A certain customer of mine is (rightly or wrongly) pedantic about security warnings. Recently, we did a hardware replacement of a JUNOS device (an SRX240 firewall). While the config was a drop-in replacement, users who tried to SSH to the host post-migration would normally see an SSH “host key has changed” warning. In this environment, we wanted to eliminate this friction (and stop training our users to ignore security warnings), so we copied the following from the old device:
Recently I had to rebuild a CentOS5 VM host as CentOS6. My VMs were stored on a RAID1 pair (seperate from the OS disks). To avoid any possibility of impacting the VM data during the re-installation, I removed the VM data disks from the host during the reinstall.
I stumbled across this useful hint on the Things forums which adds a feature to my workflow which I felt important enough to record here.
I have a fairly comprehensive Icinga monitoring platform monitoring my various linux hosts, but one area which has been lacking until now is the monitoring of the OSX Mavericks Mac Mini that I use for a home media center. Considering this is used by my family to watch TV/Movies, play music, and manage iPhoto, it’s arguably one of the most important hosts to monitor carefully. Of course, I could monitor its state (up or down) by pinging it from Icinga, but I wanted to know more than that. I’ve had issues in the past with running out of disk space on the host, and I’m all to familiar with the risks of 4-year-old hardware using spindled disks. This solution enables me to monitor the following on OSX with Icinga:
We’ve recently deployed a Veeam Backup and Replication 7 platform, and needed to monitor the ongoing success of the backup / replication jobs. I identified a plugin which does most of what’s required, but seems to have 2 current shortcomings: 1. In-progress jobs trigger false warnings 2. Date calculation doesn’t always work, and produces false warnings
For April Fools this year, I decided to update my 2011 squid prank, and gain some experience using Vagrant at the same time. I rebuilt the entire environment using a Vagrantfile, which permits anybody to check out a few files and reproduce it. See https://github.com/funkypenguin/squidprank for the code.
I use FTPS with vsftpd to update my WordPress plugins. This means that the wordpress files don’t need to be writeable by the webserver user, which adds another layer of protection and separation. I make FTPS available to localhost only, and force SSL encryption end-to-end.
I spent the better part of an hour wondering why my postfix main.cf config changes didn’t apply on a OSX Mountain Lion server. Turns out that because “OSX Server” no longer exists (it’s just Server.app now), the postfix files specific to the Mail component of the server now live at:
I just jumped in at the end of a conversation on App.net about the latest NSA revelation, the undermining of worldwide encryption standards for the benefit of the self-appointed world-police. @isaiah pointed out that we (geekdom in general) don’t get as excited about civilian casualties in Iraq, or unsanctioned drone strikes.
My Debian Squeeze host started having trouble performing WordPress 3.5 core or plugin updates – in the error logs, I’d see messages like: