| Tutorial Lengkap

HOWTO : MariaDB and XCache performance tuning on Ubuntu 11.04

The following settings is for tuning the MariaDB database performance on Ubuntu 11.04. It is well tested on Intel Xeon 4 core CPU x 2 and 8 GB RAM. It is also well tested on Drupal 6.2.

Step 1 :

sudo nano /etc/mysql/my.cnf

Change the values as the following :

[mysqld_safe]
nice = -5

[mysqld]
key_buffer_size = 384M
thread_cache_size = 384
max_connections = 500
table_cache = 1800
# If you have 8 cores CPU, the value should be 16 (no. of processor x 2)
thread_concurrency = 16
query_cache_limit = 4M
query_cache_size = 128M

[isamchk]
key_buffer = 64M

Step 2 :

sudo restart mysql

Step 3 (Optional) :

If you are using Hiawatha Web Server and PHP5, the following settings will further tune the performance also.

sudo apt-get install php5-xcache

Step 3a (Optional) :

sudo nano /etc/php5/conf.d/xcache.ini

Change the value of xcache.size as the following :

xcache.size = 64M

Step 3b (Optional) :

sudo /etc/init.d/php-fcgi restart

Step 3c (Optional) :

To test if it is working or not :

sudo php-cgi -v

If you can see the "with XCache v1.3.0, Copyright (c) 2005-2009, by mOo", your xcache is working.

That's all! See you.

HOWTO : MariaDB 5.2 on Ubuntu Server 11.04

Since MySQL is now owned by Oracle, the developers of previous MySQL reformed and developed MariaDB under GPL v2. It is compatible to MySQL and running much faster than MySQL too. You can use MariaDB as alternative. The commands and API are the same, such as "mysql -u root -p".

Step 1 :

Prepare for installation of MariaDB

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 1BB943DB

Step 2 :

sudo nano /etc/apt/sources.list.d/mariadb.list

Append the following lines.

deb http://mirror2.hs-esslingen.de/mariadb/repo/5.2/ubuntu natty main
deb-src http://mirror2.hs-esslingen.de/mariadb/repo/5.2/ubuntu natty main

Save the change and install the following.

Step 3 :

sudo apt-get update

sudo apt-get install mariadb-server mariadb-client

** You can also replace your MySQL to MariaDB in this way. The MySQL will be uninstall automatically. You can also use the my.cnf of MySQL without any problem or replace by the new one.

Step 4 : (Optional)

To tune the performance of MariaDB. Please see this link for reference. The settings are the same.

That's all! See you.

HOWTO : Logwatch for Hiawatha on Ubuntu 11.04 Server

Logwatch reads your log files and alert you about the unusual log entries. It is working perfect for Apache. However, the log directory of Hiawatha is different from Apache. You should do something else on logwatch in order to make it to read Hiawatha log files.

Step 0 :

Install logwatch.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install logwatch

Step 1 :

Make changes to the logwatch configure file in order to tell her to send you a email report.

sudo nano /usr/share/logwatch/default.conf/logwatch.conf

Change the settings of the following lines.

Output = mail
Format = html
MailTo = samiux@gmail.com

Step 2 :

Make logwatch to read Hiawatha log files.

sudo nano /usr/share/logwatch/default.conf/logfiles/http.conf

Add the following lines on the appropriate sections.

LogFile = hiawatha/*access.log
LogFile = hiawatha/*access.log.1
LogFile = hiawatha/*error.log
LogFile = hiawatha/*error.log.1
LogFile = hiawatha/*system.log
LogFile = hiawatha/*system.log.1
LogFile = hiawatha/*garbage.log
LogFile = hiawatha/*garbage.log.1
LogFile = hiawatha/*php-fcgi.log
LogFile = hiawatha/*php-fcgi.log.1
LogFile = hiawatha/*exploit.log
LogFile = hiawatha/*exploit.log.1

Archive = hiawatha/*access.log.*.gz
Archive = hiawatha/*error.log.*.gz
Archive = hiawatha/*system.log.*.gz
Archive = hiawatha/*garbage.log.*.gz
Archive = hiawatha/*php-fcgi.log.*.gz
Archive = hiawatha/*exploit.log.*.gz

That's all. See you!

