Using the System File Checker Tool

The System File Checker (SFC) tool is a command-line tool that can be used to restore protected system files on your computer by using the backup versions that are stored in the Dllcache folder, or files copied from the Windows XP installation source.

Protected file types include those with .sys, .dll, .exe, .ttf, .fon and .ocx file name extensions.

You must be logged on as an administrator or as a member of the Administrators group to be allowed to run System File Checker.

System File Checker Tool Syntax

• /Scannow: Scans all protected system files immediately and replaces incorrect versions with correct Microsoft versions. This command may require access to the Windows installation source files.
• /Scanonce: Scans all protected system files one time when you restart your computer. This command may require access to the Windows installation source files when you restart the computer.
• /Scanboot: Scans all protected system files every time you start your computer. This command may require access to the Windows installation source files every time you start your computer.
• /Revert: Returns SFC to the default setting (do not scan protected files when you start the computer). The default cache size is not reset when you run this command.
• /Purgecache: Purges the file cache and scans all protected system files immediately. This command may require access to the Windows installation source files.
• /Cachesize=x: Sets the file cache size to x megabytes (MB). The default size of the cache is 50 MB. This command requires you to restart the computer, and then run the /purgecache command to adjust the size of the on-disk cache.

To start using SFC, go to Start > Run, and type cmd in the Open box, then click OK to open a command prompt. Here you can using the command sfc with any of the switches indicated above (most of the time you'll be using sfc /scannow (note the space after sfc).

When you start SFC, you may see the following prompt several times during the process:

What you can do to eliminate this is to copy the I386 folder from your Windows XP CD to your hard drive. Just copy the whole folder to your hard drive. Note that it'll take some 500 MB in size, but with today's large hard drives this shouldn't be a problem. If you didn't get a Windows CD when you purchased your computer, it is likely that this folder will already be on your hard drive.

The next step is to let Windows know where to find the files. Follow these steps:

1. Start the Registry Editor
2. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Setup
3. Double click the value SourcePath in the right pane, and enter the location where you copied the I386 folder (probably you copied the folder in the root of your C drive, thus the value would be C:\.
4. Close the registry editor, and log off from Windows, or restart your computer for the setting to take effect.

Windows will keep track of updated system files that are introduced through the "normal" channels, such as Windows Update, Windows Service Pack installation using Update.exe, Hotfixes installed using Hotfix.exe or Update.exe and Operating system upgrades using Winnt32.exe.

(http://www.helpwithwindows.com/WindowsXP/howto-24.htm)

How To Communicate Like A Pro

Here are six techniques you can use to help you say things simply but persuasively, and even forcefully:

(1) Get your thinking straight. The most common source of confusing messages is muddled thinking. We have an idea we haven't thought through. Or we have so much we want to say that we can't possibly say it. Or we have an opinion that is so strong we can't keep it in. As a result, we are ill prepared when we speak, and we confuse everyone. The first rule of plain talk, then, is to think before you say anything. Organize your thoughts.

(2) Say what you mean. Say exactly what you mean.

(3) Get to the point. Effective communicators don't beat around the bush. If you want someone to buy something, ask for the order. If you want someone to do something, say exactly what you want done.

(4) Be concise. Don't waste words. Confusion grows in direct proportion to the number of words used. Speak plainly and briefly, using the shortest, most familiar words.

(5) Be real. Each of us has a personality -- a blending of traits, thought patterns and mannerisms -- which can aid us in communicating clearly. For maximum clarity, be natural, and let the real you come through. You'll be more convincing and much more comfortable.

(6) Speak in images. The clich? that "a picture is worth a thousand words" isn't exactly true (try explaining the Internal Revenue code using nothing but pictures). But words that help people visualize concepts can be tremendous aids in communicating a message. Once Ronald Reagan's Strategic Defense Initiative became known as Star Wars, its opponents had a powerful weapon against it. The name gave it the image of a far-out, futuristic dream beyond the reach of current technology. Reagan was never able to come up with a more powerful positive image.

