Hey folks, check out one of these if you want to see what ciphers are support by a host: nmap –script ssl-enum-ciphers -p 443 dahost.mynetwork or maybe one of these to check for specific protocols: openssl s_client -connect dahost.mynetwork:443 -tls1 ayyyy Mm.,
Tag: commands
FreeIPA Password Expiry Notification Script for Red Hat Identity Management
Hey there friends, I’ve got a quick’n’sloppy bash shell script that’s fairly useful, if you’re using a FreeIPA identity management domain on CentOS/RHEL/Scientific Linux and want to notify people via email of when their password is going to expire. The script assumes it’s being run on an IDM server system with access to the following… Continue reading FreeIPA Password Expiry Notification Script for Red Hat Identity Management
Fix CVE-2014-3566 on multiple Apache web servers with Perl
What if you have a bunch of configuration files to update in order to fix POODLE: SSLv3 vulnerability (CVE-2014-3566) ? If you don’t have a configuration management system to help with this, you could use an easy perl one liner which you’ll see can come in handy in a ton of situations. Specifically, we’ll be looking… Continue reading Fix CVE-2014-3566 on multiple Apache web servers with Perl
Install mod_security in Apache httpd for CentOS/RHEL/Scientific Linux
mod_security is an Apache plugin which is a good way to prevent malicious attacks on your web application and even just using the base/default configuration from the EPEL repository rpm package gives a pretty decent rule set and helps with hardening your system. mod_security is all about rule sets and looking for specific types of… Continue reading Install mod_security in Apache httpd for CentOS/RHEL/Scientific Linux
Whitelist an IP using denyhosts in CentOS 6 RHEL 6
Hi there, Add your IP to this file and restart if you want to whitelist an IP in denyhosts: /var/lib/denyhosts/allowed-hosts Also make sure to check the /etc/hosts.deny file for the IP if it’s already been blocked. Then restart service denyhosts restart Yo Mm.,
Incron, Watcher Python PyInotify Alternative. Recursively Watch A File System for Change Events using inotifywait, inotify
If you have a folder in your home directory called “/root/FilestoWatch” and in there you have a bunch of files and folders that you want to constantly be checked for changes. There are a few options out there for this type of thing: – crond (limited to every minute) – incrond (cannot recursively watch a… Continue reading Incron, Watcher Python PyInotify Alternative. Recursively Watch A File System for Change Events using inotifywait, inotify
Set Default Directory Permissions in Using ACLs
I’ve only tested this on RHEL/CentOS/Scientific Linux but should work on any system running Linux acl. ACL’s are useful for providing more granular file and directory access permissions as a supplement to the standard Unix user/group permissions. Let’s say you want the user ‘funboy’ to have full control over the /disco directory on your system, and… Continue reading Set Default Directory Permissions in Using ACLs
Dell OpenManage System Administrator Startup Error – DSM SA Shared Services cannot start on an unsupported system
OK so what if you’re using CentOS on some Dell hardware and you’ve installed Dell OpenManage System Administrator (OMSA). You might receive the following error when you try to start it up! Starting Systems Management Data Engine: Failed to start because system is not supported dsm_om_shrsvc: DSM SA Shared Services cannot start on an unsupported… Continue reading Dell OpenManage System Administrator Startup Error – DSM SA Shared Services cannot start on an unsupported system