A client is getting ready for NIAP certification. Part of this is verifying an ISO signature. The steps are Download SHA256SUMS and SHA256SUMS.gpg Get the key used for the signature Verify the signature Check the ISO with sha256sum Download sums and signature (SHA256SUMS and SHA256SUMS.gpg) from a mirror and save in a suitable working directory.[…]
This is geared toward Debian Jessie. INSTALL: sudo apt-get install nut EDIT: To /etc/nut/ups.conf add [belkin] driver = usbhid-ups port = auto A Belkin UPS is used connected via a USB cable. The label in brackets can be any unique identifier. It will be useful later. Some configurations call for ‘port’ to be /dev/ttyS0. This[…]
A client was concerned that their password hash was MD5. A check of the /etc/shadow file showed: user:$6$UAxaIY9I$hAkj … The first field annotated by a ‘$’ (: is the delimiter) is 6 = SHA256 (1 = MD5) And /etc/pam.d/common-password specifies it: password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass[…]
A client specified external testing of a Debian distro with another distro’s FIPS module compiled in. This was pretty interesting. We tested to make sure SSH1 doesn’t work at all and SSH2 does with the following cyphers: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, firstname.lastname@example.org and the following keys: RSA, ECDSA, DSA
We’re becoming RHEL experts. This started when I wanted to install the terminator package. The terminator package is in the Extra Repositories for Enterprise Linux repository. Step 1: wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm Step 2: yum install epel-release-latest-7.noarch.rpm Step 3: yum repolist Step 3 above shows all the repos you have loaded and access to: Loaded plugins: ulninfo[…]
NFS client needs portmap service. Install nfs-comman package as follows to fix this problem: $ sudo apt-get install nfs-common
Use: This hides not just the Permission denied errors but all error messages.
Debugging a Shared Library with GDB Enter “set stop-on-solib-events 1” on the gdb command line. gdb will halt when the parent program tries to access a shared library.
Enable v3, disable v1 and v2c Need to use v3 only and disable v1 and v2c. In /etc/snmp/snmpd.conf delete or comment the community names that are used for v1 and v2c (for example): rocommunity public 127.0.0.1 Your default community names may not exactly be called “public” Restart the snmpd daemon. # /etc/init.d/snmpd restart Verify that[…]
This is a work in progress. Tasked with migrating from existing SNMP to v3