Your one-on-one communication will acquire real power if you learn to send messages that are simple, clear, and assertive; if you learn to monitor the hearer to determine that your message was accurately received; and if you learn to obtain the desired response by approaching people with due regard for their behavioral styles.

Your finesse as a communicator will grow as you learn to identify and overcome the obstacles to communication. Practice the six techniques I just mentioned, and you'll find your effectiveness as a message-sender growing steadily.

But sending messages is only half the process of communicating. To be a truly accomplished communicator, you must also cultivate the art of listening.

If you're approaching a railroad crossing around a blind curve, you can send a message with your car horn. But that's not the most important part of your communication task. The communication that counts takes place when you stop, look and listen.

We're all familiar with the warning on the signs at railroad crossings: Stop, Look and Listen. It's also a useful admonition for communication.

It's easy to think of communication as a process of sending messages. But sending is only half the process. Receiving is the other half. So at the appropriate time, we have to stop sending and prepare to receive.

A sign on the wall of Lyndon Johnson's Senate office put it in a down-to-earth way: "When you're talking, you ain't learning."

Listening Pays

Listening pays off daily in the world of business. Smart salespeople have learned that you can talk your way out of a sale, but you can listen your way into one. They listen to their customers to find out what their needs are, then concentrate on filling those needs. Skilled negotiators know that no progress can be made until they have heard and understood what the other side wants.

Listening Requires Thought and Care

Listening, like speaking and writing, requires thought and care. If you don't concentrate on listening, you won't learn much, and you won't remember much of what you learn.

Some experts claim that professionals earn between 40% and 80% of their pay by listening. Yet, most of us retain only 25% of what we hear. If you can increase your retention and your comprehension, you can increase your effectiveness in the 21st century's Age of Information.

Listen With Your Eyes

If you listen only with your ears, you're missing out on much of the message. Good listeners keep their eyes open while listening.

Look for feelings. The face is an eloquent communication medium. Learn to read its messages. While the speaker is delivering a verbal message, the face can be saying, "I'm serious," "Just kidding," "It pains me to be telling you this," or "This gives me great pleasure."

Some non-verbal signals to watch for:

- Rubbing one eye. When you hear "I guess you're right," and the speaker is rubbing one eye, guess again. Rubbing one eye often is a signal that the speaker is having trouble inwardly accepting something.

- Tapping feet. When a statement is accompanied by foot-tapping, it usually indicates a lack of confidence in what is being said.

- Rubbing fingers. When you see the thumb and forefinger rubbing together, it often means that the speaker is holding something back.

- Staring and blinking. If you've made your best offer and the other person stares at the ceiling and blinks rapidly, your offer is under consideration.

- Crooked smiles. Most genuine smiles are symmetrical. And most facial expressions are fleeting. If a smile is noticeably crooked, you're probably looking at a fake smile.

- Eyes that avoid contact. Poor eye contact can be a sign of low self-esteem, but it can also indicate that the speaker is not being truthful.

It would be unwise to make a decision based solely on these visible signals. But they can give you valuable tips on the kind of questions to ask and the kind of answers to be alert for.

Good Listeners Make Things Easy

People who are poor listeners will find few who are willing to come to them with useful information.

Good listeners make it easy on those to whom they want to listen. They make it clear that they're interested in what the other person has to say.

Nido Qubein is president of High Point University, chairman of an international consulting firm, and chairman of Great Harvest Bread Co. with 218 stores in 41 states. He is one of America's foremost experts and speakers on communication, business management, leadership, and success. His many books and audio programs have been translated into nearly two dozen languages and are sold worldwide. For a complete library of free articles, self-evaluation quizzes, and a learning resource center, please visit http://www.nidoqubein.com.

By: Nido Qubein

Website Design and Development Cycle

This is website design and development cycle of g2blue for my personal review.

Website Design Preparation

Appointment of a dedicated Account Manager

We at G2Blue always appoint a dedicated Account Manager. You will have a guaranteed point of contact to enable the efficient and smooth running of any website design or development project we carry out for you.

