Uncategorized

SSLgate and F5 Bigip profiles

0

Over the last year, hopefully you haven’t been under a rock and have been aware of all the issues with SSL attacks. I’m sure this post will be outdated, and it isn’t the end-all and be all of fixing this, but it may help someone.

In the SSL profile section on the big ip, use the following:

DEFAULT:TLSv1:TLSv1_2:!LOW:!SSLv3:!SSLv2:!RC4

This allows the default as set on your F5, allow TLS v1, TLS v1.2 and disallows SSLV3, SSLV2 and RC4. There are of course other vulns out there!

Keeping your JRE updated in ubuntu

0

With the amount of security fixes coming out for java as of recent, it’s been tough for package maintainers to keep up. As a result, I’ve found it necessary to manually keep track and update java JRE.

There are much simplier ways of keeping up to date however. One such way is to use the dunisoft script by adding their deb respository and installing their update-sun-jre scripts.

My current daily workstation runs Ubuntu 14.04 which is a LTS (Long term support) release and the duinsoft method works best for my needs

http://www.duinsoft.nl/packages.php?t=en#repo

Terminating a stuck or frozen ssh session

0

I thought that I’d enter a quick post tonight about quickly and easily terminating a stuck or frozen ssh terminal. Most people know these keystrokes, so this is geared towards those new to linux and ssh.

If your session is stuck, to terminate the ssh session, type these keystrokes separately:


"Enter" , "Tilde(~)" and "Period(.)"

These three simple keystrokes should then terminate your current ssh session.

To be more adventurous, if you keep ssh sessions open to systems outside your network, you can use autossh with screen. Will cover this in another post

Mechanical Keyboard Review Part 2

0

So I finally decided to update my post on my search for a great mechanical keyboard.
After more research, I caved in and bought a Filco majestouch 10keyless from NCIX.com

I also ended up picking up a keycool 10keyless as well for work.
All in all, typing on these keyboards seem to have sped up my typing. They also do not seem to exhibit the keystroke issues I noticed.

Mechanical Keyboard Woes

0

Haven’t posted in a while so I thought I’d share some issues with my quest to purchase a keyboard that would suit an admin and student that is in front of a computer for > 12 hours a day at a time currently. I started finding that my regular membrane keyboard would give me finger fatigue from typing all day long.

Here are a few models I’ve tried and the issues with them so far:

Das Keyboard Model S Professional:
Excellent keyboard with Cherry MX Blue keys.
I honestly loved this keyboard but it was too noisy for an open office environment. I would recommend this to someone that intends to use this for gaming or for their home office. If it weren’t for the fact that the keyboard was too loud for my work environment, I would have kept it.

Corsair Vengeance K60:
Marketed as a gaming keyboard due to the swappable contoured keys with Cherry MX Red switches.
I used this keyboard for quite a few days, the keys are great for someone doing a lot of typing. The main issue that I had with this keyboard may not apply to most people. As an admin, programmer and unix user, I often use the | (pipe) command a lot. I thought I was having a one off issue with my keyboard but today I realized that when I type |, I often hit a shift-pipe-spacebar combination. On this keyboard, the result is the following combination of keys being output:

|| ||

This of course has driven me nuts and I will be returning this keyboard today. Even though the keys are great, I believe I should get a keyboard with cherry mx brown keys.

I will update the post when I find my replacment.

Using Mplayer to dump a shoutcast audio stream to mp3

0

Here is an easy and simple way to save an audio stream using mplayer


mplayer -dumpstream  http://URL:PORT/PATH -dumpfile FILE.mp3

Disable IPV6 in Windows 7

0

So today is IPV6 day. Hopefully you haven’t been living under a rock for the last little while and know about it.
Read the following for instructions on how to disable ipv6 in windows 7:

1. Disable IPv6 for LAN adapter & interfaces

1. Open up the “Control Panel” and then the “Network Sharing Center”:

Network Sharing Center in Windows 7

2. Click on “Change adapter settings”:

Change Network Adapt Settings in Windows 7

3. Right-click on your network adapter, usually “Local Area Connection” and click on “Properties”:

Local Area Connection in Windows 7

4. Uncheck “Internet Protocol Version 6″ and click on “OK”:

Disable Internet Protocol Version 6
2. Disable IPv6 for tunnel adapter & interfaces

If you are not familiar with editing the registry, I created a .reg file for you that you can use to add the registry key and disable IPv6. To verify that this file is ok, open it with a notepad once, it only includes the following lines:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters]
“DisabledComponents”=dword:ffffffff

Link: Download Disable IPv6 Registry Tweak (.reg file)

Alternatively, you can simply do it yourself, it shouldn’t be too difficult:

1. Open up the registry.

Regedit.exe

2. Uncollapse [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\]

3. Next, we create a new 32-bit registry key: “DisabledComponents”:

By the way, even if you are on 64-bit system you have to create a 32-bit registry key only, because it only reflects the size of the registry key. A 32-bit registry key can store a maximum value of 2,147,483,647.

