your browser to a web page on the IP address 192.168.0.101, it should receive that page from the server with the IP address 192.168.0.100.
Instead of specifiying the port numbers in /etc/rinetd.conf, you can also use the service names. The service names are stored in /etc/services, so when you open that file, you will see that the service for port 80 is named www on Debian.
grep 80 /etc/services
server2:~# grep 80 /etc/services
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
socks 1080/tcp # socks proxy server
socks 1080/udp
amanda 10080/tcp # amanda backup services
amanda 10080/udp
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd
canna 5680/tcp # cannaserver
zope-ftp 8021/tcp # zope management by ftp
webcache 8080/tcp # WWW caching service
tproxy 8081/tcp # Transparent Proxy
omniorb 8088/tcp # OmniORB
omniorb 8088/udp
server2:~#
So you could use the following configuration in /etc/rinetd.conf, it has the same effect as the first one:
vi /etc/rinetd.conf
# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 192.168.0.101 www 192.168.0.100 www # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon
And to make rinetd listen on all IP addresses that are configured on the system where it is installed, we can use 0.0.0.0 as the bindaddress:
vi /etc/rinetd.conf
# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 0.0.0.0 80 192.168.0.100 80 # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon
After you’ve restarted rinetd…
/etc/init.d/rinetd restart
… rinetd should now listen on all interfaces (*:www):
netstat -tap
server2:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 1956/portmap
tcp 0 0 *:www *:* LISTEN 2503/rinetd
tcp 0 0 *:3025 *:* LISTEN 2347/rpc.statd
tcp 0 0 *:auth *:* LISTEN 2306/inetd
tcp 0 0 localhost.localdom:smtp *:* LISTEN 2294/exim4
tcp 0 0 server2.example.com:www 192.168.0.3:4798 TIME_WAIT -
tcp6 0 0 *:ssh *:* LISTEN 2326/sshd
tcp6 0 148 server2.example.com:ssh ::ffff:192.168.0.3:4776 ESTABLISHED2409/0
server2:~#
3 Links
- rinetd: http://www.boutell.com/rinetd
- Debian: http://www.debian.org
Copyright © 2008 Falko Timme
All Rights Reserved.
Installing memcached And The PHP5 memcache Module On Debian Etch (Apache2)
Installing memcached And The PHP5 memcache Module On Debian Etch (Apache2)
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 08/27/2008
This guide explains how to install memcached and the PHP5 memcache module on a Debian Etch system with Apache2. memcached is a daemon that can store objects in the system’s memory (e.g. results of database queries) which can speed up your web site tremendously. You can use memcached over a network (i.e., install your web application on one server and memcached on another server), but usually you install both on one server to avoid the networking overhead.
It should be noted the memcached is no out-of-the-box solution for speeding up your web applications. Typically you have to adjust your scripts (PHP, Perl, etc.) to work with memcached, so this requires a little bit of work.
This document comes without warranty of any kind! I do not issue any guarantee that this will work for you!
1 Preliminary Note
I have tested this on a Debian Etch server with the IP address 192.168.0.100 where Apache2 and PHP5 are already installed and working. I’ll use Apache’s default document root /var/www in this tutorial for demonstration purposes. Of course, you can use any other vhost as well, but you might have to adjust the path to the info.php file that I’m using in this tutorial.
2 Checking PHP5′s Current State
First, before we install memcached, let’s find out about our PHP5 installation. To do this, we create the file info.php in our document root /var/www:
vi /var/www/info.php
<?php phpinfo(); ?>
Afterwards, we call that file in a browser: http://192.168.0.100/info.php
As you see, we have PHP 5.2.0 installed…
… but the PHP5 memcache module isn’t mentioned anywhere on the page:
3 Installing memcached And The PHP5 memcache Module
memcached and the PHP5 memcache module are available as packages for Debian Etch, so we can install them as follows:
apt-get install memcached php5-memcache
After the installation, memcached should already be running. You can check that by typing
netstat -tap | grep memcached
server1:~# netstat -tap | grep memcached
tcp 0 0 *:11211 *:* LISTEN 3053/memcached
server1:~#
As you see, memcached is running on port 11211 (the default memcached port), and it’s listening on all interfaces on the system. As memcached has no built-in authentication mechanisms (in order to not give up on speed), this means that anyone can connect to it from outside and use it. To avoid this, you can either close port 11211 in your firewall, or you configure memcached to listen on localhost only. I will use the latter method here.
To do this, open the memcached configuration which is stored in /etc/memcached.conf:
vi /etc/memcached.conf
Add -l 127.0.0.1 to the configuration (you can also adjust the other settings if you like – the file contains explanations for each setting):
[...] # Specify which IP address to listen on. The default is to listen on all IP addresses # This parameter is one of the only security measures that memcached has, so make sure # it's listening on a firewalled interface. # -l 12.34.56.78 -l 127.0.0.1 [...]
