install

Installation may refer to: read more at WikiPedia

  • CedThumbnails has been updated to version 2.6.0 and contains 4 new features and correct 1 bug for Joomla 2.5. For existing users the update will display in the Extensions Managerunder Updates. If you do not have this currently installed, you can click the link below and install like you are use to via the Extensions Manager.

  • chkrootkit is a tool to locally check for signs of a rootkit. chkrootkit is a common unix-based program intended to help system administrators check their system for known rootkits. It works by using several mechanisms, including comparison of file signatures to known rootkits, checking for suspicious activity (processes listed in the proc filesystem but not in the output of the 'ps' command.
    Log to the server with ssh as root user

    Download 
    chkrootkit.
    # wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

    Unpack the chkrootkit you just downloaded.
    # tar xvzf chkrootkit.tar.gz

    go to that  directory
    # cd chkrootkit

    Compile
    # make sense

    Run
    # chkrootkit

     
    •Receive e-mail everyday with the result chkrootkit
    For Root user
    # crontab -e
    For any user
    # crontab -e -u username

    and add

    •0 3 * * * (./usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit output" -c This email address is being protected from spambots. You need JavaScript enabled to view it.,This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.)

    * the correct path can be found with which chkrootkit
    This will run chkrootkit at 3:00 am every day, and e-mail the output to This email address is being protected from spambots. You need JavaScript enabled to view it. and copies to This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it.

    False alarms:
     "Checking `bindshell'... INFECTED (PORTS: 465)" This is normal and  NOT really a rootkit.

    Nota
    If you ever get a positive alarm, you can try to remove the rootkit, but all professionals would advice you to reinstall the server from scratch, and restore a previous backup (that mean saving nothing from server as soon as the rootkit is revealed....)

    Links
    chkrootkit
  • Munin is a networked resource monitoring tool that can help analyze resource trends and "what just happened to kill our performance?" problems. It is designed to be very plug and play. A default installation provides a lot of graphs with almost no work.

    In Norse mythology Hugin and Munin are the ravens of the god king Odin. They flew all over Midgard for him, seeing and remembering, and later telling him. "Munin" means "memory".

    Install Munin&160;by issuing as root

    apt-get install munin munin-node munin-plugins-extra

    Activate as many plugins as required, there is more than 230 plugins!