Understanding of the client's business needs and aspirations through research and one to one meetings

Before we even meet with you we will make every effort to gain an understanding of your business as a whole. What you provide, who you provide it for and how you provide it.

When we meet with you we take time to establish where you would like your business to be, when you want it to be there and what you believe is currently stopping you being there.

Analysis of your existing advertising and branding media resources

We need to bring together your business cards, sign writing, letterheads, newspaper advertising, exhibition stands and product packaging. All these things need to be taken into account when considering your website design and development.

Analysis of your immediate competition

With your help we will establish who competes along side you for business and ensure that we know and understand what your competitors are doing with their websites. This information will allow us to make sure that we provide you with a superior product.

Website Design Conception

Scrapbook design through meetings and examples

Website experiences and design examples are used to complete a rough picture of what you want the website design to look like, and what sort of user experience you expect. We will often ask you for examples of other websites you like the look of and enjoy using.

Multiple website design ideas, discussion and design decision

We will then take all the initial ideas together with your current branding and marketing material to formulate a group of ideas that articulate your company's objectives.

Anchor points discussed and created

We at G2Blue make a point of identifying key anchor points within your website. These areas form critical points of reference for the whole design process and are considered the premier traffic pages.

Refining these ideas will identify the strengths and weaknesses of your website and online strategy. Discussions will run parallel to our analysis of your online business policy, realising your target audience and their requirements.

Information architecture methodology

G2Blue applies 'Information Architecture' (IA) methods to your website design. This is the process of organising and presenting information to help the user find and manage information more successfully.

Please see our Information Architecture datasheet for more details.

The understanding of your information sets the foundations for a good user experience. We will use this to ensure that every user to your site can achieve their goals quickly and simply.

Search engine optimisation

We will optimise and build your website right from the conception phase with high search engine rankings in mind. As we are specialists in search engine optimisation, we will build your site so that it has the best possible chance of a strong presence on the major search engines and directories. Effective search engine optimisation strategies adopted at this early stage in website design and development can significantly result in lower search engine optimisation charges later on.

Specification, site maps and project plan

A written specification is drawn up detailing every page within the website. This helps us to determine the way users are guided and navigated throughout the site, and allows you to clearly see how each aspect of the website is connected to another. Once the specification has been agreed upon, sitemaps are drawn up showing paths through the site that the user might take.

These are comprehensive visual representations of the different features of your site. Quite often alterations are made to the specifications once you have a more visual image through viewing the site map.

Once the written specification and sitemaps have been finalised we can accurately judge the production timescales required to make the site.

G2Blue will produce a project plan that details each task and the time required for building & testing.

There will be milestones within the time line identifying important project dates to act as our progress guide throughout the lifecycle of the project.

Actual production time on the site will begin when all three of these documents have been mutually agreed upon and signed off.

Mutual responsibility, timescales and contract agreed

Contracts will be agreed and signed, they will identify each parties responsibilities from conception to the time when the website appears live on the World Wide Web.

Website Creation

Design update meetings and milestone signoff

Throughout the whole project we will hold regular update meetings. These will comprise of frank and honest discussions concerning the progress of your website design. It is our experience that website development time is significantly reduced by holding update meetings and we recommend that you allocate to us a Project Manager within your company who has responsibility over key decisions to avoid project slip.

Progression viewable online

Website Testing

Technology integration testing

Unlike other website development companies, we will make every effort to make sure that the website we create for you works in any Internet browser available.

This may increase the length of design time required but will ensure that the website has completely seamless online presence.

User interface testing

A comprehensive testing period is always allowed within a website project. We test your website page by page and also allow for at least a week for you to test the site independently.

Website Implementation & Launch

Website live

At a mutually convenient time we will upload your website to the agreed location. Please note that our in-house web servers provide a secure and fast hosting solution for your website.

