Posts Tagged ‘Linux’

iptables Allow UDP traceroute

By Mark Davidson on March 3rd, 2010

If your running iptables most likely your default INPUT policy will be DROP its easy enough to allow most things through and to allow basic pinging to be performed against the server etc.

However traceroute can be a bit more of a problem to allow since if traceroute is being performed using UDP you need to stop the packets going to a wide range of ports from being dropped. Since you really don’t want to open up all the ports it requires most people just leave it and that means you can only traceroute using ICMP.

The best way I have found to get around this is to just set a REJECT on the port range no need for an ACCEPT and everything works fine.

sudo iptables -A INPUT -i eth0 -p udp -m udp --dport 33434:33523 -m state --state NEW -j REJECT --reject-with icmp-port-unreachable
Posted in
Tags

WordPress Suhosin Memory Limit

By Mark Davidson on February 27th, 2010

On my last post I was uploading some images to include in the post using WordPress. I noticed in my error logs that while resizing the images the PHP script attempts to raise the memory limit.

Feb 26 22:52:29 host suhosin[9636]: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker 'XXX.XXX.XXX.XXX', file '/var/www/wordpress/wp-admin/includes/image.php', line 161)

This is fair enough and is a good idea for security and to stop your server getting overloaded by a single script. So I looked into how to fix this and its a very simple process.

You need to edit your suhosin config. I am doing this under Ubuntu 9.04 mine is located ‘/etc/php5/apache2/conf.d/suhosin.ini’. To fix it for WordPress just add the setting `suhosin.memory_limit` to the config file with the appropriate value in the case of WordPress it needs to be set to 256.

Your config should end up looking like this

extension=suhosin.so
[suhosin]
suhosin.memory_limit = 256M

that is it really very simple. I am going to have a bit of a tweak with suhosin config later I think the default config can be improved a lot.

Posted in
Tags

fish awesome auto complete and more

By Mark Davidson on February 26th, 2010

Ever since I started using Linux all those years ago I have always been on the look out for a different shell that would top bash. I had tried zsh and a few others but none of them really topped bash in a massive way. Recently a mate of mine told me about fish so I tried it out on my Gentoo dev box.

There are a lot of interesting features in fish most of them to do with the auto completion aspects.

The auto-completion of ls arguments is just a very basic example of how fish really improves on standard auto-complete functionality like in bash. As well as being able to complete the normal long arguments it can complete short ones as well plus giving an actual explanation to what the command does. I think this is absolutely great personally for two reasons. First of all if your new to Linux then it helps you learn. Second if your like me and your mind just falls apart some times as its to full other junk (mine being full of knowing every episode of The Simpsons in full word for word) its handy to get a bit of a prompt.

As well as the improvement of auto-completing arguments the auto-completion for programs is improved as well telling you what the program is where possible but at least telling you what the type of application or program is. The below screen shot is when listing a lot of programs which is output using a less type application if there is only a few it will be output like with the above ls auto-complete.

Next one of my personal favorite features of fish is the auto-completion of wildcards for example if I am at the top of my web directory and wanted to get the details of every PHP file in all the sub directories, I would need to do something like `find . -iname “*.php” -print0 | xargs -0 ls -la` while with fish you could just do `ls –la **.php` and get the same result.
Another example as follows is auto-completing on wild cards something that’s not possible with bash.

The last feature I would like to point out in this quick coverage of fish is a small one using the % symbol you can autocomplete for process IDs which can be really handy.

There are some more screen shots showing some other cool features on their website http://fishshell.org/screenshots.html and further detail on all the features on the documentation page http://fishshell.org/user_doc/index.html
Also if your interested checkout the possible features list http://fishshell.org/doc2/index.html#todo-possible think there is some cool ones coming up.

That’s it for now. I am going to continue using fish over the next few days then I will be putting together a bit of a cheat list which ill be posting up here, so if your interested check back soon.

Posted in
Tags
Older Entries Newer Entries