Archive for the 'GNU/Linux' Category

Hiawatha: a secure and advanced webserver

Hiawatha is a secure, full-featured and lightweight web server, licensed under GPL 2. Features are:

  • Access/connection control
  • Banning
  • CGI support (including PHP)
  • CGI wrapper (run CGI under a diffrerent uid/gid in a secure way)
  • Chunked Transfer-encoding
  • CommandChannel (control Hiawatha by telnetting to a special port)
  • Cookie support
  • Cross-site scripting prevention
  • Customizable ServerString
  • Directory listing with customizable stylesheet
  • DoS/flooding protection
  • FastCGI support (load-balanced)
  • GZip Content-Encoding support
  • HTTP authentication (basic and digest)
  • If-(Un)Modified-Since header field
  • Interface binding control
  • Internal file caching
  • IPv6 support
  • Keep-alive connections
  • Large file support
  • Logging
  • Request pipelining
  • Range header field (single range support)
  • Referer control for images (prevent external image linking)
  • Rootjail
  • SSL support
  • SQL injection prevention
  • Traffic throttling/shaping (control uploadspeed)
  • URL rewriting via regular expressions
  • Userdirectory support
  • Virtual host support
  • Volatile object support (for frequently changing objects, like webcam pictures)
  • XSLT support

Very interesting are the bolded security features and the build in XSLT support. It does not seem to be in the official repositories of the linux distributions.

Compile and run tests of Hiawatha have successfully been done (by me or others) on Debian, Ubuntu, Gentoo, Fedora, Slackware, FreeBSD, OpenBSD, NetBSD, MacOS X, Solaris and Cygwin. Because of the use of autoconf, it’s very likely that Hiawatha will compile and run on other Unix-clones as well.

A package/port is available for the following operating systems: ArchLinux, Debian, Fedora, FreeBSD, MacOS X, OpenBSD, SUSE and Windows.

Cherokee: very fast webserver

cherokee

Cherokee [1] (licensed under the GNU General Public License, version 2) is a very fast [2], flexible and easy to configure Web Server. It supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, SSI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Load Balancing, Apache compatible log files, Data Base Balancer, Reverse HTTP Proxy and much more.

A user friendly interface called cherokee-admin [3] is provided for a no-hassle configuration of the server. Check out the benchmarks and documentation to learn more, and give it a try to squeeze your hardware to the fullest!

…and…

Cherokee is very light, completely modular and it can be tailored to your specific needs. As such, disk requirements will vary depending on the options selected for the building process. A static build for embedded devices can occupy as little as 200KB, give or take.

In terms of processing power, it has been known to work with as little as 133Mhz ARM processors. It could very well work on something smaller, but we haven’t really had the chance to try it out.

[1] http://www.cherokee-project.com/
[2] http://www.cherokee-project.com/benchmarks.html
[3] http://www.cherokee-project.com/doc/bundle_cherokee-admin.html

BotHunter: passive network monitoring tool

BotHunter [1] is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter.  Using an advanced infection-dialog-based event correlation engine (patent pending), BotHunter represents the most in-depth network-based malware infection diagnosis system available today.

[1] http://www.bothunter.net/

Rsnapshot: poor men’s timemachine

One of my favorite backup app is:

rsnapshot [1] is a filesystem snapshot utility for making backups of local and remote systems.

Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals.

Depending on your configuration, it is quite possible to set up in just a few minutes. Files can be restored by the users who own them, without the root user getting involved.

There are no tapes to change, so once it’s set up, your backups can happen automatically untouched by human hands. And because rsnapshot only keeps a fixed (but configurable) number of snapshots, the amount of disk space used will not continuously grow.

rsnapshot is written entirely in Perl. It should work on any reasonably modern UNIX compatible OS, including: Debian GNU/Linux, Red Hat Linux, Fedora Linux, SuSE Linux, Gentoo Linux, Slackware Linux, FreeBSD, OpenBSD, NetBSD, Solaris, Mac OS X, and even IRIX.

Interesting is also the use of Rsnapshot accessing LVM.

