After installing a new Linux kernel, old kernels are not automatically deleted. They remain in your disk (/boot partition). You have to delete them manually. Why?
The main reason is to save disk space, which occupied by old kernels. Some systems may become unusable if not enough disk space is available in /boot partition. However, disk space is not a problem in modern systems.
You will never delete your current kernel, of course. It is recommended to keep at least one or two older kernels, so you can boot your system in an emergency situation (hardware or software compatibility issues with the current kernel).
rsync is probably the most common solution for backup on Linux, because it is extremely fast and makes incremental backups (transfer "only differences" between two versions of a file), which is extremely useful in network backups.
However, synchronization (sync) a folder to a backup device, is far from being considered "backup", as it does not keep old versions of files. The problem is solved with rsync as described in the famous article Easy Automated Snapshot-Style Backups with Linux and Rsync, by Mike Rubel.
Postgresql update is not a trivial task.
According to PostgreSQL Versioning policy:
A major release is numbered by increasing either the first or second part of the version number, e.g. 9.1 to 9.2.
Minor releases are numbered by increasing the third part of the version number, e.g. 9.2.3 to 9.2.4
Upgrading to a minor version is done through the upgrade process of Debian.
For major versions, the process is much more complex. This post describes the upgrading from 9.4 to 9.5 in a Debian (Jessie) server.
More and more companies use SSL certificates (small data files that digitally bind a cryptographic key) to protect their customers sensitive data, as username, password and credit card number, as they are transmitted over the internet.
There is a large number of companies provide SSL certificates (Certificate authorities) - see here - and a wide variety of SSL certificates. So, it is often difficult for the average user to choose the right SSL certificate.
In the following post I describe the process of obtaining and installing a Comodo PositiveSSL SSL certificate on a Debian server with Apache 2.4.10 over port 443 for domain "site.com" There are small differences in this procedure in other operating systems and web servers. You will usually find detailed documentation on the site where you purchased the SSL certificate.
One of the advantages of Debian operating system is the ability to live update a production server from current to next release. Under normal circumstances you do not have to re-setup the system. So you avoid downtime, something critical for server systems.
There are possibilities this procedure to fail, so you must take a full system backup before.
Debian Jessie ships with Apache 2.4 There are some important changes with this version, which could break your current configuration. Details below.
The same procedure can be applied to desktop machines. There is more complexity in this case, due to graphical desktop environment.
Detailed official documentation is available here: Upgrades from Debian 7 (wheezy).
Here I describe a successful upgrade of a Debian LAMP server system from Wheezy to Jessie.
Debian 8.0 Jessie was initially released on April 26th, 2015. Jessie is powered by Linux kernel 3.16. Jessie ships with a new default init system, systemd. The sysvinit init system is still available in Jessie. More information here.
In this post I describe a dedicated server setup, using Debian Jessie. It is a Hetzner EX40 dedicated server with IP 22.214.171.124. My blog, my company website and some other web projects will be hosted in this server.
I use DnsMadeEasy for all my DNS needs. I use No IP for email forwarding to Gmail. So I will not setup bind name server or a full blown mail server. Default Debian MTA (exim4) is enough for the server to send emails.
I selected a minimal Debian amd64 server (basic Debian system and SSH). Thanks to Hetzner staff, the server was up and running in less than 10 minutes. As usual, they sent me the IP and root password. Below I describe the whole procedure after this point.
Mod-security is a (third party) module of Apache (recently Microsoft IIS και NGINX) offering intrusion detection and (some kind of) prevention for web applications, acting as a web application firewall. The mod_security module created by Ivan Ristic (writer of the relevant book), but, now, is actually a service of Trustwave.
Indicative types of attacks:
Debian is an ideal solution for servers. Stability is the main advantage of Debian. At the same time the stable Debian version doesn't contain the most recent packages. So, Debian is not one of first choices for someone who wants to use Linux for Desktop. Probably he/she will choose Ubuntu or Linux Mint or Fedora.
I use Archlinux on my desktop PC. Even if Archlinux is not suitable for the novice Linux user, it is rock solid, it contains cutting edge software and you can find any package you want in its repositories (official or AUR). But, recently, I setup a Fujitsu Siemens AMILO Notebook Xi 3650 with Debian 7 Wheezy and XFCE4. I was surprised with the final result! Not a super cool and fancy desktop, but a nice environment with great support for sound, Flash, Nvidia and any kind of networking "out of the box".
If you want to access via the internet a computer which is behind a NAT router and it has not direct access to the internet, you need a VPN solution. If the router has not a static IP, you need a Dynamic DNS solution, like No-IP or any other dyndns provider. Most routers support DynDNS "out of the box".
You have to forward UDP port 1194 from the router/gateway to the machine running the OpenVPN server.
OpenVPN is an excellent open source solution. Excellent
documentation is available
also provides commercial services. Here is described the most common
scenario, when you are using the community
edition of OpenVPN. The server will obtain an IP like
and your client computer (laptop, workstation etc) a similar IP e.g.
So the connection becomes possible, while OpenVPN is running.
Setting up your Linux workstation or a virtual machine, there is no public IP or domain available. If you want to send mail from this machine, reverse DNS will fail and you will get the following error message:
Helo command rejected: need fully-qualified hostname