Category: Open Source Software
-
Securing a hackintosh ?
If you ever have to use a hackintosh and are interested in creating a secure encrypted environment to work in, this article will tell you how.
-
Apache logs – owned by root ?
While working through an issue with php-ldap I was running an strace on apache and noticed there were some access denied errors when a process was attempting to write to the apache error_log. Now this was interesting as apache typically opens the log files as root and does not require the log permissions to be…
-
SSH Public Key Authentication via OpenLDAP on RHEL/CentOS 6.x
With the release of RHEL/CentOS 6.x there are some changes to the way clients authenticate using public keys over SSH with keys stored in OpenLDAP. I was able to get this working with the following modifications. Pre-requisites: * RHEL / CentOS 6.x * openssh-ldap Setup the sshd_config by setting up the AuthorizedKeysCommand. This will execute…
-
Enabling mod_status in an Apache Virtual Host that is using mod_proxy
I recently ran into an issue where I needed to monitor a reverse proxy which proxied requests to several internal servers (aka load balancer). The issue was that all requests going to this specific virtual host were proxied to the balancer members configured within the virtual host, including requests to /server-status. The fix is to…
-
TLS Issue with Amazon OpenLDAP 2.4.23-15
Today I had an issue getting a good TLS connection from an OpenLDAP client to an OpenLDAP server on an EC2 instance using the packages supplied by Amazon. The problem packages were: openldap-2.4.23-15.13.amzn1.x86_64 openldap-clients-2.4.23-15.13.amzn1.x86_64 The problem was resolved through updating to version 2.4.23-20 via: yum -y update openldap-clients The problem was produced via the following…
-
Configuring Existing OpenLDAP 2.4+ Directory to Accept TLS Connections
This tip assumes that OpenLDAP is currently running properly on port 389 without SSL/TLS configured and that the database is being used to store the config file via cn=config. 1. Generate an SSL key pair a. private key openssl genrsa -out slapd.key 2048 b. self-signed certificate re: http://www.openssl.org/docs/HOWTO/certificates.txt openssl req -new -x509 -key slapd.key -out…
-
MySQL Backup over SSH to Another Host
A problem that I’ve had a few times is to backup a MySQL database before decommissioning a server. Oftentimes the server is not large enough to accommodate a backup on the local disk store so a remote backup is required. This is not too hard, athough with hundreds of gigabytes or serveral terrabytes, it can…
-
AWS Elastic Load Balancing in a Private Subnet
I recently learned a valuable lesson when setting up load balancing using an Elastic Load Balancer within a Virtual Private Cloud using public and private subnets and a NAT host. When creating the ELB, be sure to create it within the public subnets and not the private subnets where the instances that will be attached…
-
nginx passenger module re-install
I logged in this morning and one of my clients had an issue with a Passenger app that was not responding and nginx was returning 403s for requests to the app. I dug into the nginx error.log and it showed that it could not find the PassengerWatchdog file that it would use to start the…
-
Print only uncommented lines from a text file
A common task that I perform is to print out the lines of a text file (or script) that are not commented and no blank lines. A few good examples of where this would be useful would be the apache httpd.conf file (which has verbose comments!) and a hosts file where many entries are in…