|
||||
|
With BIND 9.8, enabling DNSSec resolution and verification is now so simple and low-impact there’s absolutely no reason to not do it. Ignore the complicated tutorials filling the Internet. DNSSec is very easy on recursive servers. DNS is the weak link in Internet security. Someone who can forge DNS entries in your server can use . . . → Read More: enable DNSSec resolution on BIND 9.8.1 Here’s the cover rough for SSH Mastery, by my pet artist the highly talented Bradley K McDevitt. If you see anything wrong with it, please say so now. SSH Mastery Cover Last summer, preparing for the OpenSSH book, I attended a course on being your own publisher. If you’re interested in publishing, I highly recommend the Think like a Publisher course. The hotel was decorated with a variety of nautical clutter. This critter hung directly over the breakfast table. The Hand of Karma This was . . . → Read More: SSH Mastery Cover Photo The OpenSSH book is in copyedit. I hope to get the copyedits back this year. I’ve seen the first round of copyedits, and they don’t look too bad. Once I make the corrections, the book goes to the print-on-demand layout person and I start on the ebook conversion. The ebook should be out next month. . . . → Read More: Dec 2011 Updates One of the nicest things about writing a book is that your tech reviewers tell you completely new but cool stuff about your topic. While I was writing the OpenSSH book, one of the more advanced reviewers mentioned that you could use your SSH agent as an authentication source for sudo via pam_ssh_agent_auth. I have . . . → Read More: sudo auth via ssh-agent My more complex Web sites run atop WordPress on Apache and MySQL. Every so often, Apache devours all available memory and the server becomes very very slow. I must log in, kill Apache, and restart it. The more moving parts something has, the harder it is to debug. Apache, with all its modules, has a . . . → Read More: Moving Static Sites from Apache to nginx I recently tried to mirror my hard drives in a new machine. The Handbook instructions, and those in my own Absolute FreeBSD, didn’t work well. (The Handbook now warns about this in a big, friendly, hard-to-miss red box.) So how can I mirror my disk? By using per-partition mirroring rather than full-disk mirroring. I should . . . → Read More: mirroring FreeBSD-9 disks with GPT I’m installing a new FreeBSD server, and want to mirror the root disks. According to the instructions in the Handbook and my own Absolute FreeBSD, it’s a simple process. The instructions are not valid for FreeBSD 9, however. It was late. I was tired. I tried anyway. The first clue should have been that the . . . → Read More: Recovering from Failing to Mirror Disks on FreeBSD 9.0-RC2 My Nagios system ran FreeBSD-current/i386 from October 2010 and Nagios 3.0.6. Business factors drove me to make some changes, and I decided to upgrade the server before making those changes. Here’s some things I observed. I don’t know if these is useful to you, but I’ll need them for other upgrades, so what the heck. . . . → Read More: notes from my FreeBSD and Nagios upgrade I secure my BSD servers with PF. In FreeBSD 9, PF has been updated to the same version as in OpenBSD 4.5. I use lists in my PF configuration, as shown in this /etc/pf.conf snippet: mgmt_hosts=”{ 10.0.1.0/24, 172.19.8.0/24}” … pass in on $ext_if from $mgmt_hosts … When I have new management hosts, I add their . . . → Read More: FreeBSD 9 PF macro & table changes |
||||
|
Subscribe to Posts Subscribe to Comments |
||||
