Table of Contents

STATUS updates

TODO

URLs

Some links of interest:

Other Days

July 2nd, 2014

dokuwiki update

Seems there was some sort of ACL vulnerability, I manually patched it.

lib/exe/ajax.php

257 //    $NS = $INPUT->post->str('ns');
258     $NS = getNS($image);

inc/template.php

1430 function tpl_mediaFileDetails($image, $rev) {
1431 //    global $AUTH, $NS, $conf, $DEL, $lang;
1432     /** @var Input $INPUT */
1433     global $conf, $DEL, $lang;
1438     if($rev && !file_exists(mediaFN($image, $rev))) $rev = false;
1439 //    if(isset($NS) && getNS($image) != $NS) return;
1440     $ns = getNS($image);                                                             
1475     if($opened_tab == 'view') {
1476 //        media_tab_view($image, $NS, $AUTH, $rev);
1477         media_tab_view($image, $ns, null, $rev);
1478 
1479     } elseif($opened_tab == 'edit' && !$removed) {
1480 //        media_tab_edit($image, $NS, $AUTH);
1481         media_tab_edit($image, $ns);
1482 
1483     } elseif($opened_tab == 'history' && $conf['mediarevisions']) {
1484 //        media_tab_history($image, $NS, $AUTH);
1485         media_tab_history($image, $ns);                                              
1486     }

fix vim cursor keys on OpenBSD

Essentially:

:set term=builtin_ansi

apt configuration

I wanted a small installation footprint, so I disabled the installation of recommended packages by default.

To do so, create/edit /etc/apt/apt.conf.d/99_norecommends, and put in the following:

APT::Install-Recommends "false";
APT::AutoRemove::RecommendsImportant "false";
APT::AutoRemove::SuggestsImportant "false";

This can also post-remove previously installed recommended packages. Run aptitude' type 'g', type 'g' again, should take care of business.

There are also some options that can be set in aptitude proper, via its console gui (options→preferences):

Useful URLs:

July 9th, 2014

nfs2 disk failure

Looks like one of the disks in nfs is generating errors and needs to be replaced.

sokraits

Getting sokraits up and running as a viable VM server. Some links:

July 14th, 2014

nullmailer

Starting my manual deployment of nullmailer on lab46; if successful, this will become the base of a new and updated lair-mail package (targeting jessie).

July 16th, 2014

pam common-auth elimination of successful login "error"

An annoyance which has been plaguing me (and apparently many people) for years I've finally resolved, in the /etc/pam.d/common-auth file, which now contains the following:

auth sufficient pam_ldap.so
auth sufficient pam_unix.so nullok_secure try_first_pass
auth required pam_deny.so

Helpful URL: http://serverfault.com/questions/454625/pam-ldap-so-before-pam-unix-so-is-it-ever-possible

Lots of good updates to apply to the lair-ldap package.

July 18th, 2014

brutes

I added country IP ranges to the brutes table on capri, in an attempt to reduce the number of brute force password attacks. China, Russia, Ukraine, Romania, Israel… others as observations identify. I should rig up a means of obtaining updated lists of IP ranges per country as well so as to maintain accuracy.

For now, though, I hope to realize a tangible reduction in SSH brute force attempts. We'll see.

Site with useful info: http://www.ipdeny.com/ipblocks/