Training

When we develop a website that requires interaction by your staff we will ensure that all employees concerned are trained properly. There needs to be total understanding and a way for all users to feel confident with the new website. In addition, we know from previous experience that a website needs to be continuously promoted by your employees on a regular basis and as such we recommend a quarterly meeting with your employees accordingly.

Website Review & Support

Review meetings

G2Blue believes that what happens after the delivery of a website is equally as important to all that takes place beforehand. We will agree regular meetings with you to ensure complete satisfaction and understanding of ongoing needs.

Direct query logging with guaranteed response

All of our website designs incorporate a query logging facility that can be used by clients to log queries direct to our designers and developers. We will respond, guaranteed.

All of our account managers have direct telephone numbers that are issued to clients as well as the mandatory email address.

Software Development Life Cycle (SDLC)

Summary: As in any other engineering discipline, software engineering also has some structured models for software development. This document will provide you with a generic overview about different software development methodologies adopted by contemporary software firms. Read on to know more about the Software Development Life Cycle (SDLC) in detail.

Curtain Raiser

Like any other set of engineering products, software products are also oriented towards the customer. It is either market driven or it drives the market. Customer Satisfaction was the buzzword of the 80's. Customer Delight is today's buzzword and Customer Ecstasy is the buzzword of the new millennium. Products that are not customer or user friendly have no place in the market although they are engineered using the best technology. The interface of the product is as crucial as the internal technology of the product.

Market Research

A market study is made to identify a potential customer's need. This process is also known as market research. Here, the already existing need and the possible and potential needs that are available in a segment of the society are studied carefully. The market study is done based on a lot of assumptions. Assumptions are the crucial factors in the development or inception of a product's development. Unrealistic assumptions can cause a nosedive in the entire venture. Though assumptions are abstract, there should be a move to develop tangible assumptions to come up with a successful product.

Research and Development

Once the Market Research is carried out, the customer's need is given to the Research & Development division (R&D) to conceptualize a cost-effective system that could potentially solve the customer's needs in a manner that is better than the one adopted by the competitors at present. Once the conceptual system is developed and tested in a hypothetical environment, the development team takes control of it. The development team adopts one of the software development methodologies that is given below, develops the proposed system, and gives it to the customer.

The Sales & Marketing division starts selling the software to the available customers and simultaneously works to develop a niche segment that could potentially buy the software. In addition, the division also passes the feedback from the customers to the developers and the R&D division to make possible value additions to the product.

While developing a software, the company outsources the non-core activities to other companies who specialize in those activities. This accelerates the software development process largely. Some companies work on tie-ups to bring out a highly matured product in a short period.

Popular Software Development Models

The following are some basic popular models that are adopted by many software development firms

A. System Development Life Cycle (SDLC) Model
B. Prototyping Model
C. Rapid Application Development Model
D. Component Assembly Model

A. System Development Life Cycle (SDLC) Model

This is also known as Classic Life Cycle Model (or) Linear Sequential Model (or) Waterfall Method. This model has the following activities.

1. System/Information Engineering and Modeling

As software is always of a large system (or business), work begins by establishing the requirements for all system elements and then allocating some subset of these requirements to software. This system view is essential when the software must interface with other elements such as hardware, people and other resources. System is the basic and very critical requirement for the existence of software in any entity. So if the system is not in place, the system should be engineered and put in place. In some cases, to extract the maximum output, the system should be re-engineered and spruced up. Once the ideal system is engineered or tuned, the development team studies the software requirement for the system.

2. Software Requirement Analysis

This process is also known as feasibility study. In this phase, the development team visits the customer and studies their system. They investigate the need for possible software automation in the given system. By the end of the feasibility study, the team furnishes a document that holds the different specific recommendations for the candidate system. It also includes the personnel assignments, costs, project schedule, target dates etc.... The requirement gathering process is intensified and focussed specially on software. To understand the nature of the program(s) to be built, the system engineer or "Analyst" must understand the information domain for the software, as well as required function, behavior, performance and interfacing. The essential purpose of this phase is to find the need and to define the problem that needs to be solved .

