# curl icanhazip.comPound
pound is a tiny reverse proxy load balancer and SSL offloader. It’s not a caching proxy like Varnish, but its simplicity and lightweight make it a good choice for making an HTTPS front-end on a moderate traffic platform.
Create a PEM file
pound use the PEM format. A single PEM file can contain all the needed files (public certificate, intermediate certificate, root certificate and private key).
To convert your SSL files certificate to a PEM file usable for Pound:
# cat server.key > cert.pem
# cat your.domain.tld.crt >> cert.pem
# cat intermediate.crt >> server.pem
Disable SSLv3
To improve security you can disable the SSLv3 protocol. You need at least the patched version 2.6 to do that. Add the DisableSSLv3 directive inside your ListenHTTPs block.
Improve ciphers selection
To improve security you can also disable old/weak ciphers. Redefine the ciphers selection like this:
Ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:-RC4:EECDH+aRSA+RC4:EECDH+RC4:EDH+aRSA+RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:RC4+SHA"Further Reading and sources
[Redhat] chkconfig
The chkconfig utility is a command-line tool for Redhat/Redhat-based distribution that allows you to specify in which runlevel to start a selected service, as well as to list all available services along with their current setting.
List all services
To display a list of services from the /etc/rc.d/init.d/ directory and services controlled by xinetd type either chkconfig --list or chkconfig with no additional arguments.
Enabling or disabling a given service
# chkconfig <service_name> <on|off>For example, to enable postfix :
# chkconfig postfix onBy default chkconfig use headers from the init script to determine for which runlevel the script should be enabled/disabled.
You can override this behavior with the --level options. For instance, to enable the abrtd service in runlevels 3 and 5:
# chkconfig abrtd on --level 35Do not use the --level option for service managed by xinetd.
Add a ‘custom’ service
You must add a custom line for chkconfig into your init script. For example:
# chkconfig: 2345 90 60The first argument list runlevel to start the service for. The second argument is the startup priority and the third the stop priority.
After that, add the init script :
chkconfig --add <my_script> chkconfig<my_script> on
xdiskusage
xdiskusage is a graphical tool for displaying disk usage per directory. It’s kind of an ancestor to the more desktop oriented tool baobab and filelight.
One terrific feature for sysadmin of xdiskusage is that it can use a du output file as data source !
First generate an output file on the host to analyse (here foobar-host1) :
# du -ab * > du_foobar-host1.txtrsync the du output file on your desktop machine, then make a:
# xdiskusage du_foobar-host1.txt