User Tools

Site Tools


haas:status:status_201407

STATUS updates

TODO

  • the formular plugin is giving me errors, need to figure this out (email assignment form)
  • update grade not-z scripts to handle/be aware of winter terms
  • update system page for (new)www
  • redo DSLAB tweedledee/tweedledum with squeeze rebuilt tweedledee, tweedledum on the way
    • rebuild DSLAB www, irc, auth as squeeze VMs
  • load balance/replicate www/wiki content between LAIR and DSLAB
  • adapt LAIR irc and lab46 to use self-contained kernels (how to do this?)
  • update system page for db
  • migrate nfs1/nfs2 system page to current wiki
  • update nfs1/nfs2 to squeeze
  • flake* multiseat page

URLs

Some links of interest:

Other Days

July 2nd, 2014

dokuwiki update

Seems there was some sort of ACL vulnerability, I manually patched it.

lib/exe/ajax.php

257 //    $NS = $INPUT->post->str('ns');
258     $NS = getNS($image);

inc/template.php

1430 function tpl_mediaFileDetails($image, $rev) {
1431 //    global $AUTH, $NS, $conf, $DEL, $lang;
1432     /** @var Input $INPUT */
1433     global $conf, $DEL, $lang;
1438     if($rev && !file_exists(mediaFN($image, $rev))) $rev = false;
1439 //    if(isset($NS) && getNS($image) != $NS) return;
1440     $ns = getNS($image);                                                             
1475     if($opened_tab == 'view') {
1476 //        media_tab_view($image, $NS, $AUTH, $rev);
1477         media_tab_view($image, $ns, null, $rev);
1478 
1479     } elseif($opened_tab == 'edit' && !$removed) {
1480 //        media_tab_edit($image, $NS, $AUTH);
1481         media_tab_edit($image, $ns);
1482 
1483     } elseif($opened_tab == 'history' && $conf['mediarevisions']) {
1484 //        media_tab_history($image, $NS, $AUTH);
1485         media_tab_history($image, $ns);                                              
1486     }

fix vim cursor keys on OpenBSD

apt configuration

I wanted a small installation footprint, so I disabled the installation of recommended packages by default.

To do so, create/edit /etc/apt/apt.conf.d/99_norecommends, and put in the following:

APT::Install-Recommends "false";
APT::AutoRemove::RecommendsImportant "false";
APT::AutoRemove::SuggestsImportant "false";

This can also post-remove previously installed recommended packages. Run aptitude' type 'g', type 'g' again, should take care of business.

There are also some options that can be set in aptitude proper, via its console gui (options→preferences):

  • Uncheck (was already) “Install recommended packages automatically”
  • Check “Automatically upgrade installed packages”
  • Check “Remove obsolete packages files after downloading new package lists”

Useful URLs:

July 9th, 2014

nfs2 disk failure

Looks like one of the disks in nfs is generating errors and needs to be replaced.

sokraits

July 14th, 2014

nullmailer

Starting my manual deployment of nullmailer on lab46; if successful, this will become the base of a new and updated lair-mail package (targeting jessie).

  • /usr/local is where it is deployed
  • I am using user mail as the old debian package did
  • for now I manually launched nullmailer-send -d from a shell as user mail, we'll see if things happen.

July 16th, 2014

pam common-auth elimination of successful login "error"

An annoyance which has been plaguing me (and apparently many people) for years I've finally resolved, in the /etc/pam.d/common-auth file, which now contains the following:

auth sufficient pam_ldap.so
auth sufficient pam_unix.so nullok_secure try_first_pass
auth required pam_deny.so

Helpful URL: http://serverfault.com/questions/454625/pam-ldap-so-before-pam-unix-so-is-it-ever-possible

Lots of good updates to apply to the lair-ldap package.

July 18th, 2014

brutes

I added country IP ranges to the brutes table on capri, in an attempt to reduce the number of brute force password attacks. China, Russia, Ukraine, Romania, Israel… others as observations identify. I should rig up a means of obtaining updated lists of IP ranges per country as well so as to maintain accuracy.

For now, though, I hope to realize a tangible reduction in SSH brute force attempts. We'll see.

Site with useful info: http://www.ipdeny.com/ipblocks/

haas/status/status_201407.txt · Last modified: 2014/08/01 05:12 by 127.0.0.1