3. System Analysis and Design

In this phase, the software development process, the software's overall structure and its nuances are defined. In terms of the client/server technology, the number of tiers needed for the package architecture, the database design, the data structure design etc... are all defined in this phase. A software development model is thus created. Analysis and Design are very crucial in the whole development cycle. Any glitch in the design phase could be very expensive to solve in the later stage of the software development. Much care is taken during this phase. The logical system of the product is developed in this phase.

4. Code Generation

The design must be translated into a machine-readable form. The code generation step performs this task. If the design is performed in a detailed manner, code generation can be accomplished without much complication. Programming tools like compilers, interpreters, debuggers etc... are used to generate the code. Different high level programming languages like C, C++, Pascal, Java are used for coding. With respect to the type of application, the right programming language is chosen.

5. Testing

Once the code is generated, the software program testing begins. Different testing methodologies are available to unravel the bugs that were committed during the previous phases. Different testing tools and methodologies are already available. Some companies build their own testing tools that are tailor made for their own development operations.

6. Maintenance

The software will definitely undergo change once it is delivered to the customer. There can be many reasons for this change to occur. Change could happen because of some unexpected input values into the system. In addition, the changes in the system could directly affect the software operations. The software should be developed to accommodate changes that could happen during the post implementation period.

B. Prototyping Model

This is a cyclic version of the linear model. In this model, once the requirement analysis is done and the design for a prototype is made, the development process gets started. Once the prototype is created, it is given to the customer for evaluation. The customer tests the package and gives his/her feed back to the developer who refines the product according to the customer's exact expectation. After a finite number of iterations, the final software package is given to the customer. In this methodology, the software is evolved as a result of periodic shuttling of information between the customer and developer. This is the most popular development model in the contemporary IT industry. Most of the successful software products have been developed using this model - as it is very difficult (even for a whiz kid!) to comprehend all the requirements of a customer in one shot. There are many variations of this model skewed with respect to the project management styles of the companies. New versions of a software product evolve as a result of prototyping.

C. Rapid Application Development (RAD) Model

The RAD modelis a linear sequential software development process that emphasizes an extremely short development cycle. The RAD model is a "high speed" adaptation of the linear sequential model in which rapid development is achieved by using a component-based construction approach. Used primarily for information systems applications, the RAD approach encompasses the following phases:

1. Business modeling

The information flow among business functions is modeled in a way that answers the following questions:

What information drives the business process?
What information is generated?
Who generates it?
Where does the information go?
Who processes it?

2. Data modeling

The information flow defined as part of the business modeling phase is refined into a set of data objects that are needed to support the business. The characteristic (called attributes) of each object is identified and the relationships between these objects are defined.

3. Process modeling

The data objects defined in the data-modeling phase are transformed to achieve the information flow necessary to implement a business function. Processing the descriptions are created for adding, modifying, deleting, or retrieving a data object.

4. Application generation

The RAD model assumes the use of the RAD tools like VB, VC++, Delphi etc... rather than creating software using conventional third generation programming languages. The RAD model works to reuse existing program components (when possible) or create reusable components (when necessary). In all cases, automated tools are used to facilitate construction of the software.

5. Testing and turnover

Since the RAD process emphasizes reuse, many of the program components have already been tested. This minimizes the testing and development time.

D. Component Assembly Model

Object technologies provide the technical framework for a component-based process model for software engineering. The object oriented paradigm emphasizes the creation of classes that encapsulate both data and the algorithm that are used to manipulate the data. If properly designed and implemented, object oriented classes are reusable across different applicationsand computer based system architectures. Component Assembly Model leads to software reusability. The integration/assembly of the already existing software components accelerate the development process. Nowadays many component libraries are available on the Internet. If the right components are chosen, the integration aspect is made much simpler.

Conclusion

All these different software development models have their own advantages and disadvantages. Nevertheless, in the contemporary commercial software evelopment world, the fusion of all these methodologies is incorporated. Timing is very crucial in software development. If a delay happens in the development phase, the market could be taken over by the competitor. Also if a 'bug' filled product is launched in a short period of time (quicker than the competitors), it may affect the reputation of the company. So, there should be a tradeoff between the development time and the quality of the product. Customers don't expect a bug free product but they expect a user-friendly product. That results in Customer Ecstasy!