    acpi                      jmx_                     qmailscan-simple
    amavis                    load                     quota_usage_
    apache_accesses           loggrep                  samba
    apache_processes          lpar_cpu                 selinux_avcstat
    apache_volume             lpstat                   sendmail_mailqueue
    apc_envunit_              mailman                  sendmail_mailstats
    apc_nis                   mailscanner              sendmail_mailtraffic
    apt                       mbmon_                   sensors_
    apt_all                   memcached_               slapd_
    asterisk_channels         memory                   slapd_bdb_cache_
    asterisk_channelstypes    mhttping                 slony_lag_
    asterisk_codecs           multigraph_tester        smart_
    asterisk_meetme           multiping                snmp__cpuload
    asterisk_meetmeusers      multips                  snmp__df
    asterisk_sipchannels      multips_memory           snmp__fc_if_
    asterisk_sippeers         munin_stats              snmp__fc_if_err_
    asterisk_voicemail        munin_update             snmp__if_
    bind9                     mysql_                   snmp__if_err_
    bind9_rndc                mysql_bytes              snmp__if_multi
    bonding_err_              mysql_innodb             snmp__load
    buddyinfo                 mysql_isam_space_        snmp__memory
    cmc_tc_sensor_            mysql_queries            snmp__netapp_diskusage_
    colour_tester             mysql_slowqueries        snmp__netapp_inodeusage_
    courier_                  mysql_threads            snmp__netstat
    courier_mta_mailqueue     named                    snmp__print_pages
    courier_mta_mailstats     netopia                  snmp__print_supplies
    courier_mta_mailvolume    netstat                  snmp__processes
    cps_                      nfs4_client              snmp__rdp_users
    cpu                       nfs_client               snmp__sensors_fsc_bx_fan
    cpuspeed                  nfsd                     snmp__sensors_fsc_bx_temp
    cupsys_pages              nfsd4                    snmp__sensors_fsc_fan
    df                        nginx_request            snmp__sensors_fsc_temp
    df_abs                    nginx_status             snmp__sensors_mbm_fan
    df_inode                  nomadix_users_           snmp__sensors_mbm_temp
    dhcpd3                    ntp_                     snmp__sensors_mbm_volt
    digitemp_                 ntp_kernel_err           snmp__swap
    diskstat_                 ntp_kernel_pll_freq      snmp__uptime
    diskstats                 ntp_kernel_pll_off       snmp__users
    ejabberd_                 ntp_offset               snmp__winload
    entropy                   ntp_states               snmp__winmem
    env                       nut_misc                 snort_alerts
    exim_mailqueue            nutups_                  snort_bytes_pkt
    exim_mailqueue_alt        nut_volts                snort_drop_rate
    exim_mailstats            nvidia_                  snort_pattern_match
    extinfo_tester            open_files               snort_pkts
    fail2ban                  open_inodes              snort_traffic
    files_                    openvpn                  spamstats
    foldingathome             perdition                squeezebox_
    foldingathome_rank        ping_                    squid_cache
    foldingathome_wu          plugin.sh                squid_icp
    forks                     plugins.history          squid_objectsize
    freeradius_acct           pm3users_                squid_requests
    freeradius_auth           pop_stats                squid_traffic
    freeradius_proxy_acct     port_                    surfboard
    freeradius_proxy_auth     postfix_mailqueue        swap
    fw_conntrack              postfix_mailstats        sybase_space
    fw_forwarded_local        postfix_mailvolume       tcp
    fw_packets                postgres_bgwriter        threads
    haproxy_                  postgres_cache_          tomcat_
    hddtemp                   postgres_checkpoints     tomcat_access
    hddtemp2                  postgres_connections_    tomcat_jvm
    hddtempd                  postgres_connections_db  tomcat_threads
    hddtemp_smartctl          postgres_locks_          tomcat_volume
    http_loadtime             postgres_querylength_    uptime
    id                        postgres_scans_          users
    if_                       postgres_size_           varnish_
    if_err_                   postgres_transactions_   vlan_
    ifx_concurrent_sessions_  postgres_tuples_         vlan_inetuse_
    interrupts                postgres_users           vlan_linkuse_
    iostat                    postgres_xlog            vmstat
    iostat_ios                processes                vserver_cpu_
    ip_                       proc_pri                 vserver_loadavg
    ipac-ng                   proxy_plugin             vserver_resources
    ipmi_                     ps_                      warning_tester
    ipmi_sensor_              psu_                     yum
    ircu                      qmailqstat               zimbra_
    irqstats                  qmailscan

    Here are some I did add to the list of already activated one. Some were added for obvious reason like mysql, nginx and fail2ban to monitor SSH brute force attempt…

    cd /etc/munin/plugins/

    ln -s /usr/share/munin/plugins/nginx_status nginx_status

    ln -s /usr/share/munin/plugins/nginx_request nginx_request

    ln -s /usr/share/munin/plugins/mysql_ mysql

    ln -s /usr/share/munin/plugins/mysql_queries mysql_queries

    ln -s /usr/share/munin/plugins/fail2ban fail2ban

    Fail2Ban require root access to the socket of fail2ban, so edit munin-node

    vi /etc/munin/plugin-conf.d/munin-node

    And append at the end

    [fail2ban*]
    user root

    Restart Munin-node and force the munin-cron process to run the initial html reports or wait 5 minutes…

    /etc/init.d/munin-node restart
    sudo -u munin munin-cron

    Add to the crontab of the user Munin the command to run Munin every 5 minutes:

    sudo -u munin crontab –e
    */5 * * * * /usr/bin/munin-cron

    Protect the server host where Munin&160;will output its reports

    htpasswd -c /etc/nginx/.htpasswd username

    Now add a new site to nginx

    vi /etc/nginx/sites-enabled/waltercedric
    And put at least the following inside

    server {
    listen&160;&160;&160;&160;&160;&160; 80;
    server_name&160; munin.acme.com;
    root /var/cache/munin/www;
    location / {
    &160;&160;&160; expires off;
    &160;&160;&160; auth_basic "Munin";
    &160;&160;&160; auth_basic_user_file /etc/nginx/.htpasswd;
    }
    }

    And reload nginx configuration with service nginx reload

    You can now point any browser to http://munin.acme.com

  • joomla_cms

    In order to better develop for Joomla by having your own subversion local repositories.

