Switching OpenSSH to ed25519 keys
by Sven Vermeulen, post on Wed 19 August 2015With Mike's news item on OpenSSH's deprecation of the DSA algorithm for the public key authentication, I started switching the few keys I still had using DSA to the suggested ED25519 algorithm. Of course, I wouldn't be a security-interested party if I did not do some additional investigation into the DSA versus Ed25519 discussion.
Updates on my Pelican adventure
by Sven Vermeulen, post on Sun 16 August 2015It's been a few weeks that I switched my blog to Pelican, a static site generator build with Python. A number of adjustments have been made since, which I'll happily talk about.
My application base: Obnam
by Sven Vermeulen, post on Wed 05 August 2015It is often said, yet too often forgotten: taking backups (and verifying that they work). Taking backups is not purely for companies and organizations. Individuals should also take backups to ensure that, in case of errors or calamities, the all important files are readily recoverable.
For backing up files and directories, I personally use obnam, after playing around with Bacula and attic. Bacula is more meant for large distributed environments (although I also tend to use obnam for my server infrastructure) and was too complex for my taste. The choice between obnam and attic is even more personally-oriented.
Switching to Pelican
by Sven Vermeulen, post on Sun 02 August 2015Nothing beats a few hours of flying to get things moving on stuff. Being offline for a few hours with a good workstation helps to not be disturbed by external actions (air pockets notwithstanding).
Early this year, I expressed my intentions to move to Pelican from WordPress. I wasn't actually unhappy with WordPress, but the security concerns I had were a bit too much for blog as simple as mine. Running a PHP-enabled site with a database for something that I can easily handle through a static site, well, I had to try.
PostgreSQL with central authentication and authorization
by Sven Vermeulen, post on Mon 25 May 2015I have been running a PostgreSQL cluster for a while as the primary backend for many services. The database system is very robust, well supported by the community and very powerful. In this post, I'm going to show how I use central authentication and authorization with PostgreSQL.
Audit buffering and rate limiting
by Sven Vermeulen, post on Sun 10 May 2015Be it because of SELinux experiments, or through general audit experiments, sometimes you'll get in touch with a message similar to the following:
audit: audit_backlog=321 > audit_backlog_limit=320
audit: audit_lost=44395 audit_rate_limit=0 audit_backlog_limit=320
audit: backlog limit exceeded
The message shows up when certain audit events could not be …
D-Bus, quick recap
by Sven Vermeulen, post on Sun 29 June 2014I've never fully investigated the what and how of D-Bus. I know it is some sort of IPC, but higher level than the POSIX IPC methods. After some reading, I think I start to understand how it works and how administrators can work with it. So a quick write-down is …
What is that net-pf-## thingie?
by Sven Vermeulen, post on Tue 01 April 2014When checking audit logs, you might come across applications that
request loading of a net-pf-##
module, with ##
being an integer.
Having requests for net-pf-10
is a more known cause (enable IPv6) but
what about net-pf-34
?
The answer can be found in /usr/src/linux/include/linux/socket.h
:
#define AF_ATMPVC …
Managing Inter-Process Communication (IPC)
by Sven Vermeulen, post on Sun 30 March 2014As a Linux administrator, you'll eventually need to concern you about Inter-Process Communication (IPC). The IPC primitives that most POSIX operating systems provide are semaphores, shared memory and message queues. On Linux, the first utility that helps you with those primitives is ipcs. Let's start with semaphores first.
Semaphores in …
Linux protip: environment for a process
by Sven Vermeulen, post on Tue 07 January 2014Just a quick pro-tip: if you need to know the environment variables for
a process, you can see them in that process' /proc/${PID}/environ
file. The file however shows the environment variables on one line, with
a null character as separator. With a simple sed you can show it …