Here are some third party repos of which have newer versions of certain softwares, software not available on default yum channels and some other useful packages. On new server installs I enable these repos before I even do the first yum update.

Dag Repo/RPM Forge

Utter Ramblings

Those are just two of many useful, safe and good repos, there are many more out there. if anyone knows of any I should add comment. I will eventually make pages for stuff like this.

UPDATE: Maybe not so stable. Got panics on some other machines, same config and everything so I take that back about being stable. The download for stable version is – http;//nix101.com/kernels/sstlinux-2.6.27.10.tar.gz – This is latest stable grsecurity kernel BUT it is all the way from December of 2008 so it may be worth a panic or two to try and get a newer kernel in your box. Make sure to always use grub savedefault once and set panic=5 on your grub.conf at the end of the kernel line.

I guess we will go ahead and call this stable. I have been running it on all machines – quad core intels with hw raid/linux raid – 64bit, 32 bit intel dual core with sata hds and have successfully ran it on a client’s intel server. I have not had any problems, everything works fine. This is just like the other latest ones, you will need the latest binutils to compile it after grsec/pax patch.

On this kernel config I have the grsec/pax settings pretty tight. If you do not want to mess with paxctl and changing the flags of a few things like php when you get started then you need to deselect the non-executable paging options. If you do wanna try it out get paxctl.

Once you get paxctl first I recommend reading over all options to determine which binaries you want to set to allow executable paging. On php if you have zend or anything similar you will need to change the pax flags of php and your php cgi/sapi/httpd module.

To do this do paxctl -c /path/php_binary (replacing path and binary of course with your relevant info). This will convert the flags to pax flags. To be honest I am not sure what exact paxctl flag needs disabled to make it run so I just do them all with paxctl -permxs /path/php_binary. But if you wanted to only disable the ones needed to make it run unless all need disabled you can disable one at a time and try the php after each. For example paxctl -p php_binary then run php -v and see if it works. if it doesn’t you will get an error about permission denied on zend or just a segfault. And then just do that until it works.

As far as tarpit goes, I will get back on that as soon as possible. For now I’m not messing with it as we are working on other methods. My main issue with tarpit is you cannot use it as default deny on certain firewall scripts because you wont be able to tarpit your own outgoing connections for good reason. But if you got your own firewall script you can use tarpit for incoming deny and drop or reject for outgoing.

Here is download for kernel:

http://nix101.com/kernels/sstlinux.tar.gz

wget http://nix101.com/kernels/sstlinux.tar.gz

I don’t know about the rest of you but for the longest time on busy servers I wasnt able to get open files limit to set successfully. I was using the standard “open_files_limit” syntax, same as other mysql directives in my.cnf but it would just not take. So I recently had this server here busting that strandard limit all the time. I done some googling and found a post on wht that said instead of using underscore use “-” like this:
open-files-limit

I did it and it worked like a charm. So for all of you having problems setting open files limit on mysql try that and it will work.