    My second objective is to version different version of Joomla!/my components so I can
    run a continuous build strategy with XINC...but more on that later when I will have enough regression tests :-)

    Download the Subversion distribution for you operating system at: http://subversion.tigris.org/getting.html

    Subversion Binary Packages
    AIX
    aix
    Debian
    debian
    Debian Project
    apt-get install subversion
    HP-UX
    hp
    Fedora
    fedora
    Fedora Project
    yum install subversion
    Mac OS X
    mac
    Fink package (Requires Fink)
    MacPorts (Requires MacPorts)
    openCollabNet(Universal)
    FreeBSD
    freebsd
    FreeBSD Project
    cd /usr/ports/devel/subversion;
    make install
    Red Hat
    redhat
    CollabNet (Certified binaries)
    SummerSoft (Red Hat 8,9 +)
    NetBSD
    netbsd
    pkgsrc
    cd /usr/pkgsrc/devel/subversion;
    make install clean
    Solaris
    solaris
    CollabNet (Certified binaries, SPARC)
    Sunfreeware (SPARC & i386)
    OpenBSD
    openbsd
    OpenBSD Project
    cd /usr/ports/devel/subversion;
    make install
    Windows
    windows
    CollabNet (Certified binaries)
    Tigris.org: Apache 2.0 or Apache 2.2
    VisualSVN (VisualSVN Server)
    Ubuntu
    ubuntu
    Ubuntu Packages
    apt-get install subversion

     

     

     

     


    The first thing you'll need is a new repository. A repository is where all of your individual projects will be stored.

    Create a new directory using the file explorer or with

    # mkdir e:\xsubrversion

    Initialize it by issuing this command:

    # svnadmin create e:\xsubrversion

    Inside your new repository (e:\xsubrversion ) there is a directory called /conf. There you'll find a file
    svnserve.conf. Open this file in a text editor.

    Just uncomment the following lines by removing the #:

    [general]
    anon-access = read
    auth-access = write
    password-db = passwd

    In the same directory, you'll find another text file called passwd, if it do not exist, just create it and put all
    users authorize to access subversion in a [users] section. It is a pure key value pair file in the format
    NAME = PASSWORD

    [users]
    cedric.walter = xxxxxxx
    monkey.coder = yyyyyy

    Restart the service "Subversion Server"

    In Eclipse PDT/PHP Eclipse, you can now connect to Subversion with Subversive client (Subclipse is not part of
    Eclipse consortium)

    URL:svn://localhost
    User: cedric.walter
    Password: xxxxxxxxxxxx

    suversion.subclipse  and be able to commit and browse you code trunk.subversion.local

  • chromium.os.logo

    Chromium OS is an open-source project that aims to build an operating system that provides a fast, simple, and more secure computing experience for people who spend most of their time on the web. In this small post I provide you the URL to a binary build, and a small how to install it on a USB stick.

     


     

    After 2 seconds boot time, and the login screen, you should see the following:

    chromiumos

    Download

    http://chromeos.hexxeh.net/index.php

    Instructions

    Linux Instructions

    Extract ChromeOS-Cherry.img and run the following command in the same directory as the file, where X is the device name of your USB drive.
    # sudo dd if=ChromeOS-Cherry.img of=/dev/X bs=4M
    Once the command finishes, you can then boot from the USB drive

    Windows Instructions

    Download Image Writer for Windows (http://bit.ly/7gRu0n) and extract the program. Launch the program, and select the image (ChromeOS-Cherry.img) and your USB drive letter from the drop down box. Click "Write". The install image will then be copied to the drive. Once it's done, close the program and you can then boot from the USB drive.

