Tag Cloud
Currently Reading
Latest Book Reviews
- Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition Posted on January 11, 2025
- Rancher Deep Dive Posted on March 31, 2023
- Leveraging Kustomize for Kubernetes Manifests Posted on March 24, 2023
- Automating Workflows with GitHub Actions Posted on October 13, 2022
- Deep-Dive Terraform on Azure Posted on August 30, 2022 All Book Reviews
Latest Posts
- Varnish VCL Syntax Check Posted on July 27, 2014
- Gigabit Ethernet and pfSense awesomeness Posted on May 12, 2014
- Apache - Directory index forbidden by Options directive Posted on April 27, 2014
- Emergency reboot in Linux via SysRq Posted on March 22, 2014
- Reverse DNS Slave Setup Posted on March 15, 2014
July 27, 2014
Varnish VCL Syntax Check
by Alpha01
[root@rubyninja varnish]# varnishd -C -f default.vcl
Message from VCC-compiler:
Expected an action, 'if', '{' or '}'
('input' Line 156 Pos 17)
erro 403 "Fuck off";
----------------####----------------
Running VCC-compiler failed, exit 1
VCL compilation failed
varnish
]
May 12, 2014
Gigabit Ethernet and pfSense awesomeness
by Alpha01
For quite sometime now, I’ve been wanting to upgrade my home network to Gigabit Ethernet. So finally the time had come to finally retired my aging Linksys WRT54GL wireless router. Flashed with DD-WRT, my WRT54GL has served me well for well over six years. For it’s replacement I opted to completely geek out with a dedicated firewall and access point solutions. For my firewall I chose pfSense. Over the last few months, I heard nothing but good things regarding this FreeBSD firewall system; primarily because of it’s ease of use. This is what first attracted me to it since practically all my real firewall experience is through administrating it through their respective web interface, ie Cisco Adaptive Security Device Manager for ASA firewalls. (Yes, I really should learn how to do this from the command line, but I digress.)
For pfsense, I used a barebore mini 1.86GHz (dual core) Atom computer. OEM Production 2550L2D-MxPC Intel NM10 2 x 204Pin Intel GMA 3650 Black Mini / Booksize Barebone System. For storage and memory, I had a spare of two 1GB 1066 SODIMM modules and a spare 64GB SSD drive, which is more than plenty for pfSense, if not overkill. The install and configuration of pfSense itself is absolutely dead simple. Essentially after the install, you just need to specify which is your LAN and WAN interfaces and that’s it! My WAN internet connection, is provided via DHCP and a cool thing that pfSense supports is the ability to specify a custom mac address for the new firewall machine. This is handy because it basically saved me from having to call Time Warner Cable to informed them about my new replacement networking device.
Although pfSense supports the addition of wireless card interfaces so it can also function as an accesses point. I opted to use a dedicated wireless access point for my wireless networking. I had Linksys E1000 wireless access that was given to me a few a months ago, so I flashed it with DD-WRT and used the Linksys E1000 as my new wireless access point. So far with this newer wireless access point and newer version of DD-WRT, I noticed that the wireless range of this new device extends much farther than then the old WRT54GL.
The primary reason why I chose to deploy pfSense on my network besides its strong focused on security was because it’s essentially a small FreeBSD base system, which has the ability to install numerous third party packages. So far I’ve enabled anti-virus and intrusion detection transparent proxy solutions using HAVP and Snort (this alone is fucking awesome). As well as some really cool network statistics graphing collection daemons.
With this $130.00 investment, I essentially have the equal level of capabilities that I would’ve otherwise have with another really fancy commercial firewall/router solution that would’ve cost thousands of dollars to deploy. The beauty of open source.
TBD
VLAN wired and wireless network.
Tags: [pf
freebsd
]
April 27, 2014
Apache - Directory index forbidden by Options directive
by Alpha01
By default, the CentOS Apache configuration does not allow index directory listings. So I enabled Indexes Option
on the directory that I wanted allow this feature within my custom vhost. To my surprise after I made the Apache config update, directory listing was not working and I was still getting the default CentOS Apache welcome page.
Error
[Sat Apr 26 14:42:11 2014] [error] [client 192.168.100.1] Directory index forbidden by Options directive: /www/mysecureshit/
It turns out the default /etc/httpd/conf.d/welcome.conf
file option overrides the +Indexing Options
that I explicitly enabled within my custom vhost.
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
Fix
Delete /etc/httpd/conf.d/welcome.conf
.
apache
centos
]
March 22, 2014
Emergency reboot in Linux via SysRq
by Alpha01
When your Linux system has completely shit itself, and an emergency reboot needs to be made. Linux Magic System Request Keys to the rescue.
[root@server1 ~]# echo "1" > /proc/sys/kernel/sysrq
[root@server1 ~]# echo "b" > /proc/sysrq-trigger
Resources
Tags: [monitoring
]
March 15, 2014
Reverse DNS Slave Setup
by Alpha01
So a few months back, I enabled reverse DNS on my home BIND server. One thing that I forgot to implement was the additional slave DNS reverse setup. Like many things in BIND, the slave reverse setup was a dead simple process.
It’s simply just a matter of adding the following entry to the slave’s named.conf
with the updated master’s DNS IP specified in the masters directive and reload BIND.
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "etc/zones/db.192.168.1.255.bak";
allow-query { any; };
masters { MasterDNSIP; };
};
bind
]