Properly Configure OpenSSH Server for Security
Don't get pwned. Lock down your SSH servers with PKI and other features with these few configuration changes.
Read more
Configuring a Transparent Bridge in Ubuntu
Configuring a transparent pseudo-bridge, proxy-arp and routing multiple network cards with Ubuntu for added security and flexibility.
Read more
Using a RADIUS Server on Ubuntu 14.04 for WIFI Authentication
WPA2 Enterprise is the much more secure wifi authentication method. There's no hackers cracking login passwords if you do this, but there are a few downsides. Here's how to implement it for a small environment.
Read more
Deploy Ubuntu 14.04 Desktop Using PXE
This has to be the most poorly documented feature of Ubuntu ever. The more I use it the more I wonder if they aren't losing their focus for corporate use completely. It's almost enough to make me want to play with CentOS. With Ubuntu 12.04 Precise, you were able to deploy Desktop installations by using some files from the "Alternate Install" disk image and a full desktop image. Since you had…
Read more
Using LDAP to Store SSH Public Keys with SSSD
Previously I used Puppet to manage distributing SSH public keys for our administrative users to each desktop. Now I'm changing that to store their keys in OpenLDAP using SSSD
Read more
UPDATED Headless Command Line Sync for ownCloud on Linux
You may recall my previous article showing how to sync your OwnCloud repository on a headless Linux server. This process has changed with the newer version of the OwnCloud client and still isn't documented well on their site.
It's actually become much easier to do a complete sync - there's no worrying about a config file anymore, it's all done…
Read more
Ubuntu 14.04 SSSD and OpenLDAP Authentication
The first major change with 14.04 was great news. Previously in order to have one of my Linux workstations authenticate users against our OpenLDAP directory required that I make changes to multiple PAM configuration files, add LDAP config files and more. It was quite a mess. Under 14.04, you now have the System Security Services Daemon (SSSD) which does it all from a single configuration file.
Read more
Linux, iptables, SNAT and Too Many Adapters
I've had some weird glitches with my primary firewall this week. After a reboot, certain SNAT rules just didn't... happen. Or, other SNAT rules did. And it always seemed to only impact SIP traffic. For instance, after rebooting, SIP traffic from one internal phone server that's destined for another internal phone server at the other end of a VPN connection would spontaneously decide to SNAT itself to an external IP address, yet still go across the tunnel. Or, SIP traffic destined for the outside would decide to route correctly out the right adapter, but leave the private address on it, ignoring the SNAT rule I could plainly see in iptables.
Read more
Gluster on ZFS with Geo-Replication
I've been fighting with Gluster with geo-replication on ZFS for several months now but I believe I've finally stumbled on the configuration that works best and gives much better Gluster performance on ZFS.
Read more