as the Debian developers consider safe_mode (which will not make it into PHP6) and open_basedir inherently broken security measures, I wonder if they can be considered replaceable by mod_suexec combined with mod_fcgid. Do you think this is valid?
Kind regards, Benjamin.
Apparently, I got Debian Squeeze (Debian 6) to work on a VPS using debootstrap and chroot as described here.
Subsequent installation of the harden, exim4, mysql-server packages failed partially.
Relevant information:
insserv: warning: script 'S10vzquota' missing LSB tags and overrides
insserv: warning: script is corrupt or invalid: /etc/init.d/../rc6.d/S00vzreboot
insserv: warning: script 'vzquota' missing LSB tags and overrides
insserv: There is a loop between service vzquota and stop-bootlogd if started
insserv: loop involving service stop-bootlogd at depth 2
insserv: loop involving service vzquota at depth 1
insserv: loop involving service rsyslog at depth 1
insserv: Starting vzquota depends on stop-bootlogd and therefore on system facility `$all' which can not be true!
insserv: Starting vzquota depends on stop-bootlogd and therefore on system facility `$all' which can not be true!
insserv: There is a loop between service vzquota and stop-bootlogd if started
insserv: Starting vzquota depends on stop-bootlogd and therefore on system facility `$all' which can not be true!
insserv: Starting vzquota depends on stop-bootlogd and therefore on system facility `$all' which can not be true!
insserv: exiting now without changing boot order!
update-rc.d: error: insserv rejected the script header
dpkg: error processing exim4-base (--configure):
subprocess installed post-installation script returned error exit status 1
Any suggestions?
Keywords: vzquota debian squeeze installation vps, virtual private server.
According to my current understanding, tcpwrappers can be used via inetd or xinetd. Lately I have been informed that inetd/xinetd came into existence to make more efficient use of hardware in earlier days and are therefore seen rarely nowadays.
My question is, if tcpwrappers are now considered to be an outdated technique, too. If yes, what is their replacement?
as the Debian Lenny (5.0) repository version of Bastille does not support version 5.0, I was wondering if there is an alternative.
Kind regards, Benjamin.
Lately on a shared host, the filesystem containing my home folder was mounted read-only for 45 minutes to 1 hour. The technical support did not know about the outage, evaded direct questions. After a bit more than three days I obtained the answer:
There are many explanations, but in the most times this caused by server issue on filesystem level.
I am somehow not pleased by this in-depth analysis, as my normal work environment runs on a RAID1 (mdadm) and I never encountered such issues.
The shared host system is supposed to be a RAID1, and I became aware of the issue as a cronjob running uptime every 15 minutes sent me email about it.
I would really like to know, what you, the more experienced, think of this.