As far as security is concerned actually advertising what software versions are running on your site is not favorable. With most any software, whether its open source or not, if there is a bug that is exploitable and its noted on the manufacturers/projects website, there is very likely to be a version number associated with it. With that being the case, if your server software responds with “Apache/2.2.0″ as the description of itself this can tell everyone if your a vulnerable or not. To obfuscate this a bit I suggest setting the following items in your Apache config:
ServerSignature Off
ServerTokens Prod
Read more…
On the request of my Manager, I have released Glovebox under a GPL license on Sourceforge. I have yet to update the site with instructions but hope to soon. I’ve included a tar ball of the current version as well as imported the full source code in Sourceforge’s SVN repo.
The SourceForge project page is located here.
The project home page is located here.
In an attempt to up security and stop sending our passwords over clear text, I recently setup an in house certificate authority at work. While I’m not going to go through setting up the actual CA (see g-loaded.eu), I am going to go through the steps of how to set up a few different hardware vendor/types to work with a signed certificate. One thing I learned during this process is that almost every single product, even made by the same company, is different.
Read more…
Categories: Remote Lights Out, Server Management Tags: Bladecenter, CA, Certificate Authority, Dell, Drac, elom, HP, https, IBM, iLo, RSA II, SSL, Sun
Over the years I’ve had to write plenty of Hobbit / Xymon scripts to monitor various different things within my employers systems. Since most all of our applications are custom there are not always built in tests that will work for us. For example, we use Xen for our development virtual machines and being able to track what was going on with those virtual machines is important and being able to identify a VM within Xymon at a moments glance is important to us, so we created a test that does just that. We have created in house scripts for MySQL Status, MySQL Running Queries, our in house distributed services, Lighttpd (as discussed earlier on this blog), Apache, Memcached, etc. This doesnt include the hundreds of different snmp tests we’ve added to Devmon for monitoring our network equiptment.
Read more…
