If you are looking for a quick way to install a LAMP (Linux, Apache, MySQL, PHP) stack on an Ubuntu server, this should take care of you:
First command installs tasksel… which is a really handy program. (more…)
Do you work with MySQL? I do… quite a bit.
Do you often script stuff on your server to make your life easier? I do that as well… quite a bit…
Are you including your database user account and password (or worse… your mysql instance root user account and password!) in plain-text in your script… I was doing this… and it is bad practice from a security standpoint for sure…
Okay, so if you have a bunch of scripts (and I have several for database maintenance and database backups) floating around and many of them contain your MySQL root user account credentials… that can be a real issue. There is a better way!
(more…)
I have setup a few servers with Ubuntu Server and one of the common security tools I use is Fail2Ban.
One of the common requirements that comes with Fail2Ban is the need to provide other administrative personnel with a place they can quickly check which IP’s have been banned. Using a cool program called incron and a short shell script (which I will provide below) I was able to push the contents of the fail2ban log file in more-or-less real time to a plain text file in the web directory. Hence anyone can just visit that page and view a list of banned and unbanned IP addresses.
(more…)
I ran into an issue with ADFS (Active Directory Federation Services) recently that had me scratching my head a bit. Let’s set the record straight from the outset here… I thoroughly dislike ADFS and I am not a pro when it comes to managing it. So I often have to do a lot of research and digging whenever I have to do any kind of administrative work with it.
ADFS and SAML have their own dialect of IT speak… and versatile as I am I have found administering and deploying ADFS to have a rather steep learning curve. So my apologies in advance is this article isn’t as accurate or precise as it should be.
In the scenario that occasioned this article, ADFS is being used to integrate with a third-party hosted web application and while successful authentication works fairly well, there has been some real headache around unsuccessful authentication attempts.
The organization had employees with Active Directory user accounts and IT wanted to allow those employees to login to the externally hosted web application using their AD accounts. This is a very typical use-case for ADFS. The application provided a basic login page with a button that said something along the lines of “Login as Employee.” The button was actually a link to a SAML ADFS page hosted on the organizations ADFS server which would respond with a popup login prompt asking for the employee’s AD credentials.
The system worked just fine when an employee was able to successfully authenticate.
If an employee entered the wrong password or their account was locked or any number of other things would occur to make their login attempt unsuccessful, the system would of course not allow them entrance and it would simply kick them back to the login page… however that is where things started to go a bit wrong. (more…)
Hyper-V Dynamic Memory Allocation strikes again… I have decided to no longer use Dynamic Memory Allocation on any of my virtual machines. It is a fine idea in theory but it is extremely buggy and I am not sure how it made it into a production OS…
What’s the issue this time around? This is my third article talking about a bug related to Dynamic Memory Allocation. In this case it has to do with the clock sync on the VM. Which is a major ordeal if you happen to be working with a virtualized Domain Controller. Here was the situation… every time power got cut to the host and subsequently the VM was “hard powered” off, upon reboot the clock would be off by several hours. (more…)