How to set the correct Android *.apk MIME Type for Apache Webserver

Android application uses *.apk file as its installation package. It is a variant of the Java JAR file format (which in turn a Zip 2.0 file). Usually the *.apk file is obtained from Android Marketplace, the official channel for getting Android application. However there are some vendors or carriers that allow *.apk file to be downloaded from 3rd-party websites.

Those who elect to upload the *.apk files on their own webserver can add the official Android APK MIME Type to their Apache Web server config file:

Option 1: edit mime.types (for those who have root access)
1. First edit the mime.types file – sudo nano /etc/apache2/mime.types
2. Then add this at the end of the file – application/vnd.android.package-archive
3. Reload the server configuration – “sudo service apache2 reload”
Option 2: edit .htaccess file (for shared server or user who do not have root access)
1. Edit .htaccess
2. Add this line – AddType application/vnd.android.package-archive

This will register the appropriate MIME type for the *.apk file so that both the server and mobile application can handle.

How to solve Apache – Could not reliably determine the server’s fully qualified name – error in Ubuntu

Apache2 web server will almost always display this information message :
"Could not reliably determine the server's fully qualified name"
when it is first started in Ubuntu and Debian server.

The reason behind this message is because the web server fails to find the suitable domain name in the system.

How to remove the message
First, you need to edit “/etc/hosts” file and put your server name of choice in the file. For example:

127.0.0.1 server.mylocal

Then you need to add “ServerName” directive in the “/etc/apache2/apache2.conf” file.

ServerName server.mylocal

Finally, restart the web server for the changes to take effect. You will notice that the information message is gone now.

$ sudo service apache2 restart

Iptables rule to safeguard SSH server from crackers

Secured Shell or SSH is a service to enable users to access remote system securely. However, SSH servers depending on password-based authentication might be vulnerable to dictionary-based (or brute-force) attacks by crackers.

Luckily iptables can be used with ‘–limit-burst‘ and ‘–limit’ option to reduce the number of attempts and connection that a cracking tool can make in a period of time.

For example, in order to limit an IP address to making only 5 connections per minute in burst of 2 connections, you can use this iptables rules:

iptables -A INPUT -p tcp --dport ssh -m limit --limit 5/minute --limit-burst 2 -j ACCEPT

This will result in the iptables will only allow up to 5 connections per minute with 2 maximum initial number of connections, which will make any brute-force or dictionary-based attack uneconomical/unfeasible for the server.

Read more about iptables –limit and –limit-burst in Linux Iptables Limit the number of incoming tcp connection / syn-flood attacks

Restricting normal user account access on Ubuntu Server

Here’s a tip to restrict normal user account access so that common users may not be able to explore other directories beyond his/her own /home directory.

  • First you need to chmod all /home dir to 0700
  • Then, you need to set the default umask to 077, to do that, you ned to edit /etc/profile, and replace “umask 022” with “umask 077“.
  • Optionally, you can also update PAM configuration in /etc/pamd.d/common-session so that the line reads “pam_umask.so umask=077 usergroups

The tips has been adapted from – superuser.com