|
||||
|
I just finished uploading the ebook versions of SSH Mastery to Amazon and Barnes & Noble. The manuscript is en route to the print layout person. Amazon should have the book available in 24 hours or so, Barnes & Noble in 24-72 hours. Once they’re available, I’ll be able to inspect the ebooks to check . . . → Read More: SSH Mastery ebook uploaded to Amazon and B&N With BIND 9.8, enabling DNSSec resolution and verification is now so simple and low-impact there’s absolutely no reason to not do it. Ignore the complicated tutorials filling the Internet. DNSSec is very easy on recursive servers. DNS is the weak link in Internet security. Someone who can forge DNS entries in your server can use . . . → Read More: enable DNSSec resolution on BIND 9.8.1 One of the nicest things about writing a book is that your tech reviewers tell you completely new but cool stuff about your topic. While I was writing the OpenSSH book, one of the more advanced reviewers mentioned that you could use your SSH agent as an authentication source for sudo via pam_ssh_agent_auth. I have . . . → Read More: sudo auth via ssh-agent My more complex Web sites run atop WordPress on Apache and MySQL. Every so often, Apache devours all available memory and the server becomes very very slow. I must log in, kill Apache, and restart it. The more moving parts something has, the harder it is to debug. Apache, with all its modules, has a . . . → Read More: Moving Static Sites from Apache to nginx I secure my BSD servers with PF. In FreeBSD 9, PF has been updated to the same version as in OpenBSD 4.5. I use lists in my PF configuration, as shown in this /etc/pf.conf snippet: mgmt_hosts=”{ 10.0.1.0/24, 172.19.8.0/24}” … pass in on $ext_if from $mgmt_hosts … When I have new management hosts, I add their . . . → Read More: FreeBSD 9 PF macro & table changes I recommend using sudo for privileged access to systems. I also recommend requiring keys for SSH authentication, with agent forwarding to trusted systems. The default settings in these two programs collide head-on when you become superuser via sudo and want to copy files from one server to another with scp or sftp. If you’re using . . . → Read More: sudo environment purging and OpenSSH I needed to mass-configure MikroTik Routerboards. Each needed a very similar but not identical configuration: they would have a unique management IP, and a unique username and password for their VPN connection back to my employer’s headquarters. I don’t have time or desire to do this routine configuration myself, so I needed a method that . . . → Read More: Replicating Routerboards I completed a first draft of the OpenSSH book last night around 10:30PM EDT. It’s out for tech edit now. At this point, I’m going systematically through the tech edits and making sure I’ve corrected the earlier chapters. After that, the manuscript goes to copyediting. Once copyedit is complete, I’ll release the ebook and start . . . → Read More: Book updates, August 2011 We have a network at the office without a firewall. Several of our technical folks run a whole mess of oddball network protocols, and maintaining a network firewall would take more manpower than it’s worth. We hand these techs a network cable and tell them to not let their gear get broken into, and then . . . → Read More: ISC dhcpd and MAC prefixes Like last week’s How to Lose your Job with SSH, Part 1, a less dramatic title for this would be Dynamic Port Forwarding with SSH, but that’s dreadfully dull. Many corporations try to tightly secure their network. Connections to the outside world are strictly limited. If you have a single open TCP/IP port to the . . . → Read More: How to Lose your Job with SSH, part 2 |
||||
|
Subscribe to Posts Subscribe to Comments |
||||
