Sunday, February 11, 2007

Tighten up security, disable Apache's signature

...Server: Apache/2.0.55 (Debian) PHP/5.1.2

Apache by default with most packaged distributions will display the Apache version you are running in a signature and generally any other modules loaded into it too. This can be a problem if you are running old versions with know security issues.

So if doing an upgrade is an inconvenience then perhaps masking the server signature is the way to go.

First we'll begin with PHP. If you navigate to your php.ini file (generally stored in /etc/php5/apache2/), you'll find the expose_php is set to "On". We can turn this off by simply typing in "Off".

Apache itself will sign the version number running too. Again a security issue. If you open the apache2.conf file (generally in /etc/apache2/), you can turn this off with setting:

ServerTokens ProductOnly

Or perhaps you want to scrap it all together:

ServerSignature Off

Programmable Completion with BASH

Most people know that when using the BASH interpreter you can hit tab and the file will complete or output the matches for you to refine the search. But not all know you can do with with many binaries too. When I say this I mean actual parameters.

colabus@typhon:~# dpkg --cont<tab>
--contents --control
colabus@typhon:~# dpkg --contents /var/cache/apt/archives/ruby1.8_1.8.5-4_i386.deb

To do this run or add the following line to your .bashrc file.

. /etc/bash_completion

Simply sourcing the bash_completion file to use in the shell.

It's handy! :)

Friday, February 9, 2007

No such file or directory - irb (Errno::ENOENT)

Uhoh! Ever had this error before?

colabus@typhon:~/public_html/rails/workorders# ruby script/console
Loading development environment.
/usr/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/console.rb:25:in `exec': No such file or directory - irb -r irb/completion -r script/../config/../config/environment -r console_app -r console_with_helpers --simple-prompt (Errno::ENOENT)
from /usr/lib/ruby/gems/1.8/gems/rails-1.1.6/lib/commands/console.rb:25
from /usr/local/lib/site_ruby/1.8/rubygems/custom_require.rb:27:in `gem_original_require'
from /usr/local/lib/site_ruby/1.8/rubygems/custom_require.rb:27:in `require'
from /usr/lib/ruby/gems/1.8/gems/activesupport-1.3.1/lib/active_support/dependencies.rb:147:in `require'
from script/console:3

I came across it when I decided to upgrade the Rails 1.2 and installed an updated Ruby version. Took me a little while to work out what was wrong but it seems script/console calls irb and not irb1.8. If you check out the /usr/bin/ directory you'll find the issue. And a simple fix:

# sudo ln -s /usr/bin/irb1.8 /usr/bin/irb

colabus@typhon:~/public_html/rails/workorders# ruby script/console
Loading development environment.
>>