2017-03-21 Michael BoelenSystem Administration 8 comments

Understanding what runs on your Linux system (and why)

Linux processes and daemons Each Linux system has a bunch of processes running. Most of these processes might be familiar to you if you regularly use a command like ps or top to display them. Processes may look like just an item in a list. They are actually complicated pieces of code that are tamed by a memory manager. To truly understand how your system is running, knowledge of process (or memory) management is of great help. So let’s make […]

2016-04-04 (last updated at April 16th, 2017) Michael BoelenNetwork One comment

Linux DNS Tuning for Performance and Resilience

DNS Configuration on Linux We often don’t realize the importance of DNS, or name resolving in our infrastructure. The impact when things go (slightly) wrong is huge. Time to have a good look at improving our DNS configuration. How DNS resolving works When your Linux system needs to know the IP address of a particular host, it will use gethostbyname(3) function. This will use the nsswitch configuration stored in /etc/nsswitch.conf. For the related hosts line, it will determine how to […]

2015-04-16 (last updated at June 30th, 2018) Michael BoelenAccounting, Auditing, Troubleshooting 2 comments

Tuning auditd: high-performance Linux Auditing

The Linux Audit framework is a powerful tool to audit system events. From running executables up to system calls, everything can be logged. However, all this audit logging comes at the price of decreased system performance. Let’s have a look at how we can optimize our audit rules. Performance tips Good auditd performance will reduce stress on the Linux kernel and lower its impact. Before changing anything to your system, we suggest benchmarking your system performance before and after. This […]

2015-03-12 (last updated at October 9th, 2016) Michael BoelenPerformance, System Administration, Web 4 comments

Optimize SSL/TLS for Maximum Security and Speed

Optimize SSL/TLS for Maximum Security and Speed High Goal Setting Recently we changed our corporate website into a “HTTPS only” version. Most of the content is not secret information, still we have some sensitive areas. The ordering section and downloads, and additional our portal. While some areas were already covered with a lock, we felt it was time to make the jump to cover it all. Additionally, we believe that we doing everything we can on our website, practicing security […]