Restart memcached…
/etc/init.d/memcached restart
… and run
netstat -tap | grep memcached
again. As you see, memcached is now listening on localhost only:
server1:~# netstat -tap | grep memcached
tcp 0 0 localhost.localdo:11211 *:* LISTEN 3092/memcached
server1:~#
Afterwards, we restart Apache so that our new PHP configuration takes effect:
/etc/init.d/apache2 restart
Afterwards, open info.php again in a browser: http://192.168.0.100/info.php
You should now see memcache mentioned on the page which means it has successfully been integrated and is working as expected:
To use the PHP memcache module with your PHP applications, you should check out the memcache examples and the memcache function reference.
I will use the example script from http://dk.php.net/manual/en/memcache.examples.php and save it in the file /var/www/memcachetest.php:
vi /var/www/memcachetest.php
<?php
$memcache = new Memcache;
$memcache->connect('localhost', 11211) or die ("Could not connect");
$version = $memcache->getVersion();
echo "Server's version: ".$version."<br/>\n";
$tmp_object = new stdClass;
$tmp_object->str_attr = 'test';
$tmp_object->int_attr = 123;
$memcache->set('key', $tmp_object, false, 10) or die ("Failed to save data at the server");
echo "Store data in the cache (data will expire in 10 seconds)<br/>\n";
$get_result = $memcache->get('key');
echo "Data from the cache:<br/>\n";
var_dump($get_result);
?>
Then I call that file in a browser (http://192.168.0.100/memcachetest.php). If all goes well, the output should look as follows:
4 Links
- memcached: http://www.danga.com/memcached
- PHP: http://www.php.net
- Apache: http://httpd.apache.org
- Debian: http://www.debian.org
Copyright © 2008 Falko Timme
All Rights Reserved.
Related Tutorials
Installing Joomla 1.5.6 On A Lighttpd Web Server (Debian Etch)
Installing Joomla 1.5.6 On A Lighttpd Web Server (Debian Etch)
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 09/03/2008
This guide explains how you can install Joomla 1.5.6 on a lighttpd web server on Debian Etch. Joomla comes with an .htaccess file with mod_rewrite rules (for Apache) (to enable search-engine friendly URLs) that do not work on lighttpd. Fortunately Joomla has a built-in method to make search-engine friendly URLs work on lighttpd as well.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I have tested this on a Debian Etch server where lighttpd and PHP5 are already installed and working (e.g. like in this tutorial). I’ll use the hostname www.example.com and the document root /var/www/web1/web (where I will install Joomla) with the user web1_admin and the group web1 in this tutorial for demonstration purposes. Of course, you can use any other vhost as well, but you might have to adjust your lighttpd.conf.
2 Creating The Document Root And the User/Group
If your document root and the web user/group don’t already exist, you can create them as follows:
groupadd web1
useradd -s /bin/bash -d /var/www/web1 -m -g web1 web1_admin
passwd web1_admin
mkdir /var/www/web1/web
chown web1_admin:web1 /var/www/web1/web
3 Installing Prerequsites
The Joomla sources come as a zip file, so we must install unzip. In addition to that, Joomla needs an FTP server if the Joomla files are owned by another user/group than the web server is running as (user www-data, group www-data on Debian) to avoid permission problems when Joomla tries to change its configuration file. Because I want to use the user web1_admin and the group web1 for the Joomla web site, I must install an FTP server (e.g. ProFTPd) as well (you don’t have to do this if you already have a working FTP server on the system).
apt-get install unzip proftpd
4 Configuring Lighttpd And PHP
Because I want to install Joomla in /var/www/web1/web and not in the default document root /var/www, I open /etc/lighttpd/lighttpd.conf and change server.document-root; in addition to that I add a directive for server.error-handler-404 (I want to run only this Joomla web site on the server, so I can change this in the global configuration – if you’re using virtual hosts, you must adjust your vhost configuration instead):
vi /etc/lighttpd/lighttpd.conf
[...] ## a static document-root, for virtual-hosting take look at the ## server.virtual-* options server.document-root = "/var/www/web1/web/" server.error-handler-404 = "/index.php" [...]
Restart lighttpd afterwards:
/etc/init.d/lighttpd restart
Next we open /etc/php5/cgi/php.ini and set display_errors to Off:
vi /etc/php5/cgi/php.ini
[...] display_errors = Off [...]