    Mac

    Firstly, unmount the drive you want to install Chromium OS to. Place the downloaded file onto your desktop. Open System Profiler, click USB on the list at the side and then select the entry that represents your USB disk. Now look for the BSD Name column (http://bit.ly/5mG4WK), ie disk1

    open up Terminal and type the following commands.
    # cd Desktop
    # tar -zxvf ChromeOS-Cherry.tar.gz
    Replace X with the name of the disk you found earlier, ie disk1.
    # sudo dd if=ChromeOS-Cherry.img of=/dev/X bs=4m
    This command will ask you to enter your password (the same one you enter when installing software for example), type it in and press enter.

  • mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

    Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
    • Requesting the same page more than a few times per second
    • Making more than 50 concurrent requests on the same child per second
    • Making any requests while temporarily blacklisted (on a blocking list)

    This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it's a good idea to integrate this with your firewalls and routers for maximum protection.

    This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on 'reload' should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use. from  http://www.zdziarski.com/projects/mod_evasive/

    click read more for my HowTo

     
     Download the actual version of mod_evasive
    #  wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

    Unpack it
    #  tar xvzf mod_evasive_1.10.1.tar.gz/usr/local/src/mod_evasive

    Move to that directory
    #  cd /usr/local/src/mod_evasive
    And edit the file mod_evasive20.c, we will have to change the line 45 to
    define MAILER  "/bin/mail -t %s"

    We compile the module:
    Apache2Apache2-Prefork
    #  /usr/sbin/apxs2 -cia mod_evasive20.c#  /usr/sbin/apxs2-prefork -cia mod_evasive20.c

    Now we have to create a config file for mod_evasive:
    # touch /etc/apache2/conf.d/mod_evasive.conf
    and edit it
    # vi /etc/apache2/conf.d/mod_evasive.conf
    content of file

    Apache2Apache2-Prefork
    LoadModule evasive20_module     /usr/lib/apache2/mod_evasive20.so
    <IfModule mod_evasive20.c>
      DOSHashTableSize 3097
      DOSPageCount 5
      DOSSiteCount 100
      DOSPageInterval 2
      DOSSiteInterval 2
      DOSBlockingPeriod 600
      DOSEmailNotify This email address is being protected from spambots. You need JavaScript enabled to view it.
    </IfModule>
    LoadModule evasive20_module     /usr/lib/apache2-prefork/mod_evasive20.so
    <IfModule mod_evasive20.c>
      DOSHashTableSize 3097
      DOSPageCount 5
      DOSSiteCount 100
      DOSPageInterval 2
      DOSSiteInterval 2
      DOSBlockingPeriod 600
      DOSEmailNotify This email address is being protected from spambots. You need JavaScript enabled to view it.
    </IfModule>


    Restart Apache2 either  with:
    # rcapache2 stop
    # rcapache2 start
    or
    # /etc/init.d/apache2 restart

    Mod_evasive also deliver a sall perl script to try a DOS attack on your own webserver
    # cd /usr/src/mod_evasive
    # perl test.pl

    You should read http ok but after some seconds you will only get HTTP error 403 showing that mod_evasive is correctly running!
  • What is mod_evasive?

    mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

    Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

    • Requesting the same page more than a few times per second
    • Making more than 50 concurrent requests on the same child per second
    • Making any requests while temporarily blacklisted (on a blocking list)

    Installation

    apt-get install libapache2-mod-evasive
    mkdir /var/log/apache2/mod_evasive
    chown www-data:www-data /var/log/apache2/mod_evasive

    Configuration

    Create a new file

    vi /etc/apache2/conf.d/01_modevasive.conf

    with this content

    <ifmodule mod_evasive20.c>
     DOSHashTableSize 3097
     DOSPageCount 2
     DOSSiteCount 50
     DOSPageInterval 1
     DOSSiteInterval 1
     DOSBlockingPeriod 10
     DOSLogDir /var/log/apache2/mod_evasive
     DOSEmailNotify root@localhost
     DOSWhitelist 127.0.0.1
    </ifmodule>

