I’ve been using a Xen guest under RHEL 5.2 to hold this Webserver, and because of failures, I choose to keep a copy of the full disk image on another machine. Having to transfer the full disk in the network means stop the server (Xen guest), rsync the image on disk (wait 40 minutes), then start guest again. After doing the initial image transfer, it would be easier to just sync updated files, but… how to loop mount a full disk? ...
Introduction LVM are the initials for Logical Volume Manager, a powerful tool present in actual Linux systems inspired in the implementation available in other systems like AIX and HP-UX. LVM introduces a separation between system structure and elements like disks, partitions, filesystems to which we are used to. LVM has three levels: Physical volumes Volume Groups Logical volumes One of the benefits of LVM over traditional systems is that LVM introduces an abstraction layer which improves the limitation of a disk, allowing us to have a filesystem to span over several disks, resizing thus making a more efficient usage of storage. ...
Introduction SELinux is an implementation of MAC (Mandatory Access Controls) over LSM (Linux Security Modules) in Linux Kernel. SELinux, originally developed by N.S.A. (National Security Agency) allows applications to be confined by the kernel. Inside that “confined area”, much more grained than a standard chroot (system where basic executables are copied to another folder in order to have a small subsystem isolated from real system. The drawback is that a small subsystem could have enough utilities to reveal private information from our internal network),in which we can allow only certain operations, for example: adding information to a file, read from a directory but not writing, even just for one file in a standard directory, etc… ...
Introduction JigDo (JIGsaw DOwnload) is a small utility that can assemble a CD/DVD image from it’s internal files. For example, Debian has been using it for years for distributing the entire distribution: you downloaded a .jigdo file, and then, using the utility jigdo-lite (package jigdo-file on Debian like and RPM based1. This way, you only downloaded small files from servers, preventing line failures, spreading load between several servers, etc. Furthermore, if you already had some files (for example if you started at version X and have been downloading and keeping all files until X.Y, jigdo, can use those updated files to compare them against the .jigdo file and avoid downloading duplicated files… ...
Introduction I’m working for a “very concerned about security” firm, that makes mandatory using VPN for accessing their network, and internal services: IMAPS SMTP Intranet Forums Online training, etc As it should, we provided services for a client, also very concerned about security, thus not allowing internet access despite of using two squid proxies with a network appliance filtering protocols, scripts, viruses and malware. They only allow FTP, HTTP and HTTPS. ...