We restart lighttpd again:
/etc/init.d/lighttpd restart
5 Installing Joomla 1.5.6
We can install Joomla 1.5.6 to /var/www/web1/web as follows:
cd /var/www/web1/web
wget http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-Stable-Full_Package.zip
unzip Joomla_1.5.6-Stable-Full_Package.zip
chown -R web1_admin:web1 *
touch configuration.php
chown www-data:www-data configuration.php
chmod 644 configuration.php
Then we log in to MySQL…
mysql -u root -p
… and create a Joomla database (I name it joomla) and a database user for that database (I name it joomlauser and use the password password for it – please use a password of your choice on your installation):
CREATE DATABASE joomla;
GRANT ALL PRIVILEGES ON joomla.* TO joomlauser@localhost IDENTIFIED BY ‘password’;
GRANT ALL PRIVILEGES ON joomla.* TO joomlauser@localhost.localdomain IDENTIFIED BY ‘password’;
FLUSH PRIVILEGES;
quit;
Next open a browser and go to http://www.example.com to start Joomla’s installation wizard. Select your language and click on Next:
In the next step Joomla checks if your server fulfills all requirements. Click on Next (unless you see something red on that page):
Click on Next to accept the license:
Now fill in the database details and click on Next:
- Installing Joomla 1.5.6 On A Lighttpd Web Server (Debian Etch) – Page 2
next Installing Joomla 1.5.6 On A Lighttpd Web Server (Debian Etch) – Page 2
Copyright © 2008 Falko Timme
All Rights Reserved.
Related Tutorials
Installing Drupal 6.4 On A Lighttpd Web Server (Debian Etch)
Installing Drupal 6.4 On A Lighttpd Web Server (Debian Etch)
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 09/02/2008
This guide explains how you can install Drupal 6.4 on a lighttpd web server on Debian Etch. Drupal comes with an .htaccess file with mod_rewrite rules (for Apache) that do not work on lighttpd. Without this .htaccess file it is not possible to have clean URLs in your Drupal installation. Fortunately there’s a way to make lighttpd behave as if it could read the .htaccess file.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I have tested this on a Debian Etch server where lighttpd and PHP5 are already installed and working (e.g. like in this tutorial). I’ll use the hostname www.example.com and lighttpd’s default document root /var/www (where I will install Drupal) in this tutorial for demonstration purposes. Of course, you can use any other vhost as well, but you might have to adjust your lighttpd.conf.
2 Installing mod_magnet
I will use a file called drupal.lua that contains the rewrite rules needed by Drupal (e.g. for clean URLs). Lighttpd needs the module mod_magnet so that it can understand the drupal.lua file. Therefore we install mod_magnet…
apt-get install lighttpd-mod-magnet
… and enable it:
lighty-enable-mod magnet
Next we download the drupal.lua file:
cd /etc/lighttpd
wget http://nordisch.org/drupal.lua
(If the download link doesn’t work for some reason, here’s the content of the drupal.lua file:
-- little helper function
function file_exists(path)
local attr = lighty.stat(path)
if (attr) then
return true
else
return false
end
end
function removePrefix(str, prefix)
return str:sub(1,#prefix+1) == prefix.."/" and str:sub(#prefix+2)
end
-- prefix without the trailing slash
local prefix = '/drupal'
-- the magic 
if (not file_exists(lighty.env["physical.path"])) then
-- file still missing. pass it to the fastcgi backend
request_uri = removePrefix(lighty.env["uri.path"], prefix)
if request_uri then
lighty.env["uri.path"] = prefix .. "/index.php"
local uriquery = lighty.env["uri.query"] or ""
lighty.env["uri.query"] = uriquery .. (uriquery ~= "" and "&" or "") .. "q=" .. request_uri
lighty.env["physical.rel-path"] = lighty.env["uri.path"]
lighty.env["request.orig-uri"] = lighty.env["request.uri"]
lighty.env["physical.path"] = lighty.env["physical.doc-root"] .. lighty.env["physical.rel-path"]
end
end
-- fallthrough will put it back into the lighty request loop
-- that means we get the 304 handling for free.
)
Because I want to install Drupal directly in the document root (/var/www) and not in a subdirectory, I open /etc/lighttpd/drupal.lua and change local prefix = ‘/drupal’ to local prefix = ”:
vi /etc/lighttpd/drupal.lua
[...] -- prefix without the trailing slash local prefix = '' [...]
Next I open /etc/lighttpd/lighttpd.conf and change the values of index-file.names and url.access-deny and add a line for magnet.attract-physical-path-to:
vi /etc/lighttpd/lighttpd.conf
[...] ## files to check for if .../ is requested #index-file.names = ( "index.php", "index.html", # "index.htm", "default.htm" ) index-file.names = ( "index.php" ) ## Use the "Content-Type" extended attribute to obtain mime type if possible # mimetype.use-xattr = "enable" #### accesslog module accesslog.filename = "/var/log/lighttpd/access.log" ## deny access the file-extensions # # ~ is for backupfiles from vi, emacs, joe, ... # .inc is often used for code includes which should in general not be part # of the document-root #url.access-deny = ( "~", ".inc" ) url.access-deny = ( "~", ".inc", ".engine", ".install", ".module", ".sh", "sql", ".theme", ".tpl.php", ".xtmpl", "Entries", "Repository", "Root" ) magnet.attract-physical-path-to = ( "/etc/lighttpd/drupal.lua" ) [...]
Finally I restart lighttpd:
/etc/init.d/lighttpd restart
Lighttpd is now ready for Drupal 6.4.
