Fun at work!

Archive for the ‘Repost’ Category

Repost: Install svn server on centos 6

SVN – Apache subversion

SVN – Subversion is a versioning and revision control system used by developers to track and keep up earlier versions of their source codes.

In this article we can see how to setup svn server on centos 6.

 

Read more…

Repost: How to compute the MD5 or SHA-1 cryptographic hash values for a file

You can use the File Checksum Integrity Verifier (FCIV) utility to compute the MD5 or SHA-1 cryptographic hash values of a file. For additional information about the File Checksum Integrity Verifier (FCIV) utility, click the following article number to view the article in the Microsoft Knowledge Base:

To compute the MD5 and the SHA-1 hash values for a file, type the following command at a command line:
> FCIV -md5 -sha1 path\filename.ext

For example, to compute the MD5 and SHA-1 hash values for the Shdocvw.dll file in your %Systemroot%\System32 folder, type the following command:

> FCIV -md5 -sha1 c:\windows\system32\shdocvw.dll

Repost: How to install Puppet server and client on CentOS and RHEL

As a system administrator acquires more and more systems to manage, automation of mundane tasks gets quite important. Many administrators adopted the way of writing custom scripts, that are simulating complex orchestration software. Unfortunately, scripts get obsolete, people who developed them leave, and without an enormous level of maintenance, after some time these scripts will end up unusable. It is certainly more desirable to share a system that everyone can use, and invest in tools that can be used regardless of one’s employer. For that we have several systems available, and in this howto you will learn how to use one of them – Puppet.

What is Puppet?

Puppet is an automation software for IT system administrators and consultants. It allows you to automate repetitive tasks such as the installation of applications and services, patch management, and deployments. Configuration for all resources are stored in so called “manifests”, that can be applied to multiple machines or just a single server. If you would like to know more information, The Puppet Labs site has a more complete description of what Puppet is and how it works.

Read more…

Repost: 20 Linux Server Hardening Security Tips

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

Read more…

Repost: How To Edit the Sudoers File on Ubuntu and CentOS

Privilege separation is one of the fundamental security paradigms implemented in Linux and Unix-like operating systems. Regular users operate with limited privileges in order to reduce the scope of their influence to their own environment, and not the wider operating system.

A special user, called root, has “super-user” privileges. This is an administrative account without the restrictions that are present on normal users. Users can execute commands with “super-user” or “root” privileges in a number of different ways.

In this article, we will discuss how to correctly and securely obtain root privileges, with a special focus on editing the /etc/sudoers file.

Read more…

Link

Repost: How to Sign a JAR File

Repost: How to Sign a JAR File

When JAR files need to be downloaded as part of a Java applet or Webstart deployment it is best to digitally sign the JAR files.

Signing with a Test Certificate

1. Make sure that you have a Java SDK keytool and jarsigner in your path. These tools are located in the Java SDK bin directory.

2. Create a new key in a new keystore as follows:

  keytool -genkey -keystore myKeystore -alias myself

You will be prompted for information regarding the new key, such as password, name, etc. This will create the myKeystore file on disk.

3. Then create a self-signed test certificate as follows:

  keytool -selfcert -alias myself -keystore myKeystore

This will prompt you for a password. Generating the certificate may take a few minutes.

4. Check to make sure that everything is okay. To list the contents of the keystore, use this command:

  keytool -list -keystore myKeystore

It should list something like:

  Keystore type: jks
  Keystore provider: SUN

  Your keystore contains 1 entry:
  myself, Tue Jan 23 19:29:32 PST 2001, keyEntry,
  Certificate fingerprint (MD5):
  C2:E9:BF:F9:D3:DF:4C:8F:3C:5F:22:9E:AF:0B:42:9D

5. Finally, sign the JAR file with the test certificate as follows:

  jarsigner -keystore myKeystore test.jar myself

6. Repeat these steps for all your JAR files.

Note that a self-signed test certificate should only be used for internal testing, since it does not guarantee the identity of the user and therefore cannot be trusted. A trustworthy certificate can be obtained from a certificate authority, such as VeriSign orThawte, and should be used when the application is put into production

Make sure you add the following tag to your .jnlp file:

  <security>
    <all-permissions/>
  </security>
Link

Repost: Running IPMI on Linux

Repost: Running IPMI on Linux

What is IPMI?

IPMI is standard which allows remote server management, primarily developed by Intel. IPMI cards, known as Baseboard Management Cards (BMCs) are primitive computers in their own right and are operational all the time, so long as the server has a power source. The server itself does not need to be powered on, or the operating system operational for the BMC to work, it just needs a power source to be connected to the server.

The primary benefits of IPMI are:

  • View server chassis and motherboard sensor output remotely, such as chassis status and intrusion detection.
  • Ability to remotely power on, power off, reboot the server and flash the identification light.
  • Ability to set up a console on a serial port and have the BMC redirect that console over a network port, which in cooperation with BIOS level console redirection, gives you the ability to view the BIOS, bootloader, bootup and shutdown procedures and console output should the machine hang or lock up, just as you would if you were interacting with the machine locally. This is called Serial Over Lan (SOL) and is available in IPMI v2.0 as a standard and using non-standard proprietary methods in v1.5.

Essentially, IPMI will save you from a few hundred to over a thousand GBP instead of buying a remote power control unit and SOL will save you the same amount again over buying an IP KVM.

Tag Cloud