    Restart Apache to activate the new module

    /etc/init.d/apache2 restart

    Documentation

    • DOSHashTableSize: Size of the hash table used to store the IPs.
    • DOSPageCount: Number of pages allowed per DOSPageInterval.
    • DOSPageInterval: Time in seconds used by DOSPageCount.
    • DOSSiteCount: Number of objects allowed per DOSSiteInterval.
    • DOSSiteInterval: Time in seconds used by DOSSiteCount.
    • DOSBlockingPeriod: Time in seconds that IPs will be banned. If an IP tries to access the server within this period, the count will be restarted.
    • DOSLogDir: Optional. Directory to store the logs. If not specified, /tmp will be used.
    • DOSEmailNotify: Optional. Mail where notifications will be sent.

    DOSSystemCommand: is Optional.&160; Command to execute if an IP is blocked. For example using iptables:

    DOSSystemCommand "/sbin/iptables -I INPUT -p tcp --dport 80 -s %s -j DROP"
  • nginx (pronounced “engine-x”) is an open source Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. It is licensed under a BSD-like license and it runs on Unix, Linux, BSD variants, Mac OS X, Solaris, AIX and Microsoft Windows [WikiPedia]

    Instructs proxy servers to cache two versions of the resource: one compressed, and one uncompressed. This helps avoid issues with public proxies that do not detect the presence of a Content-Encoding header properly.

    Configuration files are provided using Gist  https://gist.github.com/1620307 and are CONSTANTLY updated for added security and speed. Gist is a simple way to share snippets and pastes with others. All gists are git repositories, so they are automatically versioned, forkable and usable as a git repository. I recommend you to starred them to stay up to date.

     

    Just Add in /etc/nginx/nginx.conf in the http { … } section the following

     ##
     # Gzip Settings
     ##
     gzip  on;
     gzip_http_version 1.1;
     gzip_vary on;
     gzip_comp_level 6;
     gzip_proxied any;
     gzip_types text/plain text/html text/css application/json \
    application/x-javascript text/xml application/xml \
    application/xml+rss text/javascript application/javascript \
    text/x-js; gzip_buffers 16 8k; gzip_disable "MSIE [1-6]\.(?!.*SV1)";

     

    from LeverageProxyCaching">https://developers.google.com/speed/docs/best-practices/cachingLeverageProxyCaching

  • joomla_cms

    joomla_socialsharing_logo_thumb4

    This small plugin add automatically to any articles a set of social icons that let your reader increase your social ranking. It support

  • The Alternative PHP Cache (APC) is a free and open opcode cache for PHP. It was conceived of to provide a free, open, and robust framework for caching and optimizing PHP intermediate code. from http://nl2.php.net/apc

    Links:
    Unpack your distribution file. You will have downloaded a file named something like apc_x.y.tar.gz. Unzip this file with a command like
    # wget http://pecl.php.net/get/APC-3.0.14.tgz
    # gunzip apc_x.y.tar.gz

    Next you have to untar it with
    #  tar xvf apc_x.y.tar

    This will create an apc_x.y directory. cd into this new directory:
    # cd apc_x.y

    phpize is a script that should have been installed with PHP, and is normally located in /usr/local/php/binassuming you installed PHP in /usr/local/php. (If you do not have the phpize script, you must reinstall PHP and be sure not to disable PEAR.).

    Locate phpize:
    # find / -name phpize

    mine is in
     /etc/alternatives/phpize
    yours may be in /usr/local/php/bin/phpize

    Run the phpize command:
    #  /usr/local/php/bin/phpize

    Its output should resemble this:
            Configuring for:
              PHP Api Version:   20020918
              Zend Module Api No:   20020429
              Zend Extension Api No:   20021010


    phpize should create a configure script in the current directory. If you get errors instead, you might be missing some required development tools, such as autoconf or libtool. You can try downloading the latest versions of those tools and running phpize again.

