Over the years I have had to harden a great number of LAMP boxes, I have found some methods work for better than others. I will now share with you all my favorite 10 along with methods to implement them on Debian/Ubuntu.

10. Lock SSH access right down. I do this by disabling root logins, disabling password authentication and using denyhosts.

To disable root logins do this: vi /etc/ssh/sshd_config and look for the following line: PermitRootLogin yes and change it thus: PermitRootLogin no

To disable password authentication (you will have to use public/private keys) do this: vi /etc/ssh/sshd_config and look for the following line: #PasswordAuthentication yes (note its commented out) and change it thus: PasswordAuthentication no

To install denyhosts do this: apt-get install denyhosts once installed it shouldn't need any configuration, but you can tweak the settings if you wish in /etc/denyhosts.conf

9. Always use Sudo for root access, This is one of the things Ubuntu does really well and its about time other distros did the same.

The Debian Project is pleased to announce the official release of Debian GNU/Linux version 5.0 (codenamed "Lenny") after 22 months of constant development. Debian GNU/Linux is a free operating system which supports a total of twelve processor architectures and includes the KDE, GNOME, Xfce, and LXDE desktop environments. It also features compatibility with the FHS v2.3 and software developed for version 3.2 of the LSB.

This release includes numerous updated software packages, such as the K Desktop Environment 3.5.10 (KDE), an updated version of the GNOME desktop environment 2.22.2, the Xfce 4.4.2 desktop environment, LXDE 0.3.2.1, the GNUstep desktop 7.3, X.Org 7.3, OpenOffice.org 2.4.1, GIMP 2.4.7, Iceweasel 3.0.6 (an unbranded version of Mozilla Firefox), Icedove 2.0.0.19 (an unbranded version of Mozilla Thunderbird), PostgreSQL 8.3.6, MySQL 5.0.51a, GNU Compiler Collection 4.3.2, Linux kernel version 2.6.26, Apache 2.2.9, Samba 3.2.5, Python 2.5.2 and 2.4.6, Perl 5.10.0, PHP 5.2.6, Asterisk 1.4.21.2, Emacs 22, Inkscape 0.46, Nagios 3.06, Xen Hypervisor 3.2.1 (dom0 as well as domU support), OpenJDK 6b11, and more than 23,000 other ready-to-use software packages (built from over 12,000 source packages).

As a real Debian unstable addict, for a long time, I wanted to have real time notifications when upstream repository updates. So I can immediately check what's new and, time permitted, do the upgrade right away. Fortunately, I had some spare time few weeks ago that I invested in developing a neat script that you can find attached. This was also an exercise in using the GNOME notification mechanism. It's all quick and dirty, but it gets the job done well.

Let me also say that I know that there are GNOME applets that do the similar task, sitting in the tray and checking for updates. But for many reasons, I wanted my own solution. First of all, I don't like programs taking place in my GNOME panel (or system memory), when there's no pressing need for that. Second, I wanted much faster response. Finally, doing some perl scripting from time to time is good for one's karma.

This morning, hardworking Debian developers pushed the remaining pieces of the brand new X.Org 7.3 to Debian sid (unstable) distribution. And it must be said, a well done job!

ii  x11-apps            7.3+1      X applications
ii  x11-common          1:7.3+2    X Window System (X.Org)
ii  x11-session-utils   7.3+1      X session utilities
ii  x11-utils           7.3+1      X11 utilities
ii  x11-xfs-utils       7.3+1      X font server utilities
ii  x11-xkb-utils       7.3+1      X11 XKB utilities
ii  x11-xserver-utils   7.3+1      X server utilities
ii  xbase-clients       1:7.3+2    miscellaneous X clients - metapackage
ii  xorg                1:7.3+2    X.Org X Window System
ii  xorg-dev            1:7.3+2    the X.Org X Window System development
ii  xserver-xorg        1:7.3+2    the X.Org X server
ii  xutils              1:7.3+2    X Window System utility programs


Debian's FreeRadius package is built without support for EAP/TLS/TTLS/PEAP because of the licensing problems of the OpenSSL library. But, if you want to implement 802.1x network authentication with strong security, you'll need it. This is a short tutorial that explains how to build Debian (sid aka unstable) package linked to libssl and with EAP/TLS/TTLS/PEAP support compiled in.

First, download the newest source package (orig.tar.gz), Debian diffs (diff.gz) and description file (dsc) from the freeradius package page. The version I tested the procedure with is 1.1.7-1.

Three and half years have passed since my first attempts to install Oracle 10g on an unsupported Debian GNU/Linux distribution. Seeing that Oracle 11g is out, and exclusively for Linux at this time, I decided to download it among the first and see and share with you what it's installation looks like.

The distribution can be downloaded from the Oracle Database Software Downloads page, but let me warn you upfront that the archive is 1.7GB in size, so you'll need quite a big pipe to successfully download it. What makes it even harder is that Oracle insists that you download it from browser window (Wget and similar utilities won't work out of the box, although there are some tricks that can be deployed), so be prepared to have that browser window open for a long time and prey that download doesn't break along the way.

The Debian project has updated the stable distribution Debian GNU/Linux 4.0 (codename Etch). This update adds security updates to the stable release, together with a few corrections to serious problems. As always, the first point release also corrects a few issues that have been noticed too late in the release process to stop the release, but still should be fixed.

This point release for Etch also includes an updated release of the installer, which includes the following changes:

Yeah, this is quite an old picture, but I just couldn't resist republishing it. It's fun, and it's still true. :)

Original comment from Illiad, the writer of the hilarious User Friendly Comic Strip:

You have express permission to sell the Mike posters for Debian! My share of the profit should be entirely donated to the Debian project. All I ask for is a small mention somewhere that says this. Best of luck with it, and keep up the great work with a fine distribution!

The other day I was playing with fun Google Trends tool and got an idea to check Ubuntu versus Debian popularity. You can see the result on the picture below and I don't know about you, but it simply amazes me how popular Ubuntu is these days. And not only that, but its popularity is growing day by day, while it can be easily seen that Debian is either stagnating or slowly fading out.

sshfs is a very slick way to access your remote filesystems, securely and transparently. It is based on the great FUSE (Filesystem in Userspace) framework, which has been integrated in the linux kernel since version 2.6.14. While sshfs may not be as fast and featureful as other full-blown network filesystems such as NFS or Samba, it still has some great features: