FreeBSD 4.x and 5.1 ships with BIND version 8.x as the default or base installation. FreeBSD 5.3 – the first of the stable 5.x series – ships with BIND 9.3.0 and some annoying traits. FreeBSD 6.2 ships with BIND 9.4.1 as the base installation. FreeBSD differentiates between a base DNS install and a normal DNS [...]

Let say you are on an expensive satellite link that can barely provide enough bandwidth for your company’s Internet Access and you will want to do whatever you can to get as much as possible out of this link. Moreover, occassionally you loose power from the utility company, long enough for your UPS to run [...]

A much dreaded MySQL error message during queries is “MySQL server has gone away”. An alternative message is “Lost connection to server during query”. This is a strange problem which afflicts a wide variety of PHP software including but not limited to WordPress. There are several causes for it. Let’s look at the common and [...]

Unlike the built-in dhclient, your FreeBSD system does not come with DHCP server software. This is because you only need to configure a DHCP server if you want to lease out IP configuration for your own network. However, there are two ports that allow you to create your own DHCP server. The first is known [...]

Like many people, I use OpenDNS on my office network. It is a free DNS service that translates the URLs of Web pages into IP addresses. OpenDNS theoretically helps speed up Web browsing by using better DNS servers to resolves URLs faster than your Internet Service Provider (ISP). The increase is probably too small for [...]

While OpenVPN clients can easily access the server via a dynamic IP address without any special configuration, things get more interesting when the server itself is on a dynamic address. While OpenVPN has no trouble handling the situation of a dynamic server, some extra configuration is required. The first step is to get a dynamic [...]

Its really useful to have a backup mail server if you receive smtp connections directly. Postfix can do this very easily, and takes minutes to set up. You could get a vps cheaply somewhere and set it up with just postfix and save yourself a lot of trouble if your main mail server goes down. [...]

Apache also has the ability to dynamically compress static Web pages into gzip format and then send the result to the remote Web surfers’ Web browser. Most current Web browsers support this format, transparently uncompressing the data and presenting it on the screen. This can significantly reduce bandwidth charges if you are paying for Internet [...]

Apache is probably the most popular Linux-based Web server application in use. Once you have DNS correctly setup and your server has access to the Internet, you’ll need to configure Apache to accept surfers wanting to access your Web site.
This chapter explains how to configure Apache in a number of commonly encountered scenarios for small web sites.

This document provides an example of how to use the static route tracking feature on the PIX 500 Series Security Appliance or the ASA 5500 Series Adaptive Security Appliance in order to enable the device to use redundant or backup Internet connections. In this example, static route tracking allows the security appliance to use an [...]

By default, the configuration includes a policy that matches all default application inspection traffic and applies inspection to the traffic on all interfaces (a global policy). Default application inspection traffic includes traffic to the default ports for each protocol. You can only apply one global policy, so if you want to alter the global policy, for example, to apply inspection to non-standard ports, or to add inspections that are not enabled by default, you need to either edit the default policy or disable it and apply a new one. For a list of all default ports

When filtering is enabled and a request for content is directed through the security appliance, the request is sent to the content server and to the filtering server at the same time. If the filtering server allows the connection, the security appliance forwards the response from the content server to the client that originated the request. If the filtering server denies the connection, the security appliance drops the response and sends a message or return code that indicates that the connection is not successful.

This tip shows you how to improve DNS lookups by using multiple nameservers. This is useful if you’ve ever had your primary DNS server become unreachable for any reason.

This document describes the process of setting up a Snort network intrusion prevention and detection system on Sun Solaris 10 (SPARC). We will be using Barnyard for processing events to send to a database (to utilize BASE or another SIM product). This guide will go over both PostgreSQL and MySQL database output configurations for the sensor, and PostgreSQL for a separate example BASE console. The sensor configuration [...]

You can never be too safe these days. Viruses, spyware, rootkits, remote exploits, you just never know what security issue is going to be your downfall. That’s why it is important as a Linux administrator to have an understanding of some of the best Linux security tools available to you. In this article, you will learn about ten of the best Linux security tools, and resources on how to use them to your advantage