Linux – Page 46

Knock Knock

January 3, 2011 by Igor Drobot Leave a Comment

SSH is by default very strong, and since a long time without critical bugs. It has strong protection against various hacks and known vulnerabilities. For instance SSH has a password retry wait time of (default) five seconds. This makes the time for brute force attacking an SSH-server very long and not effective. However, sometimes script-kiddies will fork their hacking program making multiple processes of the brute force attack. Sometimes they are able to fork it off upwards of 1000 attempts every 5 seconds. This drastically minimizes the time to crack short passwords.

I think SSH is secure enough, but there is always a way to make it more secure.

Install knock daemon:

1	aptitude install knockd

[Read more…]

Create Swap

December 29, 2010 by Igor Drobot Leave a Comment

I decide me to use LVM for the most server that I have, its very flexible and you can every time resize and shrink your partitions.

Use swap area as LVM was a little bit tricky:
Create a swap partition with parted or your favorite one.

# -L flag creates a label for your device
mkswap -L swap /dev/vdc1
swapon -a
cat /etc/fstab
LABEL=swap      none            swap    sw              0       0

Active/Passive Cluster with Pacemaker, Corosync

December 28, 2010 by Igor Drobot 26 Comments

In this article I will explains how to set up and maintain an Active/Passive Cluster, using Pacemaker with Corosync with DRBD replication.

We have two nodes (same hardware), one active and another in passive mode. If the active node goes down, the passive one will automatically take its position and all running services.

This article was written complete for and with Debian 6-squeeze (With a lot of luck you could bring it to run on Ubuntu)

Active/Passive

1. Basic notes
Node-1:
Hostname: node-1
IP: 192.168.2.101

Node-2:
Hostname: node-2
IP: 192.168.2.102

Partitioning:
/dev/vda1 System / ext4
/dev/vda5 reserved for DRBD – empty
/dev/vda6 swap area

Cluster IP: 192.168.2.100
We need this cluster IP to reach currently active node.

This is a physical network structure of the cluster:

[Read more…]

Nomachine user limit

December 28, 2010 by Igor Drobot Leave a Comment

Some days ago I found a strange user limitation for Nomachine Server – I know that it was the “free” edition. The user limitation came end of 2009 and my server without limitation running since 2008
I think I should visit sites of OpenSource/Free projects ofter

1 2	/usr/NX/bin/nxserver --userlist /usr/NX/bin/nxserver --userdel username

Very very dirty hack to prevent the limitation – Create a cron which runs every minute and remove all users:)

SSH aliases

December 24, 2010 by Igor Drobot Leave a Comment

I think you now this problem, you have a lot different hosts with different ssh ports.
It takes to much time to write the full ssh commands and recognize all of your ports:

Easy solution – use aliases:

vim .ssh/config
# Add this
Host piper
    HostName piper
    User root
    Port 1022

ssh piper