Fun at work!

Archive for the ‘Repost’ Category

Repost: Install svn server on centos 6

SVN – Apache subversion

SVN – Subversion is a versioning and revision control system used by developers to track and keep up earlier versions of their source codes.

In this article we can see how to setup svn server on centos 6.

 

Read more…

Repost: How to compute the MD5 or SHA-1 cryptographic hash values for a file

You can use the File Checksum Integrity Verifier (FCIV) utility to compute the MD5 or SHA-1 cryptographic hash values of a file. For additional information about the File Checksum Integrity Verifier (FCIV) utility, click the following article number to view the article in the Microsoft Knowledge Base:

To compute the MD5 and the SHA-1 hash values for a file, type the following command at a command line:
> FCIV -md5 -sha1 path\filename.ext

For example, to compute the MD5 and SHA-1 hash values for the Shdocvw.dll file in your %Systemroot%\System32 folder, type the following command:

> FCIV -md5 -sha1 c:\windows\system32\shdocvw.dll

Repost: How to install Puppet server and client on CentOS and RHEL

As a system administrator acquires more and more systems to manage, automation of mundane tasks gets quite important. Many administrators adopted the way of writing custom scripts, that are simulating complex orchestration software. Unfortunately, scripts get obsolete, people who developed them leave, and without an enormous level of maintenance, after some time these scripts will end up unusable. It is certainly more desirable to share a system that everyone can use, and invest in tools that can be used regardless of one’s employer. For that we have several systems available, and in this howto you will learn how to use one of them – Puppet.

What is Puppet?

Puppet is an automation software for IT system administrators and consultants. It allows you to automate repetitive tasks such as the installation of applications and services, patch management, and deployments. Configuration for all resources are stored in so called “manifests”, that can be applied to multiple machines or just a single server. If you would like to know more information, The Puppet Labs site has a more complete description of what Puppet is and how it works.

Read more…

Repost: 20 Linux Server Hardening Security Tips

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

Read more…

Repost: How To Edit the Sudoers File on Ubuntu and CentOS

Privilege separation is one of the fundamental security paradigms implemented in Linux and Unix-like operating systems. Regular users operate with limited privileges in order to reduce the scope of their influence to their own environment, and not the wider operating system.

A special user, called root, has “super-user” privileges. This is an administrative account without the restrictions that are present on normal users. Users can execute commands with “super-user” or “root” privileges in a number of different ways.

In this article, we will discuss how to correctly and securely obtain root privileges, with a special focus on editing the /etc/sudoers file.

Read more…

Link

Repost: How to Sign a JAR File

Repost: How to Sign a JAR File

When JAR files need to be downloaded as part of a Java applet or Webstart deployment it is best to digitally sign the JAR files.

Signing with a Test Certificate

1. Make sure that you have a Java SDK keytool and jarsigner in your path. These tools are located in the Java SDK bin directory.

2. Create a new key in a new keystore as follows:

  keytool -genkey -keystore myKeystore -alias myself

You will be prompted for information regarding the new key, such as password, name, etc. This will create the myKeystore file on disk.

3. Then create a self-signed test certificate as follows:

  keytool -selfcert -alias myself -keystore myKeystore

This will prompt you for a password. Generating the certificate may take a few minutes.

4. Check to make sure that everything is okay. To list the contents of the keystore, use this command:

  keytool -list -keystore myKeystore

It should list something like:

  Keystore type: jks
  Keystore provider: SUN

  Your keystore contains 1 entry:
  myself, Tue Jan 23 19:29:32 PST 2001, keyEntry,
  Certificate fingerprint (MD5):
  C2:E9:BF:F9:D3:DF:4C:8F:3C:5F:22:9E:AF:0B:42:9D

5. Finally, sign the JAR file with the test certificate as follows:

  jarsigner -keystore myKeystore test.jar myself

6. Repeat these steps for all your JAR files.

Note that a self-signed test certificate should only be used for internal testing, since it does not guarantee the identity of the user and therefore cannot be trusted. A trustworthy certificate can be obtained from a certificate authority, such as VeriSign orThawte, and should be used when the application is put into production

Make sure you add the following tag to your .jnlp file:

  <security>
    <all-permissions/>
  </security>
Link

Repost: Running IPMI on Linux

Repost: Running IPMI on Linux

What is IPMI?

IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server.

The primary benefits of IPMI are:

  • View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection.
  • Ability to remotely power on, power off, reboot the server and flash the identification light.
  • Ability to set up a console on a serial port and have the BMC redirect that console over a network port, which in cooperation with BIOS level console redirection, gives you the ability to view the BIOS, bootloader, bootup and shutdown procedures and console output should the machine hang or lock up, just as you would if you were interacting with the machine locally. This is called Serial Over Lan (SOL) and is available in IPMI v2.0 as a standard and using non-standard proprietary methods in v1.5.

Essentially, IPMI will save you from a few hundred to over a thousand GBP instead of buying a remote power control unit and SOL will save you the same amount again over buying an IP KVM.

Link

Repost: IPMI on CentOS/RHEL

Repost: IPMI on CentOS/RHEL

The Intelligent Platform Management Interface (IPMI) is a standardized computer system interface used by system administrators for out-of-band management of computer systems and monitoring of their operation. It is a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell. – Wikipedia.org

Link

Repost: 30 Cool Open Source Software I Discovered in 2013

Repost: 30 Cool Open Source Software I Discovered in 2013

From the 30 cool open source software discovered by NixCraft in 2013, I plan to try out several of them in the early part of 2014. Here are my picks:

  • Miro video converter

This is an open source, cross-platform application to convert videos from and to various formats, including formats suitable for devices such as Android/iOS phones. It is simple and easy to use software to convert almost any video to MP4, WebM (vp8), Ogg Theora format. Miro Video Converter is based on FFMPEG and act as a front end to FFMPEG command line tools.

  • OwnCloud – Dropbox alternative for cloud storage service

It is an alternative to Dropbox to run cloud on your own server at home and office. This software is open source software, and it is self hosted. I don’t have to trust third party with my data. I found this software easy to install and quite useful. I started to use it for syncing files and other data. I have been using for couple of months and it has been proven reliable alternative to Dropbox. There are clients available for MS-Windows, OS X, Linux, and mobile apps for iOS and Android devices (or simply access data using the ownCloud web frontend).

  • RackTables – Manage your data center assets like a pro

It is is a datacenter asset management system. With this software one can document hardware assets (such as server, workstations, routers, switches and more), network addresses, space in racks, networks configuration and more:

  1. List of all devices, racks, and enclosures you’ve got
  2. Mount the devices into the racks
  3. Maintain physical ports of the devices and links between them
  4. Manage IP addresses, assign them to the devices and group them into networks
  5. Document your NAT rules, describe your loadbalancing policy and store loadbalancing configuration
  6. Attach files to various objects in the system
  7. Create users, assign permissions and allow or deny any actions they can do
  • Observium – Network observation and monitoring system

Observium is free and open source software written in PHP/MySQL. It collects data from devices using SNMP and presents it via a web interface. It includes support for a wide range of network hardware and operating systems including Cisco, Windows, Linux, HP, Dell, FreeBSD, Juniper, Brocade, Netscaler, NetApp and many more. I use this software along with Nagios to get better understanding of certain devices and technologies. It provides historical and current performance statistics, configuration visualization and syslog capture.

  • luckyBackup data back-up and synchronization tool

luckyBackup is an application for data back-up and synchronization powered by the rsync tool. It is simple to use, fast, safe, reliable and fully customizable backup software. I often set and recommend this too for new Ubuntu/Fedora desktop users to backup their own files.

 

Link

Repost: RedHat / CentOS Install and Configure Cacti Network Graphing Tool

Repost: RedHat / CentOS Install and Configure Cacti Network Graphing Tool

From the official project site:

Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG.

Tag Cloud