A Linux file system is a collection of various files and folders, which is stored in a separate disk partition. The entire disk partition is divided into various file system blocks, which are used for storing either the user data or the metadata. The metadata can be referred as the repository that contains the information of the file system. One such metadata structure is the superblock, which is very essential for the health of the Linux system. A file system cannot be mounted if you are not able to access the superblock.

Over the years I have had to harden a great number of LAMP boxes, I have found some methods work for better than others. I will now share with you all my favorite 10 along with methods to implement them on Debian/Ubuntu.

10. Lock SSH access right down. I do this by disabling root logins, disabling password authentication and using denyhosts.

To disable root logins do this: vi /etc/ssh/sshd_config and look for the following line: PermitRootLogin yes and change it thus: PermitRootLogin no

To disable password authentication (you will have to use public/private keys) do this: vi /etc/ssh/sshd_config and look for the following line: #PasswordAuthentication yes (note its commented out) and change it thus: PasswordAuthentication no

To install denyhosts do this: apt-get install denyhosts once installed it shouldn't need any configuration, but you can tweak the settings if you wish in /etc/denyhosts.conf

9. Always use Sudo for root access, This is one of the things Ubuntu does really well and its about time other distros did the same.

A while back I wrote about using Apache as a dynamic reverse proxy. Anyone who has done even minimal research into web servers knows that Apache is the swiss army knife. It trys to be everything for everyone, and like a swiss army knife may not be as good as a more refined too at least as far as efficiency is concerned.

Debian's FreeRadius package is built without support for EAP/TLS/TTLS/PEAP because of the licensing problems of the OpenSSL library. But, if you want to implement 802.1x network authentication with strong security, you'll need it. This is a short tutorial that explains how to build Debian (sid aka unstable) package linked to libssl and with EAP/TLS/TTLS/PEAP support compiled in.

First, download the newest source package (orig.tar.gz), Debian diffs (diff.gz) and description file (dsc) from the freeradius package page. The version I tested the procedure with is 1.1.7-1.

The other day I stumbled upon this neat tool that helps cleanup your GConf registry, called GConf Cleaner. While GNOME registry size isn't nowhere near the size of Windows registry, and thus shouldn't slow your computer too much, it's still nice to have a tool that cleans unused and obsolete entries.

Meet GConf Cleaner

The tool is still in early stages of development (version 0.0.2), but I've successfully run it on my desktop and was amazed how many old entries it found. Typically, if you install some GNOME application, play with it a little bit and later decide to delete it, it's configuration settings will remain in the GConf database. So your registry will only grow in time.

OK, this is so cool and sexy, I really don't understand how I didn't find about this earlier. Possibly because it's the recent add-on to the well known script utility?

So, I suppose you all know about script. You type script, do your work, type exit, and you have your complete session logged in the file named typescript. Quite handy if you want to log everything you did in the shell for whatever reasons.

What you might not know is that script has an interesting switch which allows you to also save the exact timing data of the screen output you're capturing. And an additional utility called scriptreplay which can later replay your session in real-time. Like a movie. With perfect timing.

You've finally made the move to a Windows-free computer, you're enjoying your brand new Linux OS, no trojans/viruses, no slowdown, everything's perfect. Suddenly, you need to update the BIOS on your motherboard to support some new piece of hardware, but typically the motherboard vendor is offering only DOS based BIOS flash utilities. You panic! Fortunately, this problem is easy to solve...

Step 1: Download FreeDOS boot disk floppy image

FreeDOS, a free DOS-compatible operating system, is up to the challenge, no need for proprietary DOS versions. So, all you need is a bootable floppy disk image with FreeDOS kernel on it. We are fortunate that guys at FDOS site have prepared one suitable for us. Use the OEM Bootdisk version, the one with just kernel and command.com, because it leaves more free space on disk for the flash utility and new BIOS image. You can also find a local copy of this image attached at the end of this article. After you download the image, you need to decompress it. In other words:

If you're a heavy user of the Linux VGA console, you'll like this feature. Recent 2.6 kernels have added support for soft scrollback. This feature enables you to have much bigger scrollback buffer than the standard console has, at the price of slightly slower console output.

If you are lucky to have fresh X11R7 on your desktop with all its new features and nice filesystem layout you might have noticed that some things have compatibility problems with it. Namely, if you have flash plugin installed you might not see text in flash content displayed properly, depending on how your Linux distribution handled the upgrade.

Is running Oracle10g on Debian Linux possible? Oh yes, definitely! And it runs great, really. It's even easier to install than the older versions of Oracle as there are no problems with incompatible libc library & other bugs. You need to make just two simple preparations before you can enjoy your new development database.