- Installing Drupal 6.4 On A Lighttpd Web Server (Debian Etch) – Page 2
next Installing Drupal 6.4 On A Lighttpd Web Server (Debian Etch) – Page 2
Copyright © 2008 Falko Timme
All Rights Reserved.
Checking Package Dependencies with apt-rdepends On Debian/Ubuntu
Checking Package Dependencies with apt-rdepends On Debian/Ubuntu
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 08/19/2008
This short guide shows how you can check the dependencies of a package with the tool apt-rdepends on Debian and Ubuntu systems. The great thing about apt-rdepends is that it resolves dependencies recursively, i.e., not only does it show the direct dependencies of a package, but also the dependencies’ dependencies. This is great, for example, if you want to rebuild a package from the sources, etc.
This document comes without warranty of any kind! I do not issue any guarantee that this will work for you!
apt-rdepends
In order to install apt-rdepends, we simply run
apt-get install apt-rdepends
Afterwards, we can use it to resolve dependencies. To learn more about its usage, take a look at
man apt-rdepends
Usually, you just use it with a package name, e.g. apt-rdepends package. For example, to check the dependencies of the package libapache2-mod-php5, we run
apt-rdepends libapache2-mod-php5
Here’s a sample output from a Debian Etch system:
server1:~# apt-rdepends libapache2-mod-php5
Reading package lists… Done
Building dependency tree… Done
libapache2-mod-php5
Depends: apache2-mpm-itk
Depends: apache2-mpm-prefork (>> 2.0.52)
Depends: apache2.2-common
Depends: libbz2-1.0
Depends: libc6 (>= 2.3.6-6)
Depends: libcomerr2 (>= 1.33-3)
Depends: libdb4.4
Depends: libkrb53 (>= 1.4.2)
Depends: libmagic1
Depends: libpcre3 (>= 4.5)
Depends: libssl0.9.8 (>= 0.9.8c-1)
Depends: libxml2 (>= 2.6.27)
Depends: mime-support (>= 2.03-1)
Depends: php5-common (= 5.2.0-8+etch1)
Depends: ucf
Depends: zlib1g (>= 1:1.2.1)
apache2-mpm-itk
Depends: apache2.2-common (= 2.2.3-4+etch5)
Depends: libapr1
Depends: libaprutil1
Depends: libc6 (>= 2.3.6-6)
Depends: libcap1
Depends: libdb4.4
Depends: libexpat1 (>= 1.95.8)
Depends: libldap2 (>= 2.1.17-1)
Depends: libpcre3 (>= 4.5)
Depends: libpq4 (>= 8.1.4)
Depends: libsqlite3-0 (>= 3.3.8)
Depends: libuuid1
apache2.2-common
Depends: apache2-utils
Depends: libmagic1
Depends: lsb-base
Depends: mime-support
Depends: net-tools
Depends: procps
apache2-utils
Depends: libapr1
Depends: libaprutil1
Depends: libc6 (>= 2.3.6-6)
Depends: libdb4.4
Depends: libexpat1 (>= 1.95.8)
Depends: libldap2 (>= 2.1.17-1)
Depends: libpcre3 (>= 4.5)
Depends: libpq4 (>= 8.1.4)
Depends: libsqlite3-0 (>= 3.3.8)
Depends: libssl0.9.8 (>= 0.9.8c-1)
Depends: libuuid1
libapr1
Depends: libc6 (>= 2.3.6-6)
Depends: libuuid1
libc6
Depends: tzdata
tzdata
libuuid1
Depends: libc6 (>= 2.3.6-6)
libaprutil1
Depends: libapr1
Depends: libc6 (>= 2.3.6-6)
Depends: libdb4.4
Depends: libexpat1 (>= 1.95.8)
Depends: libldap2 (>= 2.1.17-1)
Depends: libpq4 (>= 8.1.4)
Depends: libsqlite3-0 (>= 3.3.7)
Depends: libuuid1
libdb4.4
Depends: libc6 (>= 2.3.6-6)
libexpat1
Depends: libc6 (>= 2.3.6-6)
libldap2
Depends: libc6 (>= 2.3.6-6)
Depends: libgnutls13 (>= 1.4.0-0)
Depends: libsasl2-2
libgnutls13
Depends: libc6 (>= 2.3.6-6)
Depends: libgcrypt11 (>= 1.2.2)
Depends: libgpg-error0 (>= 1.4)
Depends: liblzo1
Depends: libopencdk8 (>= 0.5.8)
Depends: libtasn1-3 (>= 0.3.4)
Depends: zlib1g (>= 1:1.2.1)
