I haven’t been blogging too much lately because I’ve been busy with some things. I was on vacation a few weeks back in San Francisco and had a job interview while I was out there. Turns out, I got the job and I start on July 12th so things are going to be hectic as I move. I’m trying to sell off some stuff too (CDs, DVDs, etc). More to come.

On Saturday, my girlfriend and I are flying out to California to see my brother and his girlfriend from May 29th-June 6th. Fun times will be had! That is all.

I’ve been running memph.us on Apache since I started this site, but I got tired of all the memory consumption and the server swapping, so I decided to check out nginx. It’s a very simple install/configuration.

First, I need to get EPEL:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
After this, I simply ran the following command:
sudo yum install nginx
I edited the nginx virtual.conf file located in /etc/nginx/conf.d, but first I made a backup of the original virtual.conf file:
cd /etc/nginx/conf.d
sudo cp virtual.conf virtual.conf.bak
Now, I’m ready to edit the virtual.conf file:
sudo nano /etc/nginx/conf.d/virtual.conf or just sudo nano virtual.conf if I’m already in /etc/nginx/conf.d

Here’s a copy of my virtual.conf file that works for my site: virtual.conf.txt

After this, I installed FastCGI:
yum install spawn-fcgi

And then I downloaded the FastCGI script:
wget http://files.fusionswift.com/2010/02/php_cgi.sh.zip
unzip php_cgi.sh.zip
mv php_cgi.sh /etc/init.d/php_cgi
chmod 0755 /etc/init.d/php_cgi

At this point, I stopped Apache and started nginx & php_cgi:
sudo /etc/init.d/httpd stop
sudo /etc/init.d/nginx start
sudo /etc/init.d/php_cgi start

The final step I decided to do was keep Apache (httpd) but keep it from running upon startup. Uninstalling Apache can be messy because it’ll remove dependencies I need, so I simply did this:
sudo /etc/init.d
sudo mv httpd httpd.bak so if I ever get an itch to run Apache on a server reboot, I can simply change httpd.bak back to httpd.

I wrote this article with partial assistance from these articles:
Nginx with PHP FastCGI on CentOS
CentOS – Adding an Nginx Init Script

These are very detailed, easy to understand articles. In a sea of terrible Linux documentation, these articles were excellent and I achieved my goal with ease.

I installed Quick Cache on my blog today to make my page load faster. One thing I didn’t know until after installing it was that I needed to upgrade to PHP 5.2. That’s okay.

So, I decided to upgrade to PHP 5.2, but I need a repository for that first. I created the repository in /etc/yum.repos.d:
sudo nano /etc/yum.repos.d/centos-test.repo or
sudo vi /etc/yum.repos.d/centos-test.repo(whichever editor you prefer)

I added the following content to centos-test.repo:
[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/5/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing


After this, I simply ran:
sudo yum upgrade php
and reloaded apache:
sudo /etc/init.d/httpd reload

After this, PHP 5.2 is installed and Quick Cache is no longer griping at me in my WordPress Dashboard to install PHP 5.2.

This is what happened in Nashville. This is a very well-made video that shows the world what people in Nashville had to put up with. It’s a shame that the mainstream media could care less that a major city was underwater like this.

The Nashville Flood. May 2, 2010.

Video created by Michael Deppisch

I was running memph.us on an Ubuntu cloud server powered by Rackspace, but I decided to give GoGrid a try by creating a CentOS cloud server (GoGrid doesn’t offer Ubuntu as a choice, but that’s okay because this helped me familiarize myself more with CentOS server). Once I created the CentOS cloud server, I opened a terminal and logged into it via SSH:
ssh root@123.45.67.890

The first thing I did upon logging in was changing the root password:
passwd

After this, I modified my sudo configuration by running this command:
/usr/sbin/visudo

Now, I’m not sure if this is a CentOS feature, because I’ve never seen it in Ubuntu so I had to look it up, but there is a group ‘wheel’ that designates users with sudo privileges. I found the following line in the sudo config:
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

and removed the # so that the %wheel line was no longer commented out:
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL

I saved /usr/sbin/visudo, so now I need to add a user that can belong to the ‘wheel’ that isn’t root but still has sudo privileges:
/usr/sbin/adduser demo

I also set a password for my user (I’m using demo for the example, but it can be whatever you want):
passwd demo

Now that I’ve created this user, it needs to have sudo privileges by being added to the ‘wheel’:
/usr/sbin/usermod -a -G wheel demo

The next step is optional but recommended. I wanted to create a public/private key pair to secure access to my server, so in a LOCAL shell, I ran this command:
ssh-keygen -t rsa

I created a path on my LOCAL machine for the keys to be stored is:
mkdir ~/.ssh

The files created are id_rsa and id_rsa.pub. id_rsa is the private key that stays on your computer. NEVER share it and NEVER store it on a public computer! The public key (id_rsa.pub) needs to go on the server, however:
scp ~/.ssh/id_rsa.pub demo@123.45.67.890:

Now, my server needs a directory for the public key to reside in:
mkdir ~demo/.ssh
mv ~demo/id_rsa.pub ~demo/.ssh/authorized_keys

Once it’s placed here, permissions need to be set for the key:
chown -R demo:demo ~demo/.ssh
chmod 700 ~demo/.ssh
chmod 600 ~demo/.ssh/authorized_keys

To create another user, simply repeat these processes. If you’re done creating users, then proceed to the next step:

The default SSH config should be changed to be more secure:
nano /etc/ssh/sshd_config

(click here for an example ssh configuration that can be used)

The sections of sshd_config that should be checked or changed are the following:
Port 30000 <--- change to a port of your choosing
Protocol 2
PermitRootLogin no
PasswordAuthentication no
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers demo
(note: remember your port number you assign because it's important for continuing the setup, and the port number can be any integer between 1025 and 65536 (inclusive))

Once these areas are checked, the file can be saved. Optionally, you can enable PasswordAuthentication if you need access to the server but you're at a computer that doesn't have your key pair.

The next step is to configure iptables (firewall) to have a more secure installation. You can view the iptables rules with the following command:
/sbin/iptables -L

which will output something like this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

These rules can be used, but to add your own rules, the current iptables rules need to be flushed:
/sbin/iptables -F

Now that they're flushed, we can create our own iptables rule set (click here for a good example set of iptables rules to put into the following file):
nano /etc/iptables.up.rules

Once the content from the example iptables file is copied into iptables.up.rules, we need to tell iptables to use the new rules:
/sbin/iptables-restore < /etc/iptables.up.rules

You can confirm that the iptables rules are altered by checking the iptables rules again:
/sbin/iptables -L

You should notice a difference in the output, which confirms that the rules are changed. The rules are only active for the current session, so they need to be saved to work for all future sessions:
/sbin/service iptables save

The output confirms that the rules are added to the correct file:
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

If you want to edit/restore the iptables rules later, you can run these commands:
nano /etc/iptables.up.rules
/sbin/iptables -F
/sbin/iptables-restore < /etc/iptables.up.rules
/sbin/service iptables save

Now, we need to reload ssh for it to use the new ports and configurations:
/etc/init.d/sshd reload

Stay logged in as root and open a new shell from your local machine so you can log in as the new admin user you created (demo in our case):
ssh -p 30000 demo@123.45.67.890
(change 30000 to whatever port number you decided to use)

If you followed the steps and your setup is correct, you should see a terminal prompt like this upon entering your password:
[demo@yourvpsname ~]$

You now have ssh access to your server, so the next steps will involve installing some base programs which I'll cover in another post.

(After I installed base programs such as Apache, MySQL, PHP, and WordPress, I used the Slicehost Pro iPhone app to point memph.us to the GoGrid cloud server IP address since I was already using the Slicehost Pro app to manage memph.us when it was on Rackspace. Thanks to slicehost.com for the helpful articles and to Michael Mayo for creating the very helpful Slicehost Pro iPhone app!)

I moved memph.us from an Ubuntu cloud server powered by Rackspace to a CentOS cloud server powered by GoGrid. Later, I’ll post details of the steps I took to do this. This is just a test for now.

I’m braving the weather conditions today to go see NOFX at Pop’s in Sauget, IL (outside of St. Louis). Memphis has been littered with storms and there are tornadoes coming through Arkansas, along with warnings of tornadoes here. Does that phase me? Nah. I’m not going to let some weather keep me from having fun.

Also, check out the favicon in the title bar that now appears on memph.us. Have a good day, folks!

http://www.eweek.com/c/a/Security/Buggy-McAfee-Security-Update-Takes-Down-Windows-XP-Machines-827503/

Thanks to McAfee, this issue affected users across the nation and because of McAfee’s slip-up, I have to contact users all day one by one to fix this problem. Thanks again McAfee for having the world’s most overrated virus protection. People, use AVG, G-Data, or Kaspersky please. kthxbai!

I know this is a day late, but I’m just now able to get around to posting this:
http://mog.com/MOG_News/blog/1917134

It’s such a shame to lose an important figure in the history of Hip Hop. Today’s “Hip Hop” scene is so flooded with terrible music (mostly of the Southern Rap genre) that it’s harder to find true Hip Hop. With another talented MC gone, that’s just more room for some talentless garbage like Dem Franchise Boyz and Soulja Boy to come up with the latest snap song and simplistic beginner FL Studio beat to accompany it. R.I.P. Keith Elam (a.k.a. Guru).