Here's a great little article on how to edit the hosts file on a Mac:

http://decoding.wordpress.com/2009/04/06/how-to-edit-the-hosts-file-in-mac-os-x-leopard/

Original post blogged on b2evolution.

The National Security Agency publishes a great collection of documents that provide detailed security configuration guidelines. The full index can be found here:

http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml

We particularly like the guides for RedHat EL5:

“Hardening Tips For Default Installation of Red Hat Enterprise Linux 5”
http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf

“Guide to the Secure Configuration of Red Hat Enterprise Linux 5”
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

Original post blogged on b2evolution.

To setup an alternate instance of MySQL listening on TCP port 3307 on a RHEL5 server follow these steps.

1. Setup a new MySQL config file.

cp /etc/my.cnf /etc/my-3307.cnf

Add a line like this:

port = 3307

to the "[mysqld]" section.

Edit /etc/my-3307.cnf and change:

datadir=/var/lib/mysql

to

datadir=/var/lib/mysql-3307

Change:

socket=/var/lib/mysql/mysql.sock

to:

socket=/var/lib/mysql-3307/mysql.sock

Change the following lines:

log-slow-queries=/var/lib/mysqllogs/slow-log
log-bin=/var/lib/mysqllogs/bin-log
log-bin-index=/var/lib/mysqllogs/bin-log.index
relay-log=/var/lib/mysqllogs/relay-log
relay-log-index=/var/lib/mysqllogs/relay-log.index
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

to:

log-slow-queries=/var/lib/mysqllogs-3307/slow-log
log-bin=/var/lib/mysqllogs-3307/bin-log
log-bin-index=/var/lib/mysqllogs-3307/bin-log.index
relay-log=/var/lib/mysqllogs-3307/relay-log
relay-log-index=/var/lib/mysqllogs-3307/relay-log.index
log-error=/var/log/mysqld-3307.log
pid-file=/var/run/mysqld/mysqld-3307.pid

Change server-id to a unique value:

server-id=2

2. Setup a new service control script.

cp /etc/init.d/mysqld /etc/init.d/mysqld-3307

Edit /etc/init.d/mysqld-3307 and add this line:

MYCNF=/etc/my-3307.cnf

directly after:

# Source networking configuration.
. /etc/sysconfig/network

so that you have:

# Source networking configuration.
. /etc/sysconfig/network

MYCNF=/etc/my-3307.cnf

Next change this function:

get_mysql_option(){
result=`/usr/bin/my_print_defaults "$1" | sed -n "s/^--$2=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="$3"
fi
}

to:

get_mysql_option(){
result=`/usr/bin/my_print_defaults -c $MYCNF "$1" | sed -n "s/^--$2=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="$3"
fi
}

Notice that the change is to add "-c $MYCNF" to the call to "my_print_defaults".

Finally run the following search/replace commands to fixup the program name, add defaults file to mysqld_safe call and set unique pid and subsys files:

replace 'prog="MySQL"' 'prog="MySQL-3307"' -- /etc/init.d/mysqld-3307
replace '/usr/bin/mysqld_safe' '/usr/bin/mysqld_safe --defaults-file=$MYCNF' \
-- /etc/init.d/mysqld-3307
replace 'mysqld.pid' 'mysqld-3307.pid' -- /etc/init.d/mysqld-3307
replace '/var/lock/subsys/mysqld' '/var/lock/subsys/mysqld-3307' -- /etc/init.d/mysqld-3307

3. Setup directories

mkdir /var/lib/mysql-3307 /var/lib/mysqllogs-3307
chown mysql.mysql /var/lib/mysql-3307/ /var/lib/mysqllogs-3307
chmod o-rwx /var/lib/mysqllogs-3307

4. Set service to start on boot

/sbin/chkconfig mysqld-3307 on

5. Start the new instance:

/sbin/service mysqld-3307 start

On the first startup you should see some output like this:

Initializing MySQL database: Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h 244418-web3.www.idtweet.com password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]

Starting MySQL-3307: [ OK ]

6. Set MySQL root password.

/usr/bin/mysqladmin -P 3307 -h 127.0.0.1 -u root --password="" password password 'new-password'

And that's it. You now have an new instance of MySQL listening on port 3307.