Stylusinc.com

How to convert .bin to iso image, whithout having .cue file.

Sometimes you need to make an iso image out of a .bin file, where you usually use bchunk (binchunker).

To get binchunker, type the following command :

sudo apt-get install bchunk

now to use is it , either:

(1) You have the .cue file ,then you just type the following command :

bchunk filename.bin filename.cue filename

(2)Or, If you don’t have the .cue file, .cue file usually contains the track layout information, and it only contains the following lines :

FILE ”BinFileName.bin” BINARY
TRACK 01 MODE1/2352
INDEX 01 00:00:00

Where MODE1 , is the track mode when it is a computer cd, and MODE2 if it is a PlayStation cd.
you can write a one file of shell script to do all of this foe you , just make a new file :

gedit biniso &

Paste the following lines,(you can always use the ampersand at the end of your command to keep the acess to your command line , you don’t need to open a new shell. It is very useful when you run programs from the terminal like “sudo nautilus”, or “mathematica” ):

echo FILE ”$1.bin” BINARY >> $1.cue
echo TRACK 01 MODE1/2352 >> $1.cue
echo INDEX 01 00:00:00 >> $1.cue
bchunk $1.bin $1.cue $1_
rm $1.cue

Where the first three lines are to write the .cue file, the fourth line is the bchunk conversion command ,and the last line is to remove the .cue file.
Save and close , make it executable:

sudo chmod a+x biniso

Now all what you need to do is to run the following command:
./biniso binfilename

You can also place your biniso file in the /usr/local/bin, in the following way :

sudo mv biniso /usr/local/bin

where if you do so you can access it from any path , but the run command is a little different :

biniso binfilename

By now , most probably you have your iso image, you can either burn it , or mount it.

To mount it, first make a directory for the iso image to be mounted to :

sudo mkdir /media/iso

Then you mount the image :
sudo mount -t iso9660 isofilename /media/iso -o loop

To unmount it :

sudo umount /media/iso

(http://linuxexpert.wordpress.com)


Alkaline Foods to Help Raise your pH Level

Proper pH levels are essential to good health. If our blood is too acidic or too alkaline, it can trigger defense mechanisms that may compensate for the problem at hand, but could potentially cause other problems. We can protect ourselves, and possibly turn these problems around, by eating foods with the proper pH.

Acidosis occurs when our blood pH is too low. It is associated with fatigue, and it is also found in sufferers of many chronic diseases, including cancer. Here are some alkaline foods that can help raise your pH level and restore good health.

Slightly Alkaline Foods

These foods are only slightly alkaline, and can be used when your pH is only slightly low:

* Peas
* Watermelons
* Apples
* Blueberries
* Pears
* Grapes
* Onions
* Bananas
* Raspberries
* Peaches
* Tomatoes
* Oranges
* Lemons
* Apricots
* Grapefruits
* Potatoes (sweet or white)
* Strawberries
* Tangerines

Medium Alkaline Foods

* Cherries
* Limes
* Green Beans
* Dried Dates
* Raisins
* Avocado
* Pineapple
* Cauliflower
* Mushrooms
* Rutabagas
* Radishes
* Cucumbers
* Green Soy Beans
* Brussels Sprouts
* Beets

High Alkaline Foods

These foods have the highest alkalinity you can find in natural food sources. They can be helpful if your pH level is extremely low. If it’s not very low, consider trying some of the lower alkaline foods first.

* Broccoli
* Cabbage
* Rhubarb
* Lima Beans
* Lettuce
* Sauerkraut
* Watercress
* Chard
* Dried Beans
* Carrots
* Dried Figs
* Celery
* Molasses
* Beet Greens
* Raw Spinach

Eating foods that help raise pH levels can be beneficial to those with low energy levels. They can also help patients with a variety of diseases, including cancer, diabetes, gall stones and more. These and most other diseases are dependent on an acidic, low oxygen environment for survival.

