Monday, May 08, 2006
PHP & SQL - Simple Optimization for PHP and MySQL
dublish.com - Simple Optimization for PHP and MySQL
Here is a list of a few very simple tips for optimizing your php/mysql applications. Keep these in mind while developing.
Cisco - Configure SSH2
Quick & dirty doc on getting SSH2 up and running on your Cisco router:
conf t
hostname TR-Router
ip domain-name TechRepublic.com
crypto key generate rsa
ip ssh version 2
ip ssh logging events
Configure SSH on your Cisco router - Security & Availability - Toolkits - ZDNet Asia
conf t
hostname TR-Router
ip domain-name TechRepublic.com
crypto key generate rsa
ip ssh version 2
ip ssh logging events
Configure SSH on your Cisco router - Security & Availability - Toolkits - ZDNet Asia
Cisco - ADSL - Recovering from Shaping
Sometimes it seems that after you have been shaped, you never get your bandwidth back ... not sure if this will fix it, but it sounds right: atm bandwidth dynamic
Cisco IOS states it "Allow dynamic bandwidth change on ATM PVCs"
Cisco IOS states it "Allow dynamic bandwidth change on ATM PVCs"
Networking - Documenting Special Use IPv4 Address Blocks
Contains a list of all private & testing address space and a suggested ACL.
INTERNET-DRAFT
INTERNET-DRAFT
Documenting Special Use IPv4 Address Blocks
Cisco - ACL TCP Flags Filtering
You can actually use ACLs to match on TCp flags such as Reset (RST), Acknowledge (ACK) and so forth.
Cisco IOS IP Application Services Configuration Guide, Release 12.4 - ACL TCP Flags Filtering [Cisco IOS Software Releases 12.4 Mainline] - Cisco Systems
Cisco IOS IP Application Services Configuration Guide, Release 12.4 - ACL TCP Flags Filtering [Cisco IOS Software Releases 12.4 Mainline] - Cisco Systems
ACL TCP Flags Filtering
The ACL TCP Flags Filtering feature provides a flexible mechanism for filtering on TCP flags. Before Cisco IOS Release 12.3(4)T, an incoming packet was matched as long as any TCP flag in the packet matched a flag specified in the access control entry (ACE). This behavior allows for a security loophole, because packets with all flags set could get past the access control list (ACL). The ACL TCP Flags Filtering feature allows you to select any desired combination of flags on which to filter. The ability to match on a flag set and on a flag not set gives you a greater degree of control for filtering on TCP flags, thus enhancing security.
Cisco - Cisco AutoSecure Data Sheet
Cisco AutoSecure Data Sheet [Cisco Network Foundation Protection (NFP)] - Cisco Systems
By incorporating a "one touch" device lockdown process, Cisco AutoSecure enables rapid implementation of security policies and procedures to ensure secure networking services. This new Cisco IOS® Software feature simplifies the security process, thus lowering barriers to the deployment of critical security functionality.Cisco AutoSecure performs the following functions:1
1. Disables the following Global Services
2. Enables the following Global Services
- Password-encryption service
- Tuning of scheduler interval/allocation
- TCP synwait-time
- TCP-keepalives-in and tcp-kepalives-out
- SPD configuration
- No ip unreachables for null 0
3. Disables the following services per interface
- ICMP
- Proxy-Arp
- Directed Broadcast
- Disables MOP service
- Disables icmp unreachables
- Disables icmp mask reply messages.
4. Provides logging for security
- Enables sequence numbers & timestamp
- Provides a console log
- Sets log buffered size
- Provides an interactive dialogue to configure the logging server ip address.
5. Secures access to the router
- Checks for a banner and provides facility to add text to automatically configure:
- Login and password
- Transport input & output
- Exec-timeout
- Local AAA
- SSH timeout and ssh authentication-retries to minimum number
- Enable only SSH and SCP for access and file transfer to/from the router
- Disables SNMP If not being used
6. Secures the Forwarding Plane
- Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available
- Anti-spoofing
- Blocks all IANA reserved IP address blocks
- Blocks private address blocks if customer desires
- Installs a default route to NULL 0, if a default route is not being used
- Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested
- Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,
- Enables NetFlow on software forwarding platforms
Cisco - ADSL - Determine Attenuation & Distance From Exchange
Use the "show dsl interface atm0/0" command on Cisco routers to get the attenuation figure for your router. The column you are interested in is the one under ATU-R, which is the 'Remote' end. The column for ATU-C is the Central Office. DS is for downstream and US is for upstream. Apparently you can divide your attenuation figure by 13.81 to get an approximate distance from the exchange. Further down, you can verify the speed of the line in boh the downstream and upstream direction.
More information on this command can be found here:1-Port ADSL WAN Interface Card [Cisco IOS Software Releases 12.1 Special and Early Deployments] - Cisco Systems
More information on this command can be found here:
Cisco - NAT Errors - Static entry in use, cannot remove
If you get this error "Static entry in use, cannot remove" when trying to remove a static NAT entry on a Cisco router, you need to clear the translations table first.
You should then be able to remove the static entry, but you will have to do this pretty quickly as any activity on that port (inbound or outbaound) will bring the translation back up.
The easiest way to do this is to cut and then paste the four or so commands in one go:
clear ip nat translation *
conf t
no ip nat inside source static tcp 192.168.1.10 6881 interface Dialer0 6881
exit
Cisco Docs:
How to Change the Dynamic NAT Configuration [IP Addressing Services] - Cisco Systems
You should then be able to remove the static entry, but you will have to do this pretty quickly as any activity on that port (inbound or outbaound) will bring the translation back up.
The easiest way to do this is to cut and then paste the four or so commands in one go:
clear ip nat translation *
conf t
no ip nat inside source static tcp 192.168.1.10 6881 interface Dialer0 6881
exit
Cisco Docs:
How to Change the Dynamic NAT Configuration [IP Addressing Services] - Cisco Systems
Linux - Server Monitoring With munin And monit (HowtoForge)
Quick and dirty monitoring ... looks like you can have this up and running in 15 minutes or less ...
Server Monitoring With munin And monit | HowtoForge - Linux Howtos and Tutorials
Server Monitoring With munin And monit | HowtoForge - Linux Howtos and Tutorials
Server Monitoring With munin And monit. In this article I will describe how to monitor your server with munin and monit. munin produces nifty little graphics about nearly every aspect of your server (load average, memory usage, CPU usage, MySQL throughput, eth0 traffic, etc.) without much configuration, whereas monit checks the availability of services like Apache, MySQL, Postfix and takes the appropriate action such as a restart if it finds a service is not behaving as expected. The combination of the two gives you full monitoring: graphics that lets you recognize current or upcoming problems (like "We need a bigger server soon, our load average is increasing rapidly."), and a watchdog that ensures the availability of the monitored services.
Subscribe to:
Posts (Atom)