Remember that you must tell the mysql command line utilities where to find the instance. For example:

mysql -P 3307 -h 127.0.0.1

or

mysql -S /var/lib/mysql-3307/mysql.sock

Also keep in mind that by default any .my.cnf file in your home directory will be used. You may have to override settings in the .my.cnf file and explicitly provide the user and password when connecting.

Original post blogged on b2evolution.

It is of course a bad idea to write code that depends on register_globals for security reason, but sometimes when faced with old code it's a necessary evil. You can turn on register_globals for a site or directory by adding the following line to your .htaccess file:

php_flag register_globals on

Original post blogged on b2evolution.

Plesk is a popular web hosting control panel used by many of our clients. On servers with Plesk, the control panel is located at:

https://yourdomain.com:8443

There are several problems with this URL:

1. It's hard for users to remember the 8443 on the end and the https on the beginning of the URL.

2. Plesk by default uses a self signed SSL certificate that causes warning to be displayed in the user's web browser.

Wouldn't it be nice if you could put Plesk on a friendly URL like https://plesk.yourdomain.com?

Also lets have:

http://plesk.yourdomain.com

automatically redirect to:

https://plesk.yourdomain.com.

Now the your users don't have to remember the https part either.

Now lets get really fancy. Suppose your customer has a domain named acme.com hosted on your server. It would be nice to have the URL:

http://acme.com/plesk

redirect to:

http://plesk.yourdomain.com.

Guess what - it can all be done! Here's how:

1. Get an SSL certificate for plesk.yourdomain.com. A $29 cert from GoDaddy will work just fine. Place the SSL key in:

/etc/pki/tls/private/plesk.yourdomain.com.key

and the SSL certificate in:

/etc/pki/tls/certs/plesk.yourdomain.com.crt

2. Next, create /etc/httpd/conf.d/plesk_proxy.conf with the following contents:

Redirect permanent /plesk https://plesk.yourdomain.com <VirtualHost *:80> ServerName plesk.yourdomain.com Redirect permanent / https://plesk.yourdomain.com </VirtualHost> <VirtualHost *:8444> ServerName plesk.yourdomain.com ErrorLog logs/plesk_proxy.error_log CustomLog logs/plesk_proxy.access_log common SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/pki/tls/certs/plesk.yourdomain.com.crt SSLCertificateKeyFile /etc/pki/tls/private/plesk.yourdomain.com.key ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> SSLProxyEngine On ProxyPass / https://127.0.0.1:8443/ ProxyPassReverse / https://127.0.0.1:8443/ </VirtualHost>

Now just restart Apache and you're ready to go.

Couple of issues to note:

1. You'll need to add the hostname plesk.yourdomain.com to DNS.
2. Depending on your server config, you may need to place plesk.yourdomain.com on a dedicated IP address since each IP address can host only a single SSL site.

Original post blogged on b2evolution.

If you have a server with PHP4 installed but need PHP5 on some websites then:

1. Install a custom build of PHP5 to /opt/php5.

2. Add lines like the following to your apache virtual host:

   AddHandler application/x-httpd-php5 .php ScriptAlias /bin /opt/php51/cgi-bin Action application/x-httpd-php5 /bin/php5

You might also find the RemoveHandler directive handy to disable PHP4.

Original post blogged on b2evolution.

If you need PHP4 on a CentOS5/RHEL5 server then you'll find the RPMs linked below very handy. They install to /opt/php4 and can coexist with a default PHP 5 install.

The included conf.d/php4.conf file includes sample lines to run it as a CGI or as a module.

RPMs are here:
http://repo.conforge.com/conforge/CentOS/5/i386/RPMS/
http://repo.conforge.com/conforge/CentOS/5/x86_64/RPMS/

See this URL for details to add the yum repo:

http://wiki.conforge.com/wiki/Linux-PHP4cgiAndPHP5on+CentOS5

Original post blogged on b2evolution.

To replace all whitespace with single spaces pipe the text through:

tr -s [[:space:]] " "

Original post blogged on b2evolution.