Galera arbitrator comes with the galera cluster and it’s a daemon to avoid an split brain situation for a mysql cluster typically configured with two nodes. An split brain in clustering is a situation where one node of a cluster is not
MySQL Multi Master replication with Galera
Galera is a synchronous multi-master cluster for MySQL/InnoDB databases. Some features and benefits of Galera are: Synchronous replication. Multi master topology. Read/Write to any cluster node. Automatic membership control. Data consistency between replica nodes. Read and write nodes scalability. Distributed
Making Iptables easier with Shorewall
Shorewall is an open source tool firewall to manage Linux built upon netfilter (iptables,ipchains) systems. It’s an abstraction layer to manage netfilter rules, easier than iptables based in configuration files. In this post I’ll show the basic implementation to begin
Mitigating a SYN Flood Attack
Before speak about syn flood and some possible mitigation for these attacks, we’ve to remember how works a TCP communication between the server and client. Basically a connection between two hosts (A and B) is composed by three steps: 1) Establishes a communication
HTTPS Load Balancer with HAProxy & Stunnel
HAProxy is a load balancer and proxying for TCP and HTTP based applications. This software is supported for very common Unix and Linux based systems, and works with multiple protocols. HAProxy is very common used as a frontend http servers
Configure OpenLDAP with SSL/TLS
To improve the security of the communication with the ldap servers, it’s very interesting to configure the protocol SSL/TLS to encrypt all the data across the network. This configuration requires a valid X.509 certificate signed by a CA (certified authority)
Multi-Master LDAP replication
It’s interesting when you would like to improve the reliability of our LDAP servers or simply the number of queries has increased considerably you need to increase the number of ldap servers to balance the query request to the different
Monitoring system log files with Swatch
Swatch is a software to monitor our log files, and do an action for some events. It’s an efficient way to monitor our system events like attempts to connect to our server, when systems crash or for example when a
Snort from scratch (Part III): Writing Snort rules
Continuing with the posts about Snort Snort from scratch (part II), now we have a complete installation and web interface to monitor our network alerts. One of the most important things when you maintain an IDS like Snort in a
Snort from scratch (Part II): Installing BASE & barnyard2
Continuing with the last post Snort from scratch part I now I’ll explain how to install BASE and barnyard2. BASE (Basic Analysis and Security Engine) provides a web front-end to query and analyze the alerts coming from Snort. The alerts will