[1] http://www.rsnapshot.org/

Nginx: high-performance web and proxy server.

Nginx [1] [2] is a high-performance web and proxy server. It has a lot of features, but it’s not for everyone. People generally use Nginx:

  • As an Apache replacement that gracefully handles many concurrent connections: Nginx is especially popular among web hosting providers. 50,000 simultaneous connections have been reported, thanks to Nginx’s use of epoll and kqueue.
  • As a load-balancing proxy server: Nginx is a popular front-end to Rails and PHP applications, either via FastCGI or HTTP. Written in C, it consumes about a quarter of the CPU that Perlbal uses.
  • As a mail proxy server: more of a niche application, but fastmail.fm reports great success.
  • As a server with a simple installation process, a clean configuration file, and few bugs: Nginx is easy to get running, and it almost never needs restarting. You can even upgrade the binary with zero downtime.

Nginx is very popular as you can see on Netcraft.

[1] http://nginx.net/
[2] http://wiki.codemongers.com/

paldo: Swiss GNU/Linux Distribution

I would like to here some feedback about this almost unknown GNU/Linux distribution:

paldo [1] is a Upkg [2] driven GNU/Linux distribution. It’s kind of a mix of a source and a binary distribution. Even though it builds packages like a source distribution it provides binary packages. paldo aims to be simple, pure, up to date and standards compliant.

[1] http://www.paldo.org/
[2] http://www.upkg.org/

GnuPG Keysigning Party at ETH

Don’t miss the GnuPG Keysigning Party, Friday December 12th 7p.m. at ETH (HG E21). For more information see the official announcment.

Debian packages in Java

There are a few tools which privide this functionality, but these two looking very promising:

jdeb [1]: This library provides an Ant task and a Maven plugin to create Debian packages from Java builds in a truly cross platform manner. Build your Debian packages on any platform that has Java support. Windows, Linux - it does not require additional native tools installed. The API underneath is well abstracted can easily be adopted for other areas as well.

ant-deb-task [2]: An Ant task that allows you to create debian .deb packages on any platform where Java is available.

[1] http://vafer.org/projects/jdeb/
[2] http://code.google.com/p/ant-deb-task/

Eclim: Eclipse in Vim

The primary goal of eclim [1] is to bring Eclipse functionality to the Vim editor. The initial goal was to provide Eclipse’s java functionality in vim, but support for various other languages (php, python, css, html, xml, etc.) have been added and several more are planned.

Eclim is less of an application and more of an integration of two great projects. The first, Vim, is arguably one of the best text editors in existence. The second, Eclipse, provides many great tools for development in various languages. Each provides many features that can increase developer productivity, but both still leave something to be desired. Vim lacks native Java support and many of the advanced features available in Eclipse. Eclipse, on the other hand, still requires the use of the mouse for many things, and when compared to Vim, provides a less than ideal interface for editing text.

That is where eclim comes into play. Instead of trying to write an IDE in Vim or a Vim editor in Eclipse, eclim provides an Eclipse plug-in that exposes Eclipse features through a server interface, and a set of Vim plug-ins that communicate with Eclipse over that interface.

[1] http://eclim.sourceforge.net/

CRE: Domain Name System

Tim vom Chaos Computer Club Berlin imformiert ausführlich, qualitativ hochstehend und regelmässig in einem Podcast “Chaosradio Express” (kurz CRE) über Aktuelles rund um Technik und Gesellschaft.

Tim hat sich diesmal in der 99 Folge das DNS vorgenommen. Ich hatte noch nicht die Gelegenheit den Podcast selber zu hören, kann mir aber gut vorstellen, dass das sonst schon hohe Niveau in diesem Podcast nochmals übertroffen wird.

Wie man weiss ist DNS der wichtigste Dienst im Internet, obschon er seit nunmehr 25 Jahren praktisch nicht mehr verändert wurde, läuft er stabil. Die Anforderungen haben sich jedoch in den letzten Jahren exponentiell erweitert. So wird heute DNS für alles mögliche Missbraucht, besonders beliebt ist er auf für die Bekämpfung von SPAM (SPF, Spamblacklists).

Next Page »