If you are suffering from alkalosis, the foods in the above lists are best avoided until your pH is restored to normal levels. There are plenty of other healthy foods you can eat that will help lower your pH.

For initial pH level testing, it’s best to consult your doctor. He (or she) may give you a blood test called an electrolyte panel, which will tell him, among other things, the pH level of your blood. Once he has determined where your pH levels stand, you can use litmus paper to test your pH levels at home. The reason that it’s important to get an official test first is because home pH tests are not as accurate. But if used properly, they can give you a general idea of which direction your levels are moving in.

http://www.fitwatch.com/

20 ways to Secure your Apache Configuration

Some useful tips for securing apache thanks to http://www.petefreitag.com/item/505.cfm

Here are 20 things you can do to make your apache configuration more secure.

Disclaimer: The thing about security is that there are no guarantees or absolutes. These suggestions should make your server a bit tighter, but don't think your server is necessarily secure after following these suggestions.

Additionally some of these suggestions may decrease performance, or cause problems due to your environment. It is up to you to determine if any of the changes I suggest are not compatible with your requirements. In other words proceed at your own risk.

First, make sure you've installed latest security patches

There is no sense in putting locks on the windows, if your door is wide open. As such, if you're not patched up there isn't really much point in continuing any longer on this list. Go ahead and bookmark this page so you can come back later, and patch your server.

Hide the Apache Version number, and other sensitive information.

By default many Apache installations tell the world what version of Apache you're running, what operating system/version you're running, and even what Apache Modules are installed on the server. Attackers can use this information to their advantage when performing an attack. It also sends the message that you have left most defaults alone.

There are two directives that you need to add, or edit in your httpd.conf file:

ServerSignature Off
ServerTokens Prod

The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.

The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header. By setting it to Prod it sets the HTTP response header as follows:

Server: Apache

If you're super paranoid you could change this to something other than "Apache" by editing the source code, or by using mod_security (see below).

Make sure apache is running under its own user account and group

Several apache installations have it run as the user nobody. So suppose both Apache, and your mail server were running as nobody an attack through Apache may allow the mail server to also be compromised, and vise versa.

User apache
Group apache

Ensure that files outside the web root are not served

We don't want apache to be able to access any files out side of its web root. So assuming all your web sites are placed under one directory (we will call this /web), you would set it up as follows:

 Order Deny,Allow
 Deny from all
 Options None
 AllowOverride None


 Order Allow,Deny
 Allow from all

Note that because we set Options None and AllowOverride None this will turn off all options and overrides for the server. You now have to add them explicitly for each directory that requires an Option or Override.

Turn off directory browsing

You can do this with an Options directive inside a Directory tag. Set Options to either None or -Indexes

Options -Indexes

Turn off server side includes

This is also done with the Options directive inside a Directory tag. Set Options to either None or -Includes

Options -Includes

Turn off CGI execution

If you're not using CGI turn it off with the Options directive inside a Directory tag. Set Options to either None or -ExecCGI

Options -ExecCGI

Don't allow apache to follow symbolic links

This can again can be done using the Options directive inside a Directory tag. Set Options to either None or -FollowSymLinks

Options -FollowSymLinks

Turning off multiple Options

If you want to turn off all Options simply use:

Options None

If you only want to turn off some separate each option with a space in your Options directive:

Options -ExecCGI -FollowSymLinks -Indexes

Turn off support for .htaccess files

This is done in a Directory tag but with the AllowOverride directive. Set it to None.

AllowOverride None

If you require Overrides ensure that they cannot be downloaded, and/or change the name to something other than .htaccess. For example we could change it to .httpdoverride, and block all files that start with .ht from being downloaded as follows:

AccessFileName .httpdoverride

   Order allow,deny
   Deny from all
   Satisfy All

Run mod_security

mod_security is a super handy Apache module written by Ivan Ristic, the author of Apache Security from O'Reilly press.

