Copying SSH host private keys between JUNOS devices to when replacing hardware

A certain customer of mine is (rightly or wrongly) pedantic about security warnings. Recently, we did a hardware replacement of a JUNOS device (an SRX240 firewall). While the config was a drop-in replacement, users who tried to SSH to the host post-migration would normally see an SSH “host key has changed” warning. In this environment, we wanted to eliminate this friction (and stop training our users to ignore security warnings), so we copied the following from the old device:

~1 min read

Importing existing RAID devices into new Linux installation

Recently I had to rebuild a CentOS5 VM host as CentOS6. My VMs were stored on a RAID1 pair (seperate from the OS disks). To avoid any possibility of impacting the VM data during the re-installation, I removed the VM data disks from the host during the reinstall.

~1 min read

Monitoring OSX with Icinga / Nagios using NRPE

I have a fairly comprehensive Icinga monitoring platform monitoring my various linux hosts, but one area which has been lacking until now is the monitoring of the OSX Mavericks Mac Mini that I use for a home media center. Considering this is used by my family to watch TV/Movies, play music, and manage iPhoto, it’s arguably one of the most important hosts to monitor carefully. Of course, I could monitor its state (up or down) by pinging it from Icinga, but I wanted to know more than that. I’ve had issues in the past with running out of disk space on the host, and I’m all to familiar with the risks of 4-year-old hardware using spindled disks. This solution enables me to monitor the following on OSX with Icinga:

1 min read

Monitoring Veeam Backup and Replication 7 with Icinga / Nagios

We’ve recently deployed a Veeam Backup and Replication 7 platform, and needed to monitor the ongoing success of the backup / replication jobs. I identified a plugin which does most of what’s required, but seems to have 2 current shortcomings: 1. In-progress jobs trigger false warnings 2. Date calculation doesn’t always work, and produces false warnings

~1 min read

Solving vsftpd’s unsupported record version unknown 48.48 error

I use FTPS with vsftpd to update my WordPress plugins. This means that the wordpress files don’t need to be writeable by the webserver user, which adds another layer of protection and separation. I make FTPS available to localhost only, and force SSL encryption end-to-end.

~1 min read

Postfix config on OSX Mountain Lion (Server) not where you expect

I spent the better part of an hour wondering why my postfix main.cf config changes didn’t apply on a OSX Mountain Lion server. Turns out that because “OSX Server” no longer exists (it’s just Server.app now), the postfix files specific to the Mail component of the server now live at:

~1 min read