SSL strong ciphers

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT

List strong ssl ciphers
#openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT'

specific strong cipher
#openssl ciphers -v 'RC4-SHA:AES256-SHA:AES128-SHA'

test
# openssl s_client -connect SERVERNAME:443 -cipher LOW:EXP


Apache sample
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT

DRBD | MySQL optimization

/etc/drbd.d/global.conf


global {
usage-count yes;
# minor-count dialog-refresh disable-ip-verification
}

common {
protocol               C;
syncer {
rate 50m;
al-extents 3389;
verify-alg sha1;
}
handlers {
pri-on-incon-degr "/usr/lib/drbd/notify-pri-on-incon-degr.sh; /usr/lib/drbd/notify-emergency-reboot.sh; echo b > /proc/sysrq-trigger ; reboot -f";
pri-lost-after-sb "/usr/lib/drbd/notify-pri-lost-after-sb.sh; /usr/lib/drbd/notify-emergency-reboot.sh; echo b > /proc/sysrq-trigger ; reboot -f";
local-io-error "/usr/lib/drbd/notify-io-error.sh; /usr/lib/drbd/notify-emergency-shutdown.sh; echo o > /proc/sysrq-trigger ; halt -f";
# fence-peer "/usr/lib/drbd/crm-fence-peer.sh";
# split-brain "/usr/lib/drbd/notify-split-brain.sh root";
# out-of-sync "/usr/lib/drbd/notify-out-of-sync.sh root";
# before-resync-target "/usr/lib/drbd/snapshot-resync-target-lvm.sh -p 15 -- -c 16k";
# after-resync-target /usr/lib/drbd/unsnapshot-resync-target-lvm.sh;
}

startup {
# wfc-timeout degr-wfc-timeout outdated-wfc-timeout wait-after-sb
become-primary-on both;
wfc-timeout 300;
degr-wfc-timeout 120;
}

options {
# cpu-mask on-no-data-accessible
}

disk {
# size max-bio-bvecs on-io-error fencing disk-barrier disk-flushes
# disk-drain md-flushes resync-rate resync-after al-extents
                # c-plan-ahead c-delay-target c-fill-target c-max-rate
                # c-min-rate disk-timeout
on-io-error detach;
fencing resource-only;
no-disk-barrier;
no-disk-flushes;
}

net {
# protocol timeout max-epoch-size max-buffers unplug-watermark
# connect-int ping-int sndbuf-size rcvbuf-size ko-count
# allow-two-primaries cram-hmac-alg shared-secret after-sb-0pri
# after-sb-1pri after-sb-2pri always-asbp rr-conflict
# ping-timeout data-integrity-alg tcp-cork on-congestion
# congestion-fill congestion-extents csums-alg verify-alg
# use-rle
allow-two-primaries;
after-sb-0pri discard-zero-changes;
after-sb-1pri discard-secondary;
after-sb-2pri disconnect;
max-buffers 8000;
max-epoch-size 8000;
sndbuf-size 512k;

}
}


mysql.res


resource mysql {
# This is the block device path.
device /dev/drbd0;

# We'll use the normal internal metadisk (takes about 32MB/TB)
meta-disk internal;

# This is the `uname -n` of the first node
on db01 {
# The 'address' has to be the IP, not a hostname. This is the
# node's SN (bond1) IP. The port number must be unique amoung
# resources.
address 10.1.2.23:7788;

# This is the block device backing this resource on this node.
disk /dev/vda3;
}
# Now the same information again for the second node.
on db02 {
address 10.1.2.33:7788;
disk /dev/vda3;
}
}

Apache | http authentication

//create passwd file with users
# htpasswd -c /usr/local/etc/users someuser

//to update user
#htpasswd /usr/loca/etc/users someuser

//add this in vhost


                Order deny,allow
                Deny from all
                AuthType Basic
                AuthUserFile /usr/local/etc/users
                AuthName "Login to test environment"
                require valid-user
                Allow from 10.1.1.1
                Satisfy Any