the

Little Projects

of Shawn M. Jones

Yesterday I realized that I hadn’t been getting any emails from my web/mail server. It was quite odd.

Looking in my SPAM folder I found all of the system emails that had been tagged and sent there. Every once in a while some legitimate (“HAM”) gets marked as SPAM and put in there.

I wasn’t expecting Logwatch emails to be easily marked as SPAM.

So, I checked out why it was listing them as such, and it led me to this line:

X-Spam-Status: Yes, score=6.4 required=5.0tests=ALL_TRUSTED,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,WHOIS_DMNBYPROXY,WHOIS_PRIVACYPOST autolearn=no version=3.2.1

As the Logwatch file reports on SPAM and associated information, I can see why it might have tripped the URI Black Lists (URIBL) and maybe the WHOIS rules, but it still didn’t make sense to me.

Usually if something is marked ALL_TRUSTED, no further checking is done, but I realize that in CentOS-5, this no longer appears to be the case. You are expected to set it up.

So, I edited /usr/share/spamassassin/60_shortcircuit.cf and uncommented the following line:

# if you have taken the time to correctly specify your "trusted_networks",# this is another good way to save CPUshortcircuit ALL_TRUSTED on

I think this should work.

I know many of you out there are saying “mod_security’s been around forever and you’re just reading about it now?”

The truth is that I’ve heard of it, but hadn’t had both the time and the reminder to implement it until now.

The module provides Apache with application-level firewalling, protecting it from all manner of web attacks.

It’s relatively easy to use these days.

Download it from: http://www.modsecurity.org/download/index.html
Install it as per the README

Then you have to do some stuff that’s not in the docs I found, hence I’m writing this blog post.

Edit /etc/httpd/conf/httpd.conf

Put the following directives in:

LoadFile /usr/lib/libxml2.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so

That mod_unique_id isn’t mentioned in the directions. Ergh!

Also, make sure you download the rules too.

You unzip/tar them into your /etc/httpd/conf.d directory (or make your own modsecurity directory and tell Apache to Include it).

Restart Apache.

Now you’ve got an application-level firewall on your web server. It took less than half an hour. Most of that was reading docs.

No doubt, you’ll have noted some changes to the web site.

On Monday evening I rented a newer, cheaper, server from Layered Tech, saving myself about $20 a month. I told them to keep the old server online until the end of the billing cycle, figuring I had about a week to pull my data off of the server and make sure this one worked ok.

The end of the billing period was yesterday. I scrambled to get the data off of my server and onto the new server before the folks over there obeyed my direction to “shut it off at the end of the billing cycle”. Yeah. That was smart, so I made some changes while I was at it.

The new server runs CentOS 5, a newer, more up-to-date version of CentOS. It includes all kinds of goodies under the hood that will likely go unnoticed by visitors and bystanders, but it will allow me to do some things that CentOS 4 was holding me back on, mostly with PHP and Ruby on Rails. I like tinkering with my computers, and having the interpreters that work with the software I want to play with helps.

I’ve also got an (almost) fully functional web server. I still need to edit the skin for this site a bit, as well as load all over the old blog posts (that’ll take a bit), but all in all, I’m pretty close to being done for now.

As far as the site is concerned, gone is the ever growing list of projects that I did not have enough time to document with its own set of articles, wiki entries, and blog entries. I realized that I put everything into the blog and can handle it with categories and tags rather than creating an increasingly chaotic wiki.

Let me know what you think. Old blog posts should be back up soon.

Photos may take a while.