libgcrypt11
Depends: libc6 (>= 2.3.6-6)
Depends: libgpg-error0 (>= 1.2)
libgpg-error0
Depends: libc6 (>= 2.3.6-6)
liblzo1
Depends: libc6 (>= 2.3.5-1)
libopencdk8
Depends: libc6 (>= 2.3.6-6)
Depends: libgcrypt11 (>= 1.2.2)
Depends: libgpg-error0 (>= 1.4)
Depends: zlib1g (>= 1:1.2.1)
zlib1g
Depends: libc6 (>= 2.3.6-6)
libtasn1-3
Depends: libc6 (>= 2.3.6-6)
libsasl2-2
Depends: libc6 (>= 2.3.6-6)
Depends: libdb4.2
libdb4.2
Depends: libc6 (>= 2.3.6-6)
libpq4
Depends: libc6 (>= 2.3.6-6)
Depends: libcomerr2 (>= 1.33-3)
Depends: libkrb53 (>= 1.4.2)
Depends: libssl0.9.8 (>= 0.9.8c-1)
libcomerr2
Depends: libc6 (>= 2.3.6-6)
libkrb53
Depends: libc6 (>= 2.3.6-6)
Depends: libcomerr2 (>= 1.33-3)
libssl0.9.8
Depends: debconf (>= 0.5)
Depends: debconf-2.0
Depends: libc6 (>= 2.3.6-6)
Depends: zlib1g (>= 1:1.2.1)
debconf
Depends: debconf-english
Depends: debconf-i18n
PreDepends: perl-base (>= 5.6.1-4)
debconf-english
Depends: debconf
debconf-i18n
Depends: debconf
Depends: liblocale-gettext-perl
Depends: libtext-charwidth-perl
Depends: libtext-iconv-perl
Depends: libtext-wrapi18n-perl
liblocale-gettext-perl
Depends: libc6 (>= 2.3.2.ds1-21)
PreDepends: perl-base (>= 5.8.7-3)
PreDepends: perlapi-5.8.7
perl-base
PreDepends: libc6 (>= 2.3.6-6)
perlapi-5.8.7
libtext-charwidth-perl
Depends: libc6 (>= 2.3.6-6)
Depends: perl-base (>= 5.8.8-6)
Depends: perlapi-5.8.8
perlapi-5.8.8
libtext-iconv-perl
Depends: libc6 (>= 2.3.6-6)
Depends: perl-base (>= 5.8.8-6)
Depends: perlapi-5.8.8
libtext-wrapi18n-perl
Depends: libtext-charwidth-perl
debconf-2.0
libsqlite3-0
Depends: libc6 (>= 2.3.6-6)
libpcre3
Depends: libc6 (>= 2.3.6-6)
libmagic1
Depends: libc6 (>= 2.3.6-6)
Depends: zlib1g (>= 1:1.2.1)
lsb-base
Depends: ncurses-bin
Depends: sed
ncurses-bin
PreDepends: libc6 (>= 2.3.6-6)
PreDepends: libncurses5 (>= 5.4-5)
libncurses5
Depends: libc6 (>= 2.3.6-6)
sed
PreDepends: libc6 (>= 2.3.6-6)
mime-support
net-tools
Depends: libc6 (>= 2.3.2.ds1-21)
procps
Depends: libc6 (>= 2.3.6-6)
Depends: libncurses5 (>= 5.4-5)
Depends: lsb-base (>= 3.0-10)
libcap1
Depends: libc6 (>= 2.3.2.ds1-4)
apache2-mpm-prefork
Depends: apache2.2-common (= 2.2.3-4)
Depends: libapr1
Depends: libaprutil1
Depends: libc6 (>= 2.3.6-6)
Depends: libdb4.4
Depends: libexpat1 (>= 1.95.8)
Depends: libldap2 (>= 2.1.17-1)
Depends: libpcre3 (>= 4.5)
Depends: libpq4 (>= 8.1.4)
Depends: libsqlite3-0 (>= 3.3.8)
Depends: libuuid1
libbz2-1.0
Depends: libc6 (>= 2.3.6-6)
libxml2
Depends: libc6 (>= 2.3.6-6)
Depends: zlib1g (>= 1:1.2.1)
php5-common
Depends: sed (>= 4.1.1-1)
ucf
Depends: coreutils (>= 5.91)
Depends: debconf (>= 1.2.0)
Depends: debconf-2.0
coreutils
PreDepends: libacl1 (>= 2.2.11-1)
PreDepends: libc6 (>= 2.3.6-6)
PreDepends: libselinux1 (>= 1.32)
libacl1
Depends: libattr1 (>= 2.4.4-1)
Depends: libc6 (>= 2.3.6-6)
libattr1
Depends: libc6 (>= 2.3.5-1)
libselinux1
Depends: libc6 (>= 2.3.6-6)
Depends: libsepol1 (>= 1.14)
libsepol1
Depends: libc6 (>= 2.3.6-6)
server1:~#
Links
- Debian: http://www.debian.org
- Ubuntu: http://www.ubuntu.com
Copyright © 2008 Falko Timme
All Rights Reserved.
Related Tutorials
Install WebVZ 2.0 On Debian Etch To Administrate OpenVZ
Install
WebVZ 2.0 On Debian Etch To Administrate OpenVZ
Created/Modified
by Edward Tobia to work with WebVZ 2.0. Credits to Mike J
(mike.j@rewt.ch)
for the WebVZ 1.5 installation instructions as they helped make this
version possible!
