Trusted Path Execution - reduce attack vector
TPE is a feature presented in Grsecurity, which denies users from executing programs that are not owned by root. This approach eliminates some parts of self uploaded exploits by users. Using Grsecurity force us to prepare custom - mainly non-distribution kernel. Nowadays TPE is prepared as separate linux kernel module, which ...read more
Apache HTTP Server 2.4 - error logging
Apache 2.4 was introduces couple months ago. Comprehensive list of changes doesn't contain pretty useful enhancement of error logs, now it includes AH mark before each log entry. So you can easy extract and collect what kind of errors were logged. List of errors: http://wiki.apache.org ...read more
Monitoring HTTP on-the-fly
On my day to day work sometimes I have to discover what request are really pushed to my web servers without digging into access logs. So I found some handy tools.
- http://justniffer.sourceforge.net/ - pretty nice multi purpose sniffer with http support
- http://dumpsterventures.com/jason/httpry ...
Are you Red Hat enterprise ready ?
Easy to find out just try to download one of the free evaluation copy of RHEL. I'm definitely not ready:
We noticed that your Red Hat Login uses a personal email address. We're sorry, but users must have an enterprise or business email address to obtain product evaluations ...read more
Collect data about working system
Pretty simple task get information about particular system, answer read documentation about it. But what if there is no documentation or it's outdated. One of the solution is to write down some outputs of basic commands, the second solution is to use dedicated software.
The first one which I ...read more
Oracle Linux - new approach
Paying for subscription or doing on your own ? Choosing the second way you probably take into consideration: CentOS or Scientific Linux, but nowadays we have another player: Oracle Linux.
We offered both the base distribution release DVDs (OL4, OL5, OL6) and the update releases, such as 5.1, 5.2 ...read more
SSTP with self signed certificates
I was looking for VPN solution in Windows which gives an easy way to connect without worrying about NAT configuration just like in IPsec or PPTP. The answer to my question is SSTP, new version of VPN used in Windows 2008, which encapsulate PPP frames over SSL connection. But all ...read more
libvirt 0.9.10 released
Just has been released new version of libvirt with promising feature:
Add support for sVirt in the LXC driver (Daniel P. Berrange)
which could gives us:
'' The forthcoming libvirt 0.9.10 release will include support for sVirt with LXC. If this is enabled on an LXC container, then SELinux ...read more
Easy way to create SSL certificates
Everytime I have to create CSR or self-signed SSL certificate, I need to know complex syntax of openssl. Lately I've found easy solution to this drawback. RedHat Linux distributions all have in common dir /etc/pki which include all generated, installed keys. In location /etc/pki/tls/certs we ...read more
Redmine - concepts of maintenance SA docs
It's nice to have an easy way to document and track our SA activities. Moreover for me easy means semi or full automated tasks, how we can do that ?
In my previous company I was working in small SA team, we were responsible to maintain over one hundred servers ...!--more--> read more