Silencing pointless reverse DNS warnings from OpenSSH

If you’ve been using SSH for long you’ve probably seen this at least once: Address 11.22.33.44 maps to www.foobar.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

Sometimes this is helpful. Sometimes this is really annoying and incorrect. Assuming you are a moderately well informed sysadmin and know that this message can safely be ignored, you might have been stumped trying to silence it. You may have tried every option in man ssh_options and even some of your own (STFU on?) I think I may be able to help.
Continue reading “Silencing pointless reverse DNS warnings from OpenSSH”

Recommended mount options for ext3

The details of the various mount options for the ext3 filesystem are fairly well documented, but as with many things in the Unix world, knowledge is far easier to come by than wisdom. That’s a pithy way of saying that I had to do some digging to find recommendations, as opposed to explanations. So here are my recommendations for ext3 users (which encompasses the majority of the Linux-using world, as far as I can tell).
Continue reading “Recommended mount options for ext3”

Retroactively Minimizing Installed Packages on CentOS 5.1

In my CentOS 5.1 Minimal VPS Install Guide I describe how to install a very lean set of OS packages when starting from scratch. But what if the VPS is preinstalled for you by a hosting provider? There will be things preinstalled that you don’t need, which will slow down backups and updates, and waste the relatively tiny amount of disk space that VPS plans offer. So here are some instructions to help you identify and remove packages that you don’t need, when they’ve already been installed.
Continue reading “Retroactively Minimizing Installed Packages on CentOS 5.1”

Sphinx Search init script for Centos 5.1

Sphinx search is pretty new, and as a result I was unable to find a nice convenient package for it for CentOS 5.1. This is problematic since there is no init script included with the source tarball, and the issue of updating the index is the sysadmin and developer’s problem, and cannot be configured to simply update the index when the data changes.
Continue reading “Sphinx Search init script for Centos 5.1”

Making SELinux allow a nonstandard MySQL port number on Centos 5.1

SELinux is a recently added security system that’s installed by default with CentOS 5.1 (and Red Hat Enterprise Linux 5, and others). Since it’s newer than the classic “Discretionary Access Control” Unix security model, it’s not nearly as well documented, and unfamiliar to many. I had never even heard of it until this week.

After a lot of reading about it, and debating disabling it entirely, I figured out how to do some minor SELinux customization to fit my needs for a MySQL database server. Hopefully this will help folks who are in a similar situation.

Continue reading “Making SELinux allow a nonstandard MySQL port number on Centos 5.1”