Wednesday, September 11, 2019

Install Nginx, MariaDB, PHP (LEMP) and WordPress on GCP Free Tier Ubuntu/CentOS VM

I was using LAMP for my WordPress blog for quite a few years. Because of Google Cloud Platform free tier VM's limitation (614M Memory and 1 vCPU), my website always suffering the performance issue if put all of components into one machine. Since last year, I keep trying using a different type of technologies to help. I tried to use Docker, also I separated Mysql db into a different vm. All those changes were working for certain conditions, but not a good enough for GCP f1.micro VM until I find Nginx and MariaDB. This combination has less resource usage and also providing me a possibility to squeeze all components into one GCP free tier f1.micro VM.

This post is to record all steps and commands I used. You will find a YouTube video at the end of post to present the installation process. The whole steps will take 30 minutes to 45 minutes to complete.

Tuesday, September 10, 2019

Nginx Tips and Tricks - Load Balancer Configuration

1. Configure Nginx to do load balancer

If you have multiple sites, you can configure Nginx to load balance between multiple servers.
There are two files you will need to change:

Thursday, September 5, 2019

Monit - Linux Open Source System or Process Monitor Program

1. What is Monit?
Monit is a utility for managing and monitoring processes, programs, files, directories and file systems on a Unix like system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations. E.g. Monit can start a process if it does not run, restart a process if it does not respond and stop a process if it uses too much resources. You can use Monit to monitor files, directories and file systems for changes, such as timestamps changes, checksum changes or size changes.

Monit is controlled via an easy to configure control file (/etc/monit/monitrc) based on a free-format, token-oriented syntax. Monit logs  to syslog or to its own log file (/var/log/monit.log) and notifies you about error conditions via customisable alert messages.

Wednesday, September 4, 2019

Gartner CASB (Cloud Access Security Brokers) Magic Quadrant

Cloud access security brokers have become an essential element of any cloud security strategy, helping organizations govern the use of cloud and protect sensitive data in the cloud. Security and risk management leaders concerned about their organizations’ cloud use should investigate CASBs.


Monday, September 2, 2019

Linux Virtual Machine PHP Invoked OOM-killer (Out of Memory) Issue

One of my GCP VM is running at f1-Micro type which only has limited memory, 614MB. From syslog, I found it has a PHP invoked OOM killer messages. This usually means this server essentially ran out of memory and extra memory should add into this system, Based on some posts online, especially this 2010's  post :

"The Linux kernel likes to always allocate memory if applications asking for it. Per default it doesn’t really check if there is enough memory available. Given that behavior applications can allocate more memory as really is available. At some point it can definitely cause an out of memory situation. As result the OOM killer will be invoked and will kill that process:"

Friday, August 30, 2019

Ubuntu Basic System and Service Configuration Commands

1. Update / Upgrade Commands
  • sudo apt-get update : In a nutshell, apt-get update doesn't actually install new versions of software. Instead, it updates the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.
  • sudo apt-get upgrade : will fetch new versions of packages existing on the machine if APT knows about these new versions by way of apt-get update. An update must be performed first so that apt-get knows that new versions of packages are available.
  • sudo apt-get dist-upgrade: will do the same job which is done by apt-get upgrade, plus it will also intelligently handle the dependencies, so it might remove obsolete packages or add new ones. 

Note: we can combine commands with && signs, such as:
  • sudo apt-get update && sudo apt-get dist-upgrade

Thursday, August 22, 2019

IBM Guardium Installation and Upgrade

Basic Installation 

The IBM Guardium V10.1 Software Appliance Technical Requirements can be found here:  Additional installation detail can be found here:

Wednesday, August 14, 2019

IBM Guardium: Create an Alert / Policy / Classification

An alert is a message indicating that an exception or policy rule violation was detected.
Alerts are triggered in two ways:
  • correlation alert is triggered by a query that looks back over a specified time period to determine if alert threshold has been met. The Guardium Anomaly Detection Engine runs correlation queries on a scheduled basis. By default, correlation alerts do not log policy violations, but they can be configured to do that.
  • real-time alert is triggered by a security policy rule. The Guardium Inspection Engine component runs the security policy as it collects and analyzes database traffic in real time.

Friday, August 2, 2019

Find Website Real IP by Bypassing CDN

There are more and more websites using CDN (Content Delivery Network) to help deliver their contents to end users. It is faster, safer and more reliable. At the same time, CDN such as cloudflare company hides your real ip behind their public ip. Is there a way we can bypassing CDN and find out those websites' real ip addresses.

I found following a couple of websites can help you do that.