Sitevatore

Please Stop curl/wget'ing Directly to bash/sh

Fri, 09 Oct 2015 00:12:03 +0000

Today, we are going to discuss the dangers of sending the output of a curl or wget command directly to your shell. There are already a few examples on why this is dangerous, with a very clear and concise example available here that explains the dangers of connections closing or failing before the transfer is completed. However, I would like to present a much more malicious example. Sinister, even! I call it “The Bait-and-Switch.”

Recommended Nginx SSL/TLS Settings

Fri, 06 Jun 2014 16:24:10 +0000

UPDATE: 2024-01-12 - Defaulted to TLSv1.3 and newer OpenSSL options, but left older recommendations commented, just in case. UPDATE: 2019-01-30 - Added TLSv1.3 recommend ciphers. Also added another XSS prevention header.

Have you seen the recent (and not so recent) OpenSSL/TLS protocol vulnerabilities, and are you worried about securing connections to the Nginx servers you manage?

I’m going to assume you answered “yes” to that question, as it’s unlikely you’d end up on this page otherwise. The whole purpose of this post is to share some high-security SSL configuration info for Nginx, so you’ve come to the right place.

Generating Random Passwords in Perl

Sun, 28 Apr 2013 21:19:40 +0000

Though I’ve already created the same thing in another post using a Bash function, I had a very important need for a Perl script that produced random strings. Once I got that little script working, I decided to rewrite the original Bash password generator function entirely in Perl. This may not be the most efficient way to hack it up, but I’m no Perl monger, so don’t expect perfection. This script does work well, however, and requires no additional modules, so it can be run anywhere there is a Perl interpreter.

Generating Random Passwords in Bash Using Your System's Random Source

Thu, 05 Jul 2012 09:30:21 +0000

Today, we will re-invent the wheel with a simple bash function to generate some passwords and a few hashes as well. Why would I bother coding something when several good programs already exist to perform the same functionality? Well, that’s simple: I use this most on systems where I cannot install software. Any user that has SSH access can edit their own .bashrc , so I decided since random password generation is a daily task I perform at my job and elsewhere, it made sense to have a good way to generate passwords. There are a few hashes you can use this for as well. This function will generate the hash used for cookie authentication in phpMyAdmin and it will also generate the hashes used to secure authentication via Wordpress (to be used in wp-config.php). Paste this function in its entirety into your .bashrc or /etc/profile , /etc/bashrc , /etc/bash.bashrc (wherever you feel it should go):

Getting Juniper Network Connect to Work on 64-bit Linux

Tue, 05 Jun 2012 21:37:40 +0000

So let’s say you’ve got a Juniper MAG or SRX or similar unit at work that supports SSL VPN. Now let’s say you’re running 64-bit Linux at home and need to connect to said VPN. I doubt it makes much difference which distro you use, but I’m going to assume you’re really cool and are using a Debian-based one. So there are a few necessary steps required to get this Java-based VPN client running, and if you follow this tutorial, you’ll have it working in no time.

Using Heartbeat to Share a Single Virtual IP (VIP) Between Two Servers

Sat, 05 May 2012 10:45:08 +0000

Just did a high availability cluster setup a few weeks ago and though the web servers use the traditional heartbeat/ldirectord setup, there needed to be high availability between the two master/master database servers as well.

Yes, this can be done with ldirectord for MySQL, but if you also have other services like Memcached, or Redis, etc, you may just want to share a VIP between the servers.

This is especially true if you’re connecting to these servers internally. Connecting via the VIP will only connect to one server, so this is not a load-balancing setup, but rather simply a high availability solution (failover).