Copying SSH host private keys between JUNOS devices to when replacing hardware
A certain customer of mine is (rightly or wrongly) pedantic about security warnings. Recently, we did a hardware replacement of a JUNOS device (an SRX240 firewall). While the config was a drop-in replacement, users who tried to SSH to the host post-migration would normally see an SSH “host key has changed” warning. In this environment, we wanted to eliminate this friction (and stop training our users to ignore security warnings), so we copied the following from the old device:
Importing existing RAID devices into new Linux installation
Recently I had to rebuild a CentOS5 VM host as CentOS6. My VMs were stored on a RAID1 pair (seperate from the OS disks). To avoid any possibility of impacting the VM data during the re-installation, I removed the VM data disks from the host during the reinstall.
Sending tasks to Things.app via email
I stumbled across this useful hint on the Things forums which adds a feature to my workflow which I felt important enough to record here.
Monitoring OSX with Icinga / Nagios using NRPE
I have a fairly comprehensive Icinga monitoring platform monitoring my various linux hosts, but one area which has been lacking until now is the monitoring of the OSX Mavericks Mac Mini that I use for a home media center. Considering this is used by my family to watch TV/Movies, play music, and manage iPhoto, it’s arguably one of the most important hosts to monitor carefully. Of course, I could monitor its state (up or down) by pinging it from Icinga, but I wanted to know more than that. I’ve had issues in the past with running out of disk space on the host, and I’m all to familiar with the risks of 4-year-old hardware using spindled disks. This solution enables me to monitor the following on OSX with Icinga:
Monitoring Veeam Backup and Replication 7 with Icinga / Nagios
We’ve recently deployed a Veeam Backup and Replication 7 platform, and needed to monitor the ongoing success of the backup / replication jobs. I identified a plugin which does most of what’s required, but seems to have 2 current shortcomings: 1. In-progress jobs trigger false warnings 2. Date calculation doesn’t always work, and produces false warnings
Easy squid tricks and pranks with Vagrant
For April Fools this year, I decided to update my 2011 squid prank, and gain some experience using Vagrant at the same time. I rebuilt the entire environment using a Vagrantfile, which permits anybody to check out a few files and reproduce it. See https://github.com/funkypenguin/squidprank for the code.
Solving vsftpd’s unsupported record version unknown 48.48 error
I use FTPS with vsftpd to update my WordPress plugins. This means that the wordpress files don’t need to be writeable by the webserver user, which adds another layer of protection and separation. I make FTPS available to localhost only, and force SSL encryption end-to-end.
Postfix config on OSX Mountain Lion (Server) not where you expect
I spent the better part of an hour wondering why my postfix main.cf config changes didn’t apply on a OSX Mountain Lion server. Turns out that because “OSX Server” no longer exists (it’s just Server.app now), the postfix files specific to the Mail component of the server now live at:
How to setup a Tor Relay (and why you should)
I just jumped in at the end of a conversation on App.net about the latest NSA revelation, the undermining of worldwide encryption standards for the benefit of the self-appointed world-police. @isaiah pointed out that we (geekdom in general) don’t get as excited about civilian casualties in Iraq, or unsanctioned drone strikes.
Allowed memory size of xxx bytes exhausted with WordPress on Debian
My Debian Squeeze host started having trouble performing WordPress 3.5 core or plugin updates – in the error logs, I’d see messages like: