Memcached is a generic purpose distributed high performance memory object caching system to use in speeding up dynamic database driven websites by caching data and objects in memory to reduce the amount the database needs to be read.
Memcached was originally developed by Danga Interactive for LiveJournal but is now used by many popular and large community driven websites like Slashdot, Wikipedia, SourceForge, GameFAQs, Facebook, Digg, Fotolog, Kayak and like. It is being distributed under a permissive free software licence. Know more about who all are using memcached
Things to consider before Installing memcached.
- First, decide how much memory you want to give memcached to use for caching.
- Then decide if you want to run memcached on the default port (11211) or not.
- Next decide if you want memcached to listen to a specific IP address if you have multiple IP addresses on your server
- Finally decide, what user you want to run memcached as; typically, you want to run it using Apache user so that Apache processes can access memcache data
Installation Process
1. If you don’t have rpmforge installed, follow this step.
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm –install rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install –enablerepo=rpmforge memcached
2. Start memcached.
memcached -d -m 512 -l 127.0.0.1 -p 11211 -u nobody
The “-m SIZE” is the flag for setting the memory requirements in MBs. Once this cache is filled memcache will just start to overwrite with newer content. Please experiment with this setting to find what works best for you.
3. Install PHP extension.
wget http://pecl.php.net/get/memcache-2.2.5.tgz
4. Extract tar file.
tar -xvf memcache-2.2.5.tgz
5. Open the directory.
cd memcache-2.2.5
6. Install the memchaced PHP extension.
phpize && ./configure –enable-memcache && make
7. Copy the extension.
cp modules/memcache.so {PHP extension directory}
8. Edit your php.ini and add the following line.
extension=memcache.so
9. Last is restart your webserver.
10. If you check your server using a phpinfo page you should now see a MemCache section on the page. You can now fully use the MemCache functionality in your PHP.
memcached pre-requissites
yum -y install libevent libevent-devel
How to make memcached run automatically when you restart your server?. Add this line to rc.local
#!/bin/sh
echo “# Start memcached” >> /etc/rc.local
echo “/usr/local/bin/memcached -d -m 1024 -u httpd -l 127.0.0.1″ >> /etc/rc.local
How to have a multiple memcached server.
Create LocalSettings.php file and this line.
$wgMainCacheType = CACHE_MEMCACHED;
$wgParserCacheType = CACHE_MEMCACHED; # optional
$wgMessageCacheType = CACHE_MEMCACHED; # optional
$wgMemCachedServers = array( “127.0.0.1:11211″ );
$wgSessionsInMemcached = true; # optional
To use multiple servers (physically separate boxes or multiple caches on one machine on a large-memory x86 box), just add more items to the array. To increase the weight of a server (say, because it has twice the memory of the others and you want to spread usage evenly), make its entry a subarray:
$wgMemCachedServers = array(“127.0.0.1:11211″, # one gig on this box
array(“127.0.0.1:11211″, 2 ) # two gigs on the other box
);
Security Note:
Memcached has no security or authentication. Please ensure that your server is appropriately firewalled,
and that the port(s) used for memcached servers are not publicly accessible. Otherwise, anyone on the internet can put data into and read data from your cache.
People used telnet to connect to their machines, but the whole communication between their computers and the remote machine was sent in clear text(unencrypted), making sensitive information available to anyone who knew how to monitor their traffic. They had to find a way to prevent this. So SSH was born.
OpenSSH originally, was created as an open source alternative to the proprietary SSH offered by the Finish company SSH Communications Security but it became very fast a de-facto standard in remote server management in access. Unlike telnet, the whole communication is encrypted, making the process of finding sensitive information by unauthorized people (almost) impossible. Even if someone is able to decrypt the information, that will take a very long period of time (and I’m talking about years and tens of years), making the information useless when the decryption is done.
OpenSSH has many configuration options and authorization mechanisms. Below some config that need to change for secure SSH server.
Login to your shell remote server as root or sudo account.
Let’s check if Openssh is already installed into your machine, execute below command if installed it should give some output with installed version in your system.
rpm -qa | grep ssh
Let’s Close everything on SSH connection.
Edit /etc/hosts.deny
Copy paste shell command:
vi /etc/hosts.deny
#Block SSH except from hosts.allow
sshd: ALL
Save and Quit editor
Now edit /etc/hosts.allow
# Allow this IP to connect to this machine
sshd: 192.168.0.222 (Change this to your IP address)
Save and Quit editor
Now edit /etc/ssh/sshd_config
Change default PORT 22
I suggest you to change to something randomly and higher than 1023, and also make sure that port is not a standard port for another service. You can do this by looking at IANA’s Port Assignments. This will prevent most scriptkiddies from attacking your SSH server and/or generating extra traffic.
Port 1024 (Up to you what port your going to used make sure to check above link)
Change Protocol
Protocol 2
Do not allow root login
Every attacker will want to gain root access into your box. Disabling root access will make the attacker’s life harder, because he first has to find an authorized user, crack into the box, then he has to make smooth to gain root access.
PermitRootlogin no
Make use of Allow/Deny Users/Groups
In most cases, not everyone should access your server remotely. AllowUsers, AllowGroups, DenyUsers and DenyGroups directives helps you to control better who’s going to have remote access to that box.
AllowUsers Juan Bitoy Steve
Save and Quit Editor
Last thing restart sshd service
/etc/init.d/sshd restart
If something missing from the guide let me know.
Note: Everytime you change config to your sshd_config always restart your sshd service so that your new configuration will take effect.
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Source info here
Add these lines to the end of /etc/rc.d/rc.local
###################################
# Prevent DOS to our System
###################################
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 64000 > /proc/sys/fs/file-max
ulimit -n 64000
# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route
do
echo 0 > $i
done
# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $i
done
########################
# End of Script
########################
This guide will auto backup folder within same machine using rsync and crontab. You must be login as sudo account or root.
Creating script
vi /root/rsync.sh
Copy paste this script. Remember to change the source folder or target folder
folder=`date +%Y_%m_%d`
rsync -avH /folder/to/backup /backup/$folder >> /var/log/rsync/acc
Make script executable.
chmod +x rsync.sh
or
chmod 755 rsync.sh
Create the folder rsync in /var/log
mkdir /var/log/rsync
Now add this script to your crontab. (Check this link for crontab reference)
crontab -e
# Run auto backup everynight
0 4 * * * /root/rsync.sh
Save the file… Hope this little guide helps!
Some command that you can execute to check for linux diskspace.
ls –lSr (it will Show files by size, biggest last)
du -s * | sort -k1,1rn | head (Show top disk users in current dir)
df –h (Show free space on mounted filesystems)
df –i (Show free inodes on mounted filesystems)
fdisk –l (Show disks partitions sizes and types (run as root))
rpm -q -a –qf ‘%10{SIZE}\t%{NAME}\n’ | sort -k1,1n (List all packages by installed size)