Moving to KVM

Since our beloved OpenVZ virutalisation technology is not moving in a direction we are comfortable with, we are currently evaluation several virtualisation technologies. One the the possible options is KVM. This is not a full tutorial about KVM, there are …

Read more »

Running “backticks” commands on remote servers

Sometimes it’s necessary to run a complex command on a remote server witch also includes some “backticks”. Usually these commands are interpreted by the local shell so you need to use a little trick to force execution on the remote …

Read more »

Resetting Supermicor IPMI system

In case the IPMI system on a Supermicro system is unresponsive, but you are still able to log into the main server, you can issue the following command(s) to reset the IPMI: # load the necessary modules (optional) sudo modprobe …

Read more »

MacOSX: Manually restoring TimeMaschine Backup

In case you are a CLI junkie as myself and want to restore some files from a time maschine backup manually with the CLI (or using the finder), you will notice that the restored files cannot be changed. The restored …

Read more »

Update for the Checklist on “mailout” servers

This is an update to the checklist to create a prefect mailout server: Original Checklist Setup DMARC DNS Record to receive mail delivery reports https://www.unlocktheinbox.com/dmarcwizard/ btw: I Just started adding all those settings to my own domain too. Google DKIM …

Read more »

Cloudflare and Haproxy Lodbalancer

We are currently trying out the cloudflare service to protect one of our company service. In front of this service we are using haproxy as SSL endpoint and loadbalancer. Cloudflare adds a number of custom headers1)http://www.linuxorz.com/2014/10/cloudflare-haproxy-get-real-ip/: In order to extract …

Read more »

Java SSL Certificate Verification Error

If you come across the situation, that your java programs are not able to connect to ssl encrypted services, it might be most likely that the java cacerts keystore is empty or not uptodate. This might also be due to …

Read more »

Cisco ASA Certificate Handling

If you are using Cisco ASA, you most likely will also have certificate(s) installed. This is what you need to pay attention to (Version 9.1, higher versions might behave differently):

A checklist for creating a “mailout” server with DKIM and SPF

Create the DKIM DNS Record: http://www.dnswatch.info/dkim/create-dns-record Create the SPF Record: http://www.spfwizard.net/ Do not forget to add a PTR record at your provider! Verify the settings: http://www.port25.com/support/authentication-center/email-verification/ Use this command: And some more information if your domain is hosting email at …

Read more »

Hardening SSL

Update: 2014/01/17: Again a few weeks have past without finishing the article. So I’m going to publish it anyway even it it is unfinished work yet. I also disabled OCSP Stapling again. I’m using StartSSL and I’ve had some issues …

Read more »