Vsftpd. 500 OOPS. Virtual users

The following error may occur on the client side: Fatal error: 500 OOPS: priv_sock_get_cmd if running an amd64 kernel with vsftpd-3.0.x.

To solve this bug you will need to add the following to your /etc/vsftpd/vsftpd.conf:

seccomp_sandbox=NO

Refer to https://bugzilla.redhat.com/show_bug.cgi?id=845980 and Gentoo Wiki

P.S.
And just in case add next line to config file

allow_writeable_chroot=YES

for adequate working of virtual users.

CentOS and RTL8188CE 802.11b/g/n WiFi Adapter

I use CentOS6 on my Lenovo Thinkpad X220. This laptop has RTL8188CE 802.11b/g/n WiFi Adapter:

03:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE 802.11b/g/n WiFi Adapter (rev 01)
Subsystem: Realtek Semiconductor Co., Ltd. Device 8195
Flags: bus master, fast devsel, latency 0, IRQ 17
I/O ports at 5000 [size=256]
Memory at f2400000 (64-bit, non-prefetchable) [size=16K]
Capabilities: <access denied>
Kernel driver in use: rtl8192ce
Kernel modules: rtl8192ce

CentOS. Mount cgroups for LXC

A short note :)

We should use following cgroups mount options for LXC on CentOS 6:

$ mount -t cgroup -o cpuset,memory,cpu,devices,net_cls none /cgroup

Or we can add appropriate line to /etc/fstab file.

We have to specify controllers which should be used, because blkio mounts in CentOS6/RHEL6 by default. But this controller doesn’t support nested hierarchy that are necessary for LXC. Ubuntu/Debian doesn’t have such problem.

Nginx with ModSecurity

At my current job we are using Gentoo on our servers in the form of Calculate Linux, so all I write in this post can be applied to this distribution. Earlier we have used Apache, but after we had changed web servers to Nginx it brought up about ModSecurity setup in combination with Nginx.

As ModSecurity support for Nginx is still in beta, only way to build the module and connect it to the nginx is to do it manually. And since nginx does not support dynamic module loading, ModSecurity should be enabled in ./configure options before build.

The latest version of ModSecurity can be found on this page: http://www.modsecurity.org/download/