How To Secure A Linux Server is a nice collection of tips and tricks on improving the security of a Linux server. There are some well-known bits like SSH key authentication and firewall configuration, as well as some less common bits like multi-factor authentication and RAM disk for /tmp.
Category: Linux
Linux is my primary operating system. I used it on the servers, desktops, laptops, netbooks, and even mobile phones since approximately 1997. I’ve tried a number of distributions over the years, and even created a couple myself. I still look around sometimes to see what others are up to. But most of my machines are running some sort of Red Hat – either a quick and easy Fedora Linux, or a stable and secure Red Hat Enterprise Server, or a cheaper CentOS alternative.
And while by now I am very comfortable in the Linux environment (both graphical and command line), I still discover a lot of new and interesting things about it. When I come across something worthy, I usually share it with the rest of the Open Software world, using this category.
Nginx Quick Reference
Nginx Quick Reference is an excellent summary of notes on tweaking the performance and security of the Nginx web server configuration.
UUIDs in MySQL are really not random
Jouke Waleson points out to an interesting fact about UUIDs in MySQL, which you might have missed in the documentation:
Warning: Although UUID() values are intended to be unique, they are not necessarily unguessable or unpredictable. If unpredictability is required, UUID values should be generated some other way.
Make a note!
Dotfile madness
“Dotfile madness” is an excellent look at the problem of hidden data and configuration files that seem to be multiplying lately in the users’ home directories:
We are no longer in control of our home directories.
My own home directory contains 25 ordinary files and 144 hidden files. The dotfiles contain data that doesn’t belong to me: it belongs to the programmers whose programs decided to hijack the primary location designed as a storage for my personal files. I can’t place those dotfiles anywhere else and they will appear again if I try to delete them. All I can do is sit here knowing that in the darkness, behind the scenes, they are there. Waiting in silence. Some of those programmers decided to additionally place some normal files and directories in the same place. Those are clearly visible every time I executelsin my home directory.
While there is no easy centralized solution to this problem, as each application’s developer decides for himself, the article proposes a better way of doing things, reminding us about the XDG Base Directory Specification. This spec allows for a much finer control of where things go via the XDG_* environment variables.
Nice one!
gita – manage multiple git repositories
gita is a command line tool to manage multiple git repositories in parallel. You can easily check the status of several repositories, pull, push, commit, and so on.
This is a nice alternative to how we are handling things at work, with hundreds of repositories all around, but with a lot of overlap between them too. For us, a custom set of scripts works pretty well, with a combination of a powerful terminal emulator. Terminator, for example, provides handy functionality of split screen view, with grouped terminals, where multiple screens can be easily updated with a single command input.