    Run the configure script.

    phpize creates a configure script. The only option you need to specify is the location of your php-config script.

    find location of php-config
    # find / -name php-config
    then
    # ./configure --enable-apc --enable-apc-mmap --with-apxs --with-php-config=/etc/alternatives/php-config

    php-config should be located in the same directory as phpize.
    If you prefer to use mmap instead of the default IPC shared memory support,  add --enable-apc-mmap to your configure line.

        If you prefer to use sysv IPC semaphores over the safer fcntl() locks, add --enable-sem to your configure line.  If you don't have a problem
        with your server segaulting, or any other unnatural accumulation of semaphores on your system, the semaphore based locking is slightly faster.

    Compile and install the files.
    Simply type:
    # make install
    Installing shared extensions:     /usr/lib/php5/extensions/


    Suggested Configuration (in your php.ini file)

      extension=apc.so
      apc.enabled=1
      apc.shm_segments=1
      apc.shm_size=128
      apc.ttl=7200
      apc.user_ttl=7200
      apc.num_files_hint=1024
      apc.mmap_file_mask=/tmp/apc.XXXXXX
      apc.enable_cli=1



    Although the default APC settings are fine for many installations, serious
    users should consider tuning the following parameters:

        OPTION                  DESCRIPTION
        ------------------      --------------------------------------------------
        apc.enabled             This can be set to 0 to disable APC. This is
                                primarily useful when APC is statically compiled
                                into PHP, since there is no other way to disable
                                it (when compiled as a DSO, the zend_extension
                                line can just be commented-out).
                                (Default: 1)

        apc.shm_segments        The number of shared memory segments to allocate
                                for the compiler cache. If APC is running out of
                                shared memory but you have already set
                                apc.shm_size as high as your system allows, you
                                can try raising this value.  Setting this to a
                                value other than 1 has no effect in mmap mode
                                since mmap'ed shm segments don't have size limits.
                                (Default: 1)

        apc.shm_size            The size of each shared memory segment in MB.
                                By default, some systems (including most BSD
                                variants) have very low limits on the size of a
                                shared memory segment.
                                (Default: 30)

        apc.optimization        This option has been deprecated.
                                (Default: 0)

        apc.num_files_hint      A "hint" about the number of distinct source files
                                that will be included or requested on your web
                                server. Set to zero or omit if you're not sure;
                                this setting is mainly useful for sites that have
                                many thousands of source files.
                                (Default: 1000)

        apc.user_entries_hint   Just like num_files_hint, a "hint" about the number
                                of distinct user cache variables to store.
                                Set to zero or omit if you're not sure;
                                (Default: 4096)

        apc.ttl                 The number of seconds a cache entry is allowed to
                                idle in a slot in case this cache entry slot is
                                needed by another entry.  Leaving this at zero
                                means that your cache could potentially fill up
                                with stale entries while newer entries won't be
                                cached.
                                (Default: 0)

        apc.user_ttl            The number of seconds a user cache entry is allowed
                                to idle in a slot in case this cache entry slot is
                                needed by another entry.  Leaving this at zero
                                means that your cache could potentially fill up
                                with stale entries while newer entries won't be
                                cached.
                                (Default: 0)


        apc.gc_ttl              The number of seconds that a cache entry may
                                remain on the garbage-collection list. This value
                                provides a failsafe in the event that a server
                                process dies while executing a cached source file;
                                if that source file is modified, the memory
                                allocated for the old version will not be
                                reclaimed until this TTL reached. Set to zero to
                                disable this feature.
                                (Default: 3600)

     apc.cache_by_default    On by default, but can be set to off and used in
                                conjunction with positive apc.filters so that files
                                are only cached if matched by a positive filter.
                                (Default: On)

        apc.filters             A comma-separated list of POSIX extended regular
                                expressions. If any pattern matches the source
                                filename, the file will not be cached. Note that
                                the filename used for matching is the one passed
                                to include/require, not the absolute path.  If the
                                first character of the expression is a + then the
                                expression will be additive in the sense that any
                                files matched by the expression will be cached, and
                                if the first character is a - then anything matched
                                will not be cached.  The - case is the default, so
                                it can be left off.
                                (Default: "")

