Category: Systems Administration

Use TCP wrappers with care

Real life story.   DMZ based server dedicated to SFTP was configured with sshd rules in /etc/hosts.allow sshd : ALL@16.89.97.*:ALLOW sshd : ALL@14.251.*:ALLOW sshd : AAL@208.94.61.*:ALLOW Should have been: sshd : ALL@16.89.97.*:ALLOW sshd : ALL@14.251.*:ALLOW sshd : ALL@208.94.61.*:ALLOW That network was the firewall to the outside world. The end users were inconvenienced and the firewall […]

Read More →

DNS configuration checklist

BIND has always been a dark art. Recent configuration nuances made in the name of improving security have made things all the more fun. Here is a simple checklist that can avoid trouble and downed websites. Note that on RHEL6/CentOS/ and clones the /var/named/chroot structure has been made obsolete. Before starting cp /etc/named.conf /root  # […]

Read More →

Centos Continuous Release with caution

Centos Continuous release is very easy to install. Download and install 1 rpm and you are all set. i386: ( sha256: 9fc78d2d79abeb1513f0851d075a2860f5039fc8db3fb0db4c660252fffda894 ) x86_64: ( sha256: bd55e1505caae2f78c306290d235b7f54833fcad5a9f1942b3cb54e28f7bfe73 ) But I urge caution. In my lab, I downloaded the 64 bit version and installed it. Then I ran the following command: yum -y update […]

Read More →