May 2008

libvirt + KVM on Debian mini-HOWTO

This mini-HOWTO will give you some idea about using KVM handily with the help of libvirt - The virtualization API (http://libvirt.org/), where an ultimate goal is using virt-manager (http://virt-manager.et.redhat.com/) in order to provide similar MUI (management UI) and feature as VMWare. The main idea of using libvirt is because of its handy virtual client management style. Besides using libvirt, we will need to use CLI and input corresponding parameter to start the virtual client manually (every time!), or prepare a lossy startup script for reuse; libvirt can give a hand for virtual client installation, profile create and management (in XML style so easy to understand and editable), and even instant start/shutdown/etc action. Long story short, libvirt is much like a middle-ware between low level KVM/XEN/QEmu interface and high level virt-manager MUI.
First of all, I will assume that you have some knowledge about what is KVM and how to let it function on Debian sid. I will not detail them once again within this mini-HOWTO. In order to have more general idea, please refer to here.

Using NVIDIA Linux graphics drivers with Linux 2.6.25 on Debian sid

According to the release of Linux kernel 2.6.25 on Debian sid, it is time to upgrade my Debian server's NVIDIA display driver (on-board display of FOXCONN 6100M2MA-8EKRS2H). BTW, if combine with official stable release of NVIDIA AMD64 driver v.169.12, the installation will be fail due to not compatible.

Protect your Apache from DDoS attack - mod_evasive

DDoS attack (http://en.wikipedia.org/wiki/Denial-of-service_attack) is all around the Internet and no one can escape from it. What we can do is trying to protect ourself whenever happened. On the other hand, DDoS attack to Apache is also very common so what can we do for it? Let's try mod_evasive (http://www.zdziarski.com/projects/mod_evasive/).

The installation of mod_evasive under Debian is very simple: apt-get install libapache2-mod-evasive

Filter spam or bad robot visit your Apache with Fail2ban

Since a long days before I keep on using Apache's mod_access for spam or bad robot filtering (http://edin.no-ip.com/content/block-apache-visiting-abnormal-user-agent). It is quite handy and simple; BTW, you need to configure it manually. The benefit of the model is you only need to have a functional Apache installed then you can set it up without any special difficult and dependence; and the drawback is simple that it is not flexible.

Some useful tools for enhenance Debian security

After my recent dark ages, is time to review my Debian security level... As a starting point, the Securing Debian Manual is a must for ANY Debian administrator. Moreover, there is some useful tools, e.g. tripwire, chkrootkit and fail2ban, too.

Some useful tools for enhenance Debian security

After my recent dark ages, is time to review my Debian security level... As a starting point, the Securing Debian Manual is a must for ANY Debian administrator. Moreover, there is some useful tools, e.g. tripwire, chkrootkit and fail2ban, too.

Server is being hacked...

Well.. Too bad that my server is being hacked by someone, and inject some zombie code to attack other servers. I found that on last night, clean those zombie code, change admin password and so on. BTW, it is still too late that No-IP have already block my user account... I should check my server more often.

AWstats + Apache + Webmin on Debin etch mini-HOWTO

AWstats is a good replacement of Analog and Webalizer: it provide a good interface, and can analyze different type of log files, including HTTP, FTP and SMTP. It is not too difficult to setup under Debian etch, but need some tricky skill. On the other, AWstats provide an official Webmin module. So may we make use of both Webmin and AWstats, for a handy configuration and management? This mini-HOWTO will cover the required step for installing AWstats and its Webmin module, also a simple example for how to make use all of this.