1.1
Beginnings:
First
you must have OpenVZ installed and configured. You can find a
tutorial to do this on HowtoForge
(http://www.howtoforge.com/installing-and-using-openvz-on-debian-etch).
Because of a small problem/error in Debian Etch, it is not possible
to update the Rubygems system because a Require in the gems is
missing. But we can solve it with a simple edit of the file. WebVZ is
one of the simplest and most powerful web management tools for
OpenVZ.
2.0
Needed Packages:
We must install some
additional packages to get WebVZ running. WebVZ does not need a web
server, because they deliver it with WebRick.
Let’s start…
main:~# apt-get install
ruby rubygems libsqlite3-ruby sqlite3 irb1.8 libopenssl-ruby1.8
libreadline-ruby1.8 rdoc1.8 nano
You
must say Yes to the installation.
2.1
Solve Debian error:
To solve the error on
Debian, so that we can update gems you must do the following:
main:~# nano /usr/bin/gem
Edit the file so that
it looks like this:
#!/usr/bin/env ruby
#--
# Copyright 2006 by Chad Fowler, Rich Kilmer, Jim Weirich and others.
# All rights reserved.
# See LICENSE.txt for permissions.
#++
require 'rubygems'
require 'rubygems/gem_runner'
require 'rubygems/open-uri'
Gem.manage_gems
required_version = Gem::Version::Requirement.new(">= 1.8.0")
unless required_version.satisfied_by?(Gem::Version.new(RUBY_VERSION))
puts "Expected Ruby Version #{required_version}, was #{RUBY_VERSION}"
exit(1)
end
# We need to preserve the original ARGV to use for passing gem options
# to source gems. If there is a -- in the line, strip all options after
# it...its for the source building process.
args = !ARGV.include?("--") ? ARGV.clone : ARGV[0...ARGV.index("--")]
Gem::GemRunner.new.run(args)
Save
the file with CTRL + X and type Y to save.
2.2
Update Gems:
Type in your console
the following to update Gems, without the update WebVZ doesn’t
run….
main:~# gem update
–system
You need to install
Rails 2.1.0:
main:~# gem install -v=2.1.0 rails
3.0
Configuring WebVZ:
Use the following
commands to get WebVZ:
main:~# wget
http://ovh.dl.sourceforge.net/sourceforge/webvz/webvz.2.0.tar.gz
Extract the downloaded
archive:
main:~# tar -xzvf
webvz.2.0.tar.gz
Go into the WebVZ
directory:
main:~# cd webvz.2.0
Because of some small
changes on the Debian System we need to set some softlinks in our
system & create a few directories. Do it exactly as shown,
otherwise WebVZ is not usable:
main:~/webvz.2.0# ln -s
/var/lib/vz /vz
main:~/webvz.2.0# ln -s
/usr/bin/irb1.8 /usr/bin/irb
main:~/webvz.2.0# mkdir
/etc/sysconfig
main:~/webvz.2.0# ln –s
/etc/vz/conf /etc/sysconfig/vz-scripts
3.1
Starting and Setting up WebVZ:
To
start WebVZ you can start the server with this command. You can put
it in your init.d or start-up scripts if you wish for it to boot up
on every start-up.
main:~/webvz.2.0#
ruby script/server
If
all is well a message will come and say WebRick is started on port
3000.
Now
we must connect with a web browser to http://[youripaddress]:3000.
Log in with
Username:
admin
Passwort: admin123
First of all to secure
WebVZ, we need to create an own account. Log in with your account
details and destroy the admin account.
3.2
After Installation Problems – Fixes:
After
installation is complete and you have the WebRick server running you
may encounter the following error when logging in/using WebVZ:
Could
not find table ‘users’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
connection_adapters/sqlite3_adapter.rb:29:in `table_structure’
/usr/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/
core_ext/object/misc.rb:28:in `returning’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
connection_adapters/sqlite3_adapter.rb:28:in `table_structure’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
connection_adapters/sqlite_adapter.rb:189:in `columns’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
base.rb:1145:in `columns’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
base.rb:1158:in `column_names’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
base.rb:1171:in `column_methods_hash’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
base.rb:1714:in `all_attributes_exists?’
/usr/lib/ruby/gems/1.8/gems/activesupport-2.1.0/lib/active_support/
inflector.rb:283:in `all?’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
base.rb:1714:in `each’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
base.rb:1714:in `all?’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
base.rb:1714:in `all_attributes_exists?’
/usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/
base.rb:1613:in `method_missing’
app/models/user.rb:13:in
`authunticate’
app/controllers/login_controller.rb:16:in
`sign_in’
This is a problem with the
SQLite3 Adapter that comes with activerecord-2.1.0; I have created a
fix in which you must apply the following commands in ssh:
main:~# rm -f /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/connection_adapters/sqlite3_adapter.rb
main:~# cd /usr/lib/ruby/gems/1.8/gems/activerecord-2.1.0/lib/active_record/connection_adapters/
main:~# wget http://www.eurosrv.com/sqlite3_adapter.rb
This should/will fix the
SQLite3 problem with databases not being found.