        apc.mmap_file_mask      If compiled with MMAP support by using --enable-mmap
                                this is the mktemp-style file_mask to pass to the
                                mmap module for determing whether your mmap'ed memory
                                region is going to be file-backed or shared memory
                                backed.  For straight file-backed mmap, set it to
                                something like /tmp/apc.XXXXXX (exactly 6 X's).
                                To use POSIX-style shm_open/mmap put a ".shm"
                                somewhere in your mask.  eg.  "/apc.shm.XXXXXX"
                                You can also set it to "/dev/zero" to use your
                                kernel's /dev/zero interface to anonymous mmap'ed
                                memory.  Leaving it undefined will force an
                                anonymous mmap.
                                (Default: "")

        apc.slam_defense        ** DEPRECATED - Use apc.write_lock instead **
                                On very busy servers whenever you start the server or
                                modify files you can create a race of many processes
                                all trying to cache the same file at the same time.
                                This option sets the percentage of processes that will
                                skip trying to cache an uncached file.  Or think of it
                                as the probability of a single process to skip caching.
                                For example, setting this to 75 would mean that there is
                                a 75% chance that the process will not cache an uncached
                                file.  So the higher the setting the greater the defense
                                against cache slams.  Setting this to 0 disables this
                                feature.
                                (Default: 0)

        apc.file_update_protection
                                When you modify a file on a live web server you really
                                should do so in an atomic manner.  That is, write to a
                                temporary file and rename (mv) the file into its permanent
                                position when it is ready.  Many text editors, cp, tar and
                                other such programs don't do this.  This means that there
                                is a chance that a file is accessed (and cached) while it
                                is still being written to.  This file_update_protection
                                setting puts a delay on caching brand new files.  The
                                default is 2 seconds which means that if the modification
                                timestamp (mtime) on a file shows that it is less than 2
                                seconds old when it is accessed, it will not be cached.
                                The unfortunate person who accessed this half-written file
                                will still see weirdness, but at least it won't persist.
                                If you are certain you always atomically update your files
                                by using something like rsync which does this correctly, you
                                can turn this protection off by setting it to 0.  If you
                                have a system that is flooded with io causing some update
                                procedure to take longer than 2 seconds, you may want to
                                increase this a bit.
                                (Default: 2)

        apc.enable_cli          Mostly for testing and debugging.  Setting this enables APC
                                for the CLI version of PHP.  Normally you wouldn't want to
                                create, populate and tear down the APC cache on every CLI
                                request, but for various test scenarios it is handy to be
                                able to enable APC for the CLI version of APC easily.
                                (Default: 0)

        apc.max_file_size       Prevents large files from being cached.
                                (Default: 1M)

        apc.stat                Whether to stat the main script file and the fullpath
                                includes.  If you turn this off you will need to restart
                                                                                            

     apc.write_lock          On busy servers when you first start up the server, or when
                                many files are modified, you can end up with all your processes
                                trying to compile and cache the same files.  With write_lock
                                enabled, only one process at a time will try to compile an
                                uncached script while the other processes will run uncached
                                instead of sitting around waiting on a lock.
                                (Default: 1)

        apc.report_autofilter   Logs any scripts that were automatically excluded from being
                                cached due to early/late binding issues.
                                (Default: 0)

        apc.rfc1867             RFC1867 File Upload Progress hook handler is only available
                                if you compiled APC against PHP 5.2.0 or later.  When enabled
                                any file uploads which includes a field called
                                APC_UPLOAD_PROGRESS before the file field in an upload form
                                will cause APC to automatically create an upload_<key>
                                user cache entry where <key> is the value of the
                                APC_UPLOAD_PROGRESS form entry.

