In general, I install fail2ban and denyhosts on all of my external linux servers that have port 22 open. This is generally only because sftp is also installed on these systems because marketing people don’t know any other options like S3 on AWS. I want to point out the files that need to be looked …
Category Archive: Linux
Feb 04
Ubuntu SNMP config for Zabbix and Checkpoint
I’m setting up SNMP monitoring for our Checkpoint devices in AWS and Zabbix needs the SNMP client configured. A good tutorial is located here: But adding the templates for checkpoint was more involved than I thought. I grabbed the templates here: https://share.zabbix.com/network-appliances/checkpoint-fw-1-hardware. Then created the mapping by going to Administrator –> General –> On the …
Oct 30
Build bitcoind from source Fedora 22
Disclaimer – this does NOT work. It’s close, but no love. As usual there are no good instructions on the net to do this. First get the source, I already had git installed and I’m actually building Feathercoin instead of bitcoin but it should be the same for both. Also I’m presuming that you already …
May 20
Tomcat 8 redirect and force SSL
Edit the tomcat8/conf/server.xml and add the following for 80, and another for 8080 if need be. <Connector port=”80″ protocol=”HTTP/1.1″ connectionTimeout=”20000″ URIEncoding=”UTF-8″ enableLookups=”false” redirectPort=”443″ /> Now Edit the tomcat8/conf/web.xml and at the bottom just above </web-app> put in the following and changing Entire Application to your application in webapps. <!– SSL settings. only allow HTTPS access …
May 19
Java 8, tomcat 8, SSL setup from pfx, using 443
This took me a day to setup on a new CentOS Amazon image. To be honest I’d never configured SSL for tomcat before, and this was the first time that I’d used tomcat8. So I just want to go over the steps I had to do so I’ll remember all of the tweeks needed. Configuring …
Dec 05
How to build Openssl from source
Recently we had to install openssl but for the 32-bit platform. This is how I did it. wget http://www.openssl.org/source/openssl-0.9.8x.tar.gz tar zxvf openssl-0.9.8x.tar.gz setarch i386 ./config -m32 shared make clean; make install In general though for anything that you need to build the following command will work: ./configure && make && sudo make install
Oct 22
gpg command line
First create a key: gpg –gen-key For generation I use the default of RSA and RSA, and I use 4096 bits, and i usually let the keys live for 1y. Create a Revocation Certificate so you can Revoke you key on a keyserver gpg –gen-revoke –armor –output=GPGRevocationCertificate.asc your@email.address Create your ASCII public key so other …
Oct 21
Unix flush or refresh DNS cache
For Red Hat systems the command is service nscd restart For Debian systems its /etc/init.d/nscd restart
Jun 19
chroot sftp in AWS with likewise / pbis 7.5+
Oh the humanity! Configuring chrooted sftp always seems like a chore when you combine it with an out side authentication like winbind or pbis (Power Broker Identity Services). So configuring /etc/ssh/sshd_config is straight forward. All you need to change is: http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP But I kept seeing errors in /var/log/secure that said denied access because they …
Mar 18
Command line zip, unzip, and tar
In maintaining linux systems I often find that I need to zip the contents of a folder or unzip some settings. Zip is useful for compressing and transmitting files. There isn’t anything new here and it is straight out of the man pages but since I only use it once every 6 months I’m going …
Recent Comments