Everything should now work
perfectly!
Copyright © 2008 Shuaib Zahda
All Rights Reserved.
Related Tutorials
How To Manage Apache Resources Limits With mod_slotlimit (Debian Etch)
How To Manage Apache Resources Limits With mod_slotlimit (Debian Etch)
mod_slotlimit
is an Apache module that using dynamic slot allocation algorithm and static rules, can manage resources used for each running site.
1. Installation
In order to compile mod_slotlimit, you will need to have apxs2 (APache eXtension tool) installed and configured with Apache.
The follow command will install it:
apt-get install apache2-prefork-dev
Now we download the source package present at http://sourceforge.net/projects/mod-slotlimit/ or download it using wget application and this direct link to the repository:
wget http://kent.dl.sourceforge.net/sourceforge/mod-slotlimit/mod_slotlimit.tar.gz
Next open archive, compile and install module with those commands:
tar zxvf mod_slotlimit.tar.gz
cd mod_slotlimit-1.0
make
make install
Add in the main config file of your web server the following command in order to load mod_slotlimit module.
vi /etc/apache2/httpd.conf
[...] LoadModule slotlimit_module /usr/lib/apache2/modules/mod_slotlimit.so
2. Configuration
Before we are able to write our configuration, we should known what directives are supported by this module.
For more information read mod_slotlimit’s documentation:
AvailableSlotsPercent – Percentage of apache slots available in order to activate dynamic slot allocation algorithm
MaxConnectionsPerSite – Max connections for each running site
LimitSite – Specific site to limit
LimitSiteConnections – Max connections for “LimitSite”
ClientIpLimit – Number of maximum simultaneous connection per IP
ForceVhostName – Force vhost hostname in scoreboard. Useful when vhost hostname do not match site visited, for example if you’re using mod_vhost_alias
Now we open config file of our web server in order to write the configuration:
vi /etc/apache2/apache2.conf
[...] <IfModule mod_slotlimit.c> AvailableSlotsPercent 15 MaxConnectionsPerSite 30 LimitSite www.BadSite.xxx LimitSiteConnections 15 ClientIpLimit 15 ForceVhostName On </IfModule> [...]
Finally we restart Apache:
/etc/init.d/apache2 restart
3. Links
- mod_slotlimit: http://sourceforge.net/projects/mod-slotlimit/
- Apache: http://httpd.apache.org
- Debian: http://www.debian.org
This page is released into the public domain.
Installing Zivios Server On Debian Etch
Installing Zivios Server On Debian Etch
This howto explains installing Zivios Master Service version 0.5.0 on Debian Etch 4.0. Zivios is an n-tiered PHP-5 application, providing identity management, single sign-on, user, group and computer provisioning, as well as remote management of services. It uses MySQL and OpenLDAP as its data store, with OpenLdap being the primary back end for identity management and application integration and MySQL being used for panel specific data.
Supported Platforms
- Debian Etch 4.0
- Debian Lenny 5.0 (untested — should work however. Please report success at zivios-discuss@lists.zivios.org)
Domain Name Service Requirements
The Zivios installer will work off an IP address. However, the
services that Zivios configures (Kerberos, Certificate Authority, etc.)
require proper name resolution. It is highly recommended that you configure DNS for the hostname you are working with.
Extraction
Download the Zivios package: zivios-0.5.0.tar.bz2 and copy it to your server at: /usr/local/src/
Note: the zivios package (zivios-0.5.0.tar.bz2) MUST
be saved in /usr/local/src. Currently, the web based installer does not
allow the option of specifying where the source folder is. If this is a
problem, simply create a symlink from your actual source directory to
/usr/local/src/.
Preparation
Your Debian server installation should be absolutely minimal.
Barring SSHd, no additional packages should be installed at this stage.
For the purpose of this setup, we are working with the following
hostname and IP address:
- hostname : master.zivios.net
- IP address : 192.168.0.31
Note: it is a requirement that you use a sub-domain as your
hostname. This does not mean that your LDAP basedn, kerberos realm or
mail domain has to be master.yourdomain, it means quite simply that
Zivios will be served from an apache virtual host called: master.yourdomain.
Also: the sub-domain does not need to be “master”, it can be
anything you like. If you are confused about this, please ask on the
zivios-discuss mailing list or on the IRC channel before proceeding.
Ensure your system is updated via:
apt-get update
apt-get dist-upgrade
Reboot (if required or recommended by the operating system).
The following base packages are required to run the master web service:
apt-get install apache2 libapache2-mod-php5 php5-curl php5-gd php5-imap php5-ldap php5-mcrypt \
php5-mysql php5-xmlrpc mcrypt mysql-server-5.0 mysql-client-5.0 build-essential ssl-cert less \
bzip2 xml-core lsb-release file libssl-dev libldap2-dev ntp memcached python python-ldap \
python-pyopenssl python-twisted php5-memcache sudo
MySQL admin password needs to be set. You can do so via:
mysqladmin -u root password your_mysql_root_password
Please note this password down.
