[axxs-sysadmin] behold, we have BORG!

Cameron Gregg cam at earthanarchy.org
Fri May 4 12:42:55 UTC 2007 

Hi all,

for those who haven't heard, our new server is in. We have called it 
borg.axxs.org

Currently we are still installing packages to make it functional.

here is a log from IRC of what I did tonight. I would like feedback 
about the mysql settings, if someone sees a way to improve...and 
anything else i did of course.

thanks
Cam

<Kameron> ok, lets have a look at borg...
<Kameron> kernel upgrade is out
<Kameron> installing...
<Kameron> rebooting...
<Kameron> ok, back in
<Kameron> yay! :)
<Kameron> now, mysql
<Kameron> hmm
<Kameron> ? The way passwords were stored was not very secure. This has 
been improved with the drawback that clients   ?
<Kameron>   ? (e.g. PHP) from hosts running Debian 3.1 Sarge will not be 
able to connect to account which are new or     ?
<Kameron>   ? whose password have been changed. See 
/usr/share/doc/mysql-server-5.0/README.Debian.                       ?
<Kameron>   ? 
                                                  ?
<Kameron>   ? Support MySQL connections from hosts running Debian 
"sarge" or older?
<Kameron> i chose no
<Kameron> more secure :)
<Kameron> hmm, query cache...
<Kameron> # * Query Cache Configuration
<Kameron> #
<Kameron> query_cache_limit       = 1M
<Kameron> query_cache_size        = 16M
<Kameron> that needs enlarging...
<Kameron> now 8M and 128M
<aketus> good good
<Kameron> it could probably be more
<Kameron> but ill mail the list for feedback
<Kameron> also
<Kameron> i dont know what these are, so havent touched them
<Kameron> # * Fine Tuning
<Kameron> #
<Kameron> key_buffer              = 16M
<Kameron> max_allowed_packet      = 16M
<Kameron> thread_stack            = 128K
<Kameron> thread_cache_size       = 8
<Kameron> #max_connections        = 100
<Kameron> #table_cache            = 64
<Kameron> #thread_concurrency     = 10
<Kameron> i assume the commented out ones are default
<aketus> cool
<aketus> P.S max_connections is something we could probably increase 
given the bigger load this new server should be able to take
<aketus> most of the mysql dropouts on axxs were due to spambots maxing 
out the connections even though i think it had been increased
<aketus> nevertheless, we'll see. interesting it's commented out (i just 
caught on to that)
<Kameron> ok. apache/php
<Kameron> ooo, apache2 is now using 2.2
<aketus> nice
<Kameron> http://borg.axxs.org/   yay
<Kameron> heheh
<aketus> w00t!
<Kameron> now, php5
<Kameron> ill install php-gd as well
<aketus> yep, cool
<aketus> i think it's called php5-gd
<Kameron> yep
<Kameron> installed
<Kameron> also did  cam at borg:~$ sudo /usr/sbin/a2enmod rewrite
<Kameron> so mod_rewrite is installed.
<Kameron> should all thats needed for drupal
<aketus> cool
<Kameron> oh, and also ttf-bitstream-vera for captcha true type fonts
<aketus> good one
Kameron> ok, installed nmap
<Kameron> cam at borg:~$ sudo nmap borg.axxs.org
<Kameron> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 
2007-05-04 12:28 UTC
<Kameron> Interesting ports on borg.axxs.org (66.135.32.15):
<Kameron> Not shown: 1677 closed ports
<Kameron> PORT    STATE SERVICE
<Kameron> 22/tcp  open  ssh
<Kameron> 80/tcp  open  http
<Kameron> 225/tcp open  unknown
<Kameron> Nmap finished: 1 IP address (1 host up) scanned in 0.183 seconds
<Kameron> cam at borg:~$
<Kameron> is that 225 port webmin?
<Kameron> on borg its 23901
<Kameron> oh
<Kameron> cam at borg:~$ telnet borg.axxs.org 225
<Kameron> Trying 66.135.32.15...
<Kameron> Connected to borg.axxs.org.
<Kameron> Escape character is '^]'.
<Kameron> SSH-2.0-OpenSSH_4.3p2 Debian-9
<Kameron> i thought it ran on 22
<Kameron> weird
<aketus> http://forums.serverbeach.com/showthread.php?threadid=1820
<aketus> http://forums.serverbeach.com/archive/index.php/t-3162.html
<aketus> yeah not sure, it may be a serverbeach thing
<aketus> sbadm - dunno what that is
<Kameron> ah yes, for serverbeach admin
<Kameron> seems pretty secure the way they set it up
<aketus> ah
<aketus> yeah
<Kameron> ok, heres an nnap for localhost and borg
<Kameron> cam at borg:~$ sudo nmap localhost
<Kameron> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 
2007-05-04 12:35 UTC
<Kameron> Interesting ports on localhost (127.0.0.1):
<Kameron> Not shown: 1675 closed ports
<Kameron> PORT     STATE SERVICE
<Kameron> 22/tcp   open  ssh
<Kameron> 25/tcp   open  smtp
<Kameron> 80/tcp   open  http
<Kameron> 225/tcp  open  unknown
<Kameron> 3306/tcp open  mysql
<Kameron> Nmap finished: 1 IP address (1 host up) scanned in 0.143 seconds
<Kameron> cam at borg:~$ sudo nmap borg.axxs.org
<Kameron> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 
2007-05-04 12:35 UTC
<Kameron> Interesting ports on borg.axxs.org (66.135.32.15):
<Kameron> Not shown: 1677 closed ports
<Kameron> PORT    STATE SERVICE
<Kameron> 22/tcp  open  ssh
<Kameron> 80/tcp  open  http
<Kameron> 225/tcp open  unknown
<Kameron> Nmap finished: 1 IP address (1 host up) scanned in 0.141 seconds
<Kameron> cam at borg:~$
<Kameron> looks pretty safe

More information about the axxs-sysadmin mailing list