Create 32-bit DWORD registry key

4. Enter: “DisabledComponents” when prompted for a name.

DisabledComponents Registry Key

5. Double-click the newly created registry key and copy and paste the value: ffffff (8f)

6. Restart your PC and you are done: You just disabled IPv6 in Windows 7!

Backup Putty Session Information

0

If you use putty like myself, you may need to copy your saved session information from time to time. Putty uses the windows registry to store this information. In order to back this up, do a simple regedit dump:

From the Start->Run Dialog enter the following.

regedit /e “%userprofile%\desktop\putty.reg” HKEY_CURRENT_USER\Software\Simontatham

On your desktop will be a putty.key file that you can double click on to import the information back into the registry.

Base 64 Encoder/Decoder

0

On those nights when you need to decrypt some code, use a simple site to do it quickly:

http://base64-encoder-online.waraxe.us/

Centos Network Hints

0

The following is a sample ifcfg-eth0 file for a system using a fixed IP address:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
NETWORK=10.0.1.0
NETMASK=255.255.255.0
IPADDR=10.0.1.27
USERCTL=no

The values required in an interface configuration file can change based on other values. For example, the ifcfg-eth0 file for an interface using DHCP looks different because IP information is provided by the DHCP server:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

The Network Administration Tool (system-config-network) is an easy way to make changes to the various network interface configuration files (refer to Chapter 14, Network Configuration for detailed instructions on using this tool).

However, it is also possible to manually edit the configuration files for a given network interface.

Below is a listing of the configurable parameters in an Ethernet interface configuration file:

BOOTPROTO=

where is one of the following:

*

none — No boot-time protocol should be used.
*

bootp — The BOOTP protocol should be used.
*

dhcp — The DHCP protocol should be used.

BROADCAST=

where

is the broadcast address. This directive is deprecated, as the value is calculated automatically with ifcalc.
DEVICE=

where is the name of the physical device (except for dynamically-allocated PPP devices where it is the logical name).
DHCP_HOSTNAME

Use this option only if the DHCP server requires the client to specify a hostname before receiving an IP address.
DNS{1,2}=

where

is a name server address to be placed in /etc/resolv.conf if the PEERDNS directive is set to yes.
ETHTOOL_OPTS=
where
are any device-specific options supported by ethtool. For example, if you wanted to force 100Mb, full duplex:

ETHTOOL_OPTS=”autoneg off speed 100 duplex full”

Note

Changing speed or duplex settings almost always requires disabling autonegotiation with the autoneg off option. This needs to be stated first, as the option entries are order-dependent.
GATEWAY=

where

is the IP address of the network router or gateway device (if any).
HWADDR=

where is the hardware address of the Ethernet device in the form AA:BB:CC:DD:EE:FF. This directive is useful for machines with multiple NICs to ensure that the interfaces are assigned the correct device names regardless of the configured load order for each NIC’s module. This directive should not be used in conjunction with MACADDR.
IPADDR=

where

is the IP address.
MACADDR=

where is the hardware address of the Ethernet device in the form AA:BB:CC:DD:EE:FF. This directive is used to assign a MAC address to an interface, overriding the one assigned to the physical NIC. This directive should not be used in conjunction with HWADDR.
MASTER=

where is the channel bonding interface to which the Ethernet interface is linked.

This directive is used in conjunction with the SLAVE directive.

Refer to Section 13.2.3, “Channel Bonding Interfaces” for more information about channel bonding interfaces.
NETMASK=

where is the netmask value.
NETWORK=

where

is the network address. This directive is deprecated, as the value is calculated automatically with ifcalc.
ONBOOT=

where is one of the following:

*

yes — This device should be activated at boot-time.
*

no — This device should not be activated at boot-time.

PEERDNS=

where is one of the following:

*

yes — Modify /etc/resolv.conf if the DNS directive is set. If using DHCP, then yes is the default.
*

no — Do not modify /etc/resolv.conf.

SLAVE=

where is one of the following:

*

yes — This device is controlled by the channel bonding interface specified in the MASTER directive.
*

no — This device is not controlled by the channel bonding interface specified in the MASTER directive.

This directive is used in conjunction with the MASTER directive.

Refer to Section 13.2.3, “Channel Bonding Interfaces” for more about channel bonding interfaces.
SRCADDR=

where

is the specified source IP address for outgoing packets.
USERCTL=

where is one of the following:

*

yes — Non-root users are allowed to control this device.
*

no — Non-root users are not allowed to control this device.

Go to Top