Installing Pre-requisites
Install libnss-ldap
The libnss-ldap package requires some information which we already have. Simply follow the example:
Our primary domain name for this demo installation is zivios.net. This makes our LDAP base-DN: dc=zivios,dc=net. The base-DN is your “Base Distinguished Name”, which is made up of your “Domain Components”.
Server URI: ldap://127.0.0.1
Distinguished name of search base: dc=zivios,dc=net
LDAP Version to Use: 3
Make local root Database admin: No
Does the LDAP database require login: No
apt-get install libnss-ldap
… enter your answers.
Install Heimdal and Openldap Dependencies
As the web based process requires certain prerequisites to be in
place for auto-compilation to succeed, we need to installed required
libraries accordingly. For Debian based systems, this is quite simple.
apt-get build-dep heimdal
apt-get build-dep slapd
Enable Memcached PHP extension
Zivios uses memcached to accelerate common lookups. Zivios cannot work without memcached enabled.
Debian Etch automatically enables the memcache module in php.ini, hence no further work is required here.
Install libssh2 and php-ssh2
SSH2 is required to enable zivios agents on remote computers. This
is used by Zivios when adding a server to install and configure a
Zivios agent on them.
It is required that you use libssh2-0.14 for this purpose
(provided with Zivios). Newer versions seem not to work properly with
the php5-ssh2 extension.
Copy the required packages over for compilation:
cd /usr/local/src
tar jxvf zivios-0.5.0.tar.bz2
tar zxvf zivios-0.5.0/spkgs/libssh2-0.14.tar.gz
tar zxvf zivios-0.5.0/spkgs/ssh2-0.10.tgz
Compile libssh:
cd libssh2-0.14
./configure
make all install
Install PHP5 module development package:
apt-get install php5-dev
Compile the php5-ssh2 extension:
cd /usr/local/src/ssh2-0.10
phpize
./configure
make
make install
Enable the php-ssh extension:
Edit /etc/php5/apache2/php.ini and add the following line to the end of the file (alongside other enabled extensions):
extension=ssh2.so
- Installing Zivios Server On Debian Etch – Page 2
next Installing Zivios Server On Debian Etch – Page 2
Copyright © 2008 Rehan
All Rights Reserved.
Related Tutorials
Integrating APC (Alternative PHP Cache) Into PHP5 And Lighttpd (Debian Etch)
Integrating APC (Alternative PHP Cache) Into PHP5 And Lighttpd (Debian Etch)
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 08/26/2008
This guide explains how to integrate APC (Alternative PHP Cache) into PHP5 and lighttpd on a Debian Etch system. APC is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It’s similar to other PHP opcode cachers, such as eAccelerator and XCache.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I have tested this on a Debian Etch server with the IP address 192.168.0.100 where lighttpd and PHP5 are already installed and working (e.g. like in this tutorial). I’ll use lighttpd’s default document root /var/www in this tutorial for demonstration purposes. Of course, you can use any other vhost as well, but you might have to adjust the path to the info.php file that I’m using in this tutorial.
2 Checking PHP5′s Current State
First, before we install APC, let’s find out about our PHP5 installation. To do this, we create the file info.php in our document root /var/www:
vi /var/www/info.php
<?php phpinfo(); ?>
Afterwards, we call that file in a browser: http://192.168.0.100/info.php
As you see, we have PHP 5.2.0 installed…
… but APC isn’t mentioned anywhere on the page:
3 Installing APC
APC is a PHP extension that can be installed using PECL. PECL comes with the php-pear package, so we install that now:
apt-get install php-pear
Furthermore we must install some APC dependencies so that PECL can build APC:
apt-get install php5-dev build-essential
Now that all dependencies are installed, we can install APC as follows:
pecl install apc
When you see the following question, please answer with no:
[...]
Use apxs to set compile flags (if using APC with Apache)? [yes] : <– no
[...]
Now that APC is installed, we create the configuration file /etc/php5/cgi/conf.d/apc.ini. We must at least add the line extension=apc.so in there; all other configuration options are optional. You can find a list of all available configuration options on http://de2.php.net/manual/en/ref.apc.php.
vi /etc/php5/cgi/conf.d/apc.ini
extension=apc.so apc.enabled=1 apc.shm_size=30
That’s it. Restart lighttpd, and you’re done:
/etc/init.d/lighttpd restart
Afterwards, open info.php again in a browser: http://192.168.0.100/info.php
You should now see APC mentioned on the page which means it has successfully been integrated and is working as expected:
4 Links
- APC: http://pecl.php.net/package/APC
- PHP: http://www.php.net
- Lighttpd: http://www.lighttpd.net
- Debian: http://www.debian.org
Copyright © 2008 Falko Timme
All Rights Reserved.
D5 Creation