HOWTO : Secure your Ubuntu Server in a passive way on Ubuntu 11.04

Root account access warning

Add the following to the top of the file /root/.bashrc and you will be informed by email when the root account is being accessed.

echo -e "Root Shell Access on `tty` \n `w`" | mail -s "Alert: Root Access" samiux@gmail.com

You are also required to add the captioned line at the sudoers' .bashrc file.

echo -e "Sudoer Shell Access on `tty` \n `w`" | mail -s "Alert: Sudoer Access" samiux@gmail.com

Hardening SSH

The official port of SSH is 22. You can change it to any port that between 1024 and 65535. You can do it at the router or firewall and you can do it at the configure file of SSH at /etc/ssh/sshd_config. You are recommended to disable the root account login via SSH even you are using Ubuntu.

Port 65535
PermitRootLogin no

sudo /etc/init.d/sshd restart

Block all failed attempts

You are also required to install Fail2Ban in order to block all several time failed attempts.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install fail2ban

Change the setting at /etc/fail2ban/jail.conf when necessary.

Restart the fail2ban after the changes.

sudo /etc/init.d/fail2ban restart

Finally, enable firewall and only allow necessary ports to be access.

That's all! See you.

HOWTO : vsFTPd on Ubuntu Server 11.04

Step 1 :
Install the vsFTPd.

sudo apt-get update
sudo apt-get upgrade

sudo apt-get install vsftpd

Step 2 :
Edit the configure file of vsFTPd.

sudo nano /etc/vsftpd.conf

Change the setting as the following.

# If you allow anonymous login then
anonymous_enable=YES
# If you do not allow anonymous login then
#anonymous_enable=NO
local_enable=YES
write_enable=YES
# Users are allowed to walk around at his directory only
chroot_local_user=YES

If you are behind a firewall or router, the following setting should be implemented and append to the end of the file.

pasv_enable=YES
#pasv_promiscuous=YES
pasv_min_port=50000
pasv_max_port=50100
# If your server's IP address is 192.168.0.15
pasv_address=192.168.0.15

#local_root=/home

Make sure port 20, 21, and 50000-50100 are opened at your firewall or router. The ports should be forwarded to and opened at the vsFTPd server. Anonymous user can be download the files at /home/ftp directory.

Since the current version of vsFTPd changed the chroot setting, you need to create a working directory at /home/samiux (for example), such as /home/samiux/my_ftpdir.

Step 3 :

sudo chmod 500 /home/samiux
sudo chmod 775 /home/samiux/my_ftpdir

Step 4 :
Restart vsFTPd.

sudo /etc/init.d/vsftpd restart

That's all. See you.

HOWTO : MariaDB 5.2 on Ubuntu Server 10.10

deb http://mirrors.xmission.com/mariadb/repo/5.2/ubuntu maverick main
deb-src http://mirrors.xmission.com/mariadb/repo/5.2/ubuntu maverick main

Save the change and install the following.

Step 3 :

sudo apt-get update

sudo apt-get install mariadb-server mariadb-client

** You can also replace your MySQL to MariaDB in this way. The MySQL will be uninstall automatically. You can also use the my.cnf of MySQL without any problem or replace by the new one.

Step 4 : (Optional)

To tune the performance of MariaDB is the same as tuning MySQL. Please see this link for reference. The settings are the same.

That's all! See you.

HOWTO : MySQL and XCache performance tuning on Ubuntu 10.10

The following settings is for tuning the MySQL database performance on Ubuntu 10.10. It is well tested on Intel Xeon 4 core CPU x 2 and 8 GB RAM. It is also well tested on Drupal 6.2.

Step 1 :

sudo nano /etc/mysql/my.cnf

Change the values as the following :

[mysqld_safe]
nice = -5

[mysqld]
key_buffer = 384M
thread_cache_size = 384
max_connections = 500
table_cache = 1800
# If you have 8 cores CPU, the value should be 16 (no. of processor x 2)
thread_concurrency = 16
query_cache_limit = 4M
query_cache_size = 128M

[isamchk]
key_buffer = 64M