Security
Installing OpenVPN on RedHat 7.2
In addition to how to install OpenVPN on Fedora Core2, RedHat 7.2 needs more step to make OpenVPN works properly. The missing device in RedHat 7.2 will make OpenVPN unable to create TAP/TUN devices automatically. So the trick is to create a device for TUN.
mknod /dev/net/tun c 10 200 chmod go-r /dev/net/tun
- sugree's blog
- Add new comment
- Read more
- 1397 reads
Remote Monitoring Enterprise Network with IPTraf
In enterprise network, you might find so many possible strange problems that you are unable to analyze off-site. I got some requests to remotely debug network problem immediately. The problem is I couldn’t be there myself. The problem I know is just the network seemed too slow. Nobody knows what happen. What I have is just an account to access a linux server in that network. The first thing I guessed to cause this problem was some computers might be downloading something big. Anyway, my problem is how to spot that machines precisely. Since I only had ssh account, it was not suitable to start X window because the network was so slow. As a result, I had to solve this problem in pure text mode.
- sugree's blog
- Add new comment
- Read more
- 1131 reads
Renew SSL certificate in RedHat 9
Most services should run in secure mode by adding SSL on top of them. The most popular services in RedHat 9 are imapd, pop3d, and sendmail. Anyway, default configuration of RedHat 9 will generate certificates with 365 days valid period. So that means you have to renew them once a year. The default certificate directory in RedHat 9 is /usr/share/ssl/certs. The first thing you need to do is to confirm that it has expired by using below command.
# openssl x509 -in sendmail.pem -text | grep Not
sugree's blog
Add new comment
Read more
1779 reads
Banned by Slashdot
Something terrible happened to me (my network). I have just tried to read an article fetched by in original view at Slashdot. Unfortunately, I got banned.
Either your network or ip address has been banned from Slashdot
...due to script flooding that originated from your network or ipaddress -- or this IP might have been used to post comments designedto break web browser rendering. Or you crawled us with a rude robot,especially one that doesn’t understand RFCs very well.
If you feel that this is unwarranted,feel free to include your IP address(203.144.143.3) in the subject of an email, and we will examine whythere is a ban. If you fail to include the IP address (again, inthe subject!), then your message will be deleted and ignored. Imean come on, we’re good, we’re not psychic.
- sugree's blog
- Add new comment
- Read more
- 1178 reads
Common mistake in squid.conf
Squid is an open-source web proxy cache. It is widely used in enterprise network with high traffic through web service to reduce traffic load and sometimes to prevent access to prohibit web sites. Usually, you might use Squid as just a cache, there is no problem. Whenever you want to block access through outside via access control list in Squid, you have to verify what you have done. For example, you want to prevent end-users to download virus, worm, spyware, malware and other possible unwanted files. As a result, you add below ACL.
acl block-download urlpath_regex -i \.exe$ \.zip$ \.iso$ \.avi$ \.mpeg$ \.wma$ \.vbs$ \.com$ \.vbe$ \.sys$ \.diz$ \.pif$ \.bat$ \.scr$ \.cmd$ \.dat$;
- sugree's blog
- Add new comment
- Read more
- 1600 reads
Danger of monitoring enterprise network
I wrote several articles to deploy monitoring software in enterprise network such as Cacti and Nagios. These monitoring tools are based on so-called passive monitoring technique. In other words, they were activated to monitor and collect network metrics very fixed interval, says 5 minutes. There are another technique called active monitoring which is much more powerful. By actively monitoring enterprise network, you can track all bandwidth usage per IP for both local and remote ones. Sometimes, it was called sniffer. This technique usually used for short-period debugging network related issues, e.g., wrong network configuration, worm, DDoS, and etc. Anyway, it is possible to actively monitor enterprise network to track bandwidth usage or to find bottleneck which needs to run all time, day and night. ntop is my favorite for long-term network monitoring tool. It is free, feature-rich, and easy to install.
- sugree's blog
- Add new comment
- Read more
- 839 reads
Recent comments
2 years 42 weeks ago
2 years 47 weeks ago
2 years 48 weeks ago
2 years 48 weeks ago
2 years 49 weeks ago
2 years 51 weeks ago
2 years 51 weeks ago
2 years 51 weeks ago
2 years 51 weeks ago
2 years 52 weeks ago