                                Note that the file upload tracking is not threadsafe at this
                                point, so new uploads that happen while a previous one is
                                still going will disable the tracking for the previous.
                                (Default: 0)

        apc.localcache          This enables a lock-free local process shadow-cache which
                                reduces lock contention when the cache is being written to.
                                (Default: 0)

        apc.localcache.size     The size of the local process shadow-cache, should be set to
                                a sufficently large value, approximately half of num_files_hint.
                                (Default: 512)

        apc.include_once_override
                                Optimize include_once and require_once calls and avoid the
                                expensive system calls used.
                                (Default: 0)

     
  • Official version of nginx for Ubuntu Precise is 1.1.19 but the latest available stable version is 1.2.2 (Changes), In this post I will present you how to update to the latest available version.

    vi /etc/apt/sources.list

    and add depending on your Ubuntu version either

    For Ubuntu 10.04 Lucid:

    deb http://nginx.org/packages/ubuntu/ lucid nginx
    deb-src http://nginx.org/packages/ubuntu/ lucid nginx

    For Ubuntu 12.04 Precise:

    deb http://nginx.org/packages/ubuntu/ precise nginx
    deb-src http://nginx.org/packages/ubuntu/ precise nginx

    Now you can run

    apt-get update

    When using the public nginx repository for Ubuntu, you’ll get this error

    W: GPG error: http://nginx.org lucid Release: The following signatures 
    couldn't be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62

    First of all this is only warning and you can ignore it, if you know what are you doing and in case you prefer to add public key, used for signing packages and repository, just run:

    gpg -a --export 7BD9BF62 |  sudo apt-key add -

    or

    wget http://nginx.org/packages/keys/nginx_signing.key
    cat nginx_signing.key | sudo apt-key add -

    apt-get update should now run fine, however after running an

    apt-get install nginx

    you may still get this kind of error:

    dpkg: error processing /var/cache/apt/archives/nginx_1.2.2-1~precise_amd64.deb (--unpack):
     trying to overwrite '/etc/logrotate.d/nginx', which is also in package nginx-common 1.1.19-1
    dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
    Errors were encountered while processing:
     /var/cache/apt/archives/nginx_1.2.2-1~precise_amd64.deb

    just remove nginx-common and retry

    apt-get remove nginx-common

    More at http://wiki.nginx.org/Install

  • Since I did not find any clear how to on the internet how to run test cases for 3rd party extensions that use Joomla CMS, here is my version of it.

    Prerequisites

    Having PHPUnit properly install, if you use XAMPP you may want to read this post.

     

    How to use PHPUnit in Joomla

    At the root of your Joomla installation directory, make a checkout of https://github.com/joomla/joomla-cms/tree/master/tests/unit

    You’ll need at least the following file

    • ${joomla_root}\tests\unit\bootstrap.php
    • ${joomla_root}\tests\unit\config.php
    • ${joomla_root}\tests\unit\JoomlaDatabaseTestCase.php
    • ${joomla_root}\tests\unit\JoomlaTestCase.php
    • ${joomla_root}\tests\unit\phpunit.xml
    • ${joomla_root}\tests\unit\readme.txt

    config.php is a custom or a copy of your configuration.php

    For your convenience, I provide a zip file (joomla_phpunit_testing.zip), unpack in your Joomla root and you’re done.

    Note when using PHPUnit 3.6 , Joomla should not need to include/require anything PHPUnit related since (at least) PHPUnit 3.6. This create errors otherwise.

    In PHPStorm

    Set Up PHPUnit

    Go to Settings, using CTRL+ALT+S, under PHPUnit, select the option “Use Bootstrap file” and use as value ${joomla_root}\tests\unit\bootstrap.php

    Set Up PHPUnit Skeleton Generator

    Go to Settings, using CTRL+ALT+S, under “Skeleton Generator”

    • Enter for “Path to phpunit-skelgen” the value is  ${xampp_root}\php, for example C:\xampp\php
    • Enter for “use bootstrap file” the value ${joomla_root}\tests\unit\phpunit.xml

    Your first Joomla test case

    Create a test case from any of your Joomla classes, by hitting CTRL+SHIFT+T, this will let you select the method you want to test and generate a runnable albeit incomplete test classes.

    It is only the beginning of testing your Joomla extensions, there is a lot now to learn

    • Mocking objects in Joomla, Stubbing of Joomla classes
    • Invoking protected method using TestReflection::invoke
    • How to create integration tests using the database
    • How to test the user interface using PHPSelenium
    • and more…

    These links may interest you