You can do the following with mod_security:

• Simple filtering
• Regular Expression based filtering
• URL Encoding Validation
• Unicode Encoding Validation
• Auditing
• Null byte attack prevention
• Upload memory limits
• Server identity masking
• Built in Chroot support
• And more

Disable any unnecessary modules

Apache typically comes with several modules installed. Go through the apache module documentation and learn what each module you have enabled actually does. Many times you will find that you don't need to have the said module enabled.

Look for lines in your httpd.conf that contain LoadModule. To disable the module you can typically just add a # at the beginning of the line. To search for modules run:

grep LoadModule httpd.conf

Here are some modules that are typically enabled but often not needed: mod_imap, mod_include, mod_info, mod_userdir, mod_status, mod_cgi, mod_autoindex.

Make sure only root has read access to apache's config and binaries

This can be done assuming your apache installation is located at /usr/local/apache as follows:

chown -R root:root /usr/local/apache
chmod -R o-rwx /usr/local/apache

Lower the Timeout value

By default the Timeout directive is set to 300 seconds. You can decrease help mitigate the potential effects of a denial of service attack.

Timeout 45

Limiting large requests

Apache has several directives that allow you to limit the size of a request, this can also be useful for mitigating the effects of a denial of service attack.

A good place to start is the LimitRequestBody directive. This directive is set to unlimited by default. If you are allowing file uploads of no larger than 1MB, you could set this setting to something like:

LimitRequestBody 1048576

If you're not allowing file uploads you can set it even smaller.

Some other directives to look at are LimitRequestFields, LimitRequestFieldSize and LimitRequestLine. These directives are set to a reasonable defaults for most servers, but you may want to tweak them to best fit your needs. See the documentation for more info.

Limiting the size of an XML Body

If you're running mod_dav (typically used with subversion) then you may want to limit the max size of an XML request body. The LimitXMLRequestBody directive is only available on Apache 2, and its default value is 1 million bytes (approx 1mb). Many tutorials will have you set this value to 0 which means files of any size may be uploaded, which may be necessary if you're using WebDAV to upload large files, but if you're simply using it for source control, you can probably get away with setting an upper bound, such as 10mb:

LimitXMLRequestBody 10485760

Limiting Concurrency

Apache has several configuration settings that can be used to adjust handling of concurrent requests. The MaxClients is the maximum number of child processes that will be created to serve requests. This may be set too high if your server doesn't have enough memory to handle a large number of concurrent requests.

Other directives such as MaxSpareServers, MaxRequestsPerChild, and on Apache2 ThreadsPerChild, ServerLimit, and MaxSpareThreads are important to adjust to match your operating system, and hardware.

Restricting Access by IP

If you have a resource that should only by accessed by a certain network, or IP address you can enforce this in your apache configuration. For instance if you want to restrict access to your intranet to allow only the 176.16 network:

Order Deny,Allow
Deny from all
Allow from 176.16.0.0/16
 

Or by IP:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

Adjusting KeepAlive settings

According to the Apache documentation using HTTP Keep Alive's can improve client performance by as much as 50%, so be careful before changing these settings, you will be trading performance for a slight denial of service mitigation.

KeepAlive's are turned on by default and you should leave them on, but you may consider changing the MaxKeepAliveRequests which defaults to 100, and the KeepAliveTimeout which defaults to 15. Analyze your log files to determine the appropriate values.

Run Apache in a Chroot environment

chroot allows you to run a program in its own isolated jail. This prevents a break in on one service from being able to effect anything else on the server.

It can be fairly tricky to set this up using chroot due to library dependencies. I mentioned above that the mod_security module has built in chroot support. It makes the process as simple as adding a mod_security directive to your configuration:

SecChrootDir /chroot/apache

There are however some caveats however, so check out the docs for more info.

Acknowledgments

I have found the book Apache Security to be a highly valuable resource for securing an apache web server. Some of the suggestions listed above were inspired by this book.