Author: Josh
-
Enable Remote Desktop Sharing on MAC OSX 10.7 From the CLI
I recently had an issue with a customer where I needed to enable remote screen sharing (VNC) on a MAC OSX server from an SSH terminal. Thanks to this post, I was able to get it started up with this command. sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -restart -agent -privs -all To connect from a…
-
Nginx and Daemontools – nginx can’t bind – (98: Address already in use.)
A common question or issue that I’ve noted when helping customers when using nginx with daemontools is a flood of messages to the error log relating to a failure to bind on port 80 (or whichever port is configured) like the following: ==> logs/error.log
-
Require TLS on OpenLDAP
A common question that comes up on the LDAP mailing list and among peers of mine who work with OpenLDAP is “how do I force clients to use secure connections when connecting to my LDAP directory?”. The correct way to require TLS using OpenLDAP is to set minssf=256 under cn=config using the olcSecurity attribute. Here…
-
Securing a hackintosh ?
If you ever have to use a hackintosh and are interested in creating a secure encrypted environment to work in, this article will tell you how.
-
Apache logs – owned by root ?
While working through an issue with php-ldap I was running an strace on apache and noticed there were some access denied errors when a process was attempting to write to the apache error_log. Now this was interesting as apache typically opens the log files as root and does not require the log permissions to be…
-
SSH Public Key Authentication via OpenLDAP on RHEL/CentOS 6.x
With the release of RHEL/CentOS 6.x there are some changes to the way clients authenticate using public keys over SSH with keys stored in OpenLDAP. I was able to get this working with the following modifications. Pre-requisites: * RHEL / CentOS 6.x * openssh-ldap Setup the sshd_config by setting up the AuthorizedKeysCommand. This will execute…
-
Enabling mod_status in an Apache Virtual Host that is using mod_proxy
I recently ran into an issue where I needed to monitor a reverse proxy which proxied requests to several internal servers (aka load balancer). The issue was that all requests going to this specific virtual host were proxied to the balancer members configured within the virtual host, including requests to /server-status. The fix is to…
-
TLS Issue with Amazon OpenLDAP 2.4.23-15
Today I had an issue getting a good TLS connection from an OpenLDAP client to an OpenLDAP server on an EC2 instance using the packages supplied by Amazon. The problem packages were: openldap-2.4.23-15.13.amzn1.x86_64 openldap-clients-2.4.23-15.13.amzn1.x86_64 The problem was resolved through updating to version 2.4.23-20 via: yum -y update openldap-clients The problem was produced via the following…
-
Configuring Existing OpenLDAP 2.4+ Directory to Accept TLS Connections
This tip assumes that OpenLDAP is currently running properly on port 389 without SSL/TLS configured and that the database is being used to store the config file via cn=config. 1. Generate an SSL key pair a. private key openssl genrsa -out slapd.key 2048 b. self-signed certificate re: http://www.openssl.org/docs/HOWTO/certificates.txt openssl req -new -x509 -key slapd.key -out…
-
MySQL Backup over SSH to Another Host
A problem that I’ve had a few times is to backup a MySQL database before decommissioning a server. Oftentimes the server is not large enough to accommodate a backup on the local disk store so a remote backup is required. This is not too hard, athough with hundreds of gigabytes or serveral terrabytes, it can…