Category Archive: Linux

Oct 18

Denyhosts on CentOS

In general, I install fail2ban and denyhosts on all of my external linux servers that have port 22 open.  This is generally only because sftp is also installed on these systems because marketing people don’t know any other options like S3 on AWS. I want to point out the files that need to be looked …

Continue reading »

Feb 04

Ubuntu SNMP config for Zabbix and Checkpoint

I’m setting up SNMP monitoring for our Checkpoint devices in AWS and Zabbix needs the SNMP client configured.  A good tutorial is located here: But adding the templates for checkpoint was more involved than I thought.  I grabbed the templates here: https://share.zabbix.com/network-appliances/checkpoint-fw-1-hardware. Then created the mapping by going to Administrator –> General –> On the …

Continue reading »

Oct 30

Build bitcoind from source Fedora 22

Disclaimer – this does NOT work.  It’s close, but no love. As usual there are no good instructions on the net to do this. First get the source, I already had git installed and I’m actually building Feathercoin instead of bitcoin but it should be the same for both.  Also I’m presuming that you already …

Continue reading »

May 20

Tomcat 8 redirect and force SSL

Edit the tomcat8/conf/server.xml and add the following for 80, and another for 8080 if need be. <Connector port=”80″ protocol=”HTTP/1.1″ connectionTimeout=”20000″ URIEncoding=”UTF-8″ enableLookups=”false” redirectPort=”443″ /> Now Edit the tomcat8/conf/web.xml and at the bottom just above </web-app> put in the following and changing Entire Application to your application in webapps. <!– SSL settings. only allow HTTPS access …

Continue reading »

May 19

Java 8, tomcat 8, SSL setup from pfx, using 443

This took me a day to setup on a new CentOS Amazon image. To be honest I’d never configured SSL for tomcat before, and this was the first time that I’d used tomcat8. So I just want to go over the steps I had to do so I’ll remember all of the tweeks needed. Configuring …

Continue reading »

Dec 05

How to build Openssl from source

Recently we had to install openssl but for the 32-bit platform. This is how I did it. wget http://www.openssl.org/source/openssl-0.9.8x.tar.gz tar zxvf openssl-0.9.8x.tar.gz setarch i386 ./config -m32 shared make clean; make install In general though for anything that you need to build the following command will work: ./configure && make && sudo make install

Oct 22

gpg command line

First create a key: gpg –gen-key For generation I use the default of RSA and RSA, and I use 4096 bits, and i usually let the keys live for 1y. Create a Revocation Certificate so you can Revoke you key on a keyserver gpg –gen-revoke –armor –output=GPGRevocationCertificate.asc your@email.address Create your ASCII public key so other …

Continue reading »

Oct 21

Unix flush or refresh DNS cache

For Red Hat systems the command is service nscd restart For Debian systems its /etc/init.d/nscd restart

Jun 19

chroot sftp in AWS with likewise / pbis 7.5+

Oh the humanity!  Configuring chrooted sftp always seems like a chore when you combine it with an out side authentication like winbind or pbis (Power Broker Identity Services). So configuring /etc/ssh/sshd_config is straight forward.  All you need to change is: http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP   But I kept seeing errors in /var/log/secure that said denied access because they …

Continue reading »

Mar 18

Command line zip, unzip, and tar

In maintaining linux systems I often find that I need to zip the contents of a folder or unzip some settings.  Zip is useful for compressing and transmitting files.  There isn’t anything new here and it is straight out of the man pages but since I only use it once every 6 months I’m going …

Continue reading »

Older posts «