You are here: Home / Blog / Archives for vnsec

Gentoo: How to install Zine+lighttpd in 5 minutes

December 3, 2009 by vnsec · Leave a Comment 

This is how you can get Zine + lighty running under Gentoo in 5 minutes

  1. Install the required python packages for Zine
    2. (root) # cat >> /etc/portage/package.keywords
 dev-python/werkzeug
 dev-python/Babel
 dev-python/html5lib
 dev-python/flup
 dev-python/sqlalchemy

(root) # emerge -av sqlalchemy jinja2 werkzeug simplejson html5lib pytz Babel lxml flup
  2. Download and Install Zine
    3. (download) $ wget http://zine.pocoo.org/releases/Zine-0.1.2.tar.gz
(download) $ tar zxvf Zine-0.1.2.tar.gz
(download) $ cd Zine-0.1.2

# Use --prefix to install zine to a different location than default (/usr)
(Zine-0.1.2) $ ./configure --prefix=/srv/usr && make install

# Create a working directory for your Zine fastcgi and configuration files
(Zine-0.1.2) $ mkdir -p /var/www/zine
(Zine-0.1.2) $ cp servers/zine.fcgi /var/www/zine

# Edit zine.fcgi to update INSTANCE_FOLDER and ZINE_LIB
(Zine-0.1.2) $ nano /var/www/zine/servers/zine.fcgi

    INSTANCE_FOLDER = ‘/var/www/zine’
    ZINE_LIB = ‘/srv/usr/lib/zine’

    (Zine-0.1.2) $ chown lighttpd /var/www/zine
(Zine-0.1.2) $ chmod 755 /var/www/zine/zine.fcgi
  3. Update lighttpd configuration
    4. # Edit /etc/lighttpd/mod_fastcgi.conf for global fcgi handler setup or
# add fastcgi.server to your VHOST config
(root) # nano /etc/lighttpd/mod_fastcgi.conf

    fastcgi.server = (”" =>
    ((
    “bin-path” => “/var/www/zine/zine.fcgi”,
    “socket” => “/tmp/fcgi-zine.socket”,
    “check-local” => “disable”
    )))

  4. Restart your lighttpd!
Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Add to favorites
  • Reddit
  • Technorati
  • Tumblr
  • Twitter
  • Slashdot
  • Identi.ca

Filed under Misc · Tagged with , ,

Powered by the buggy Wordpress!

November 28, 2009 by vnsec · 1 Comment 

As you may notice that vnsecurity.net server has been taken offline since the beginning of last week for the server upgrade. Our new server has a much better HW specs compare to the old one.

We’ve also replaced the great Plone/ZODB/Python with the buggy Wordpress/Mysql/PHP for our website. I myself really like the Zope Workflow and Zope Object Database with the great fine-grained access control but many members doesn’t like Plone and it’s a bit slow especially on a few years old HW with only 1GB RAM (there were 03 Plone’s instances running for vnsec, vnsecon and vithon.org websites which used all of the 1GB memory).

I don’t trust PHP & PHP Apps. Wordpress/PHP, with a massive number of security bugs in the past, makes me feel unsafe :). Secunia has a good list of WordPress 2.x vulnerabilities and 07 bugs are still unpatched.

But on the other side, WP has some really nice plugins and themes which save my time. It’s like replacing the great & responsible old lady babysitter to a new sexy but “dangerous” young college girl. I hope that some additional protection layers and access restriction to the backend would help to save my a$$ from WP’s bugs.

Cheers!

Babysitter___comic_by_TwinTwosGirl

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Add to favorites
  • Reddit
  • Technorati
  • Tumblr
  • Twitter
  • Slashdot
  • Identi.ca

Filed under Site News, Web Security · Tagged with