SysteMajik Consulting

Category: Historical

Post of historical interest. Previously listed in other categories.

  • Disabling SSLv3 to block Poodle

    The new Poodle vulnerability lead me to disable SSLv3 on my Ubuntu server. I have TLS/SSL enabled on three services: apache2, exim4, and dovecot2. Each service required a different method to disable SSLv3. While SSLv3 is mostly history, the techniques I used can be applied to other TLS versions.

    Ubuntu uses configuration files split into small pieces. The method should apply to other distributions, although the configuration files may be arranged differently.

    (more…)

  • Disable TraceClassUnloading in Java 6

    I recently discovered logs filling up with log messages for classes being unloaded during garbage collection. After a little research, I found that the TraceClassUnloading switch gets turned on by the Xloggc switch. After a little testing, I found that this can be resolved by adding the argument -XX:-TraceClassUnloading after the -Xloggc argument.

    (more…)

  • Implementing IPv6 6to4 on OpenWRT

    As the IPv4 addresses begin to run out I finally invested the time to investigate and implement IPV6. As my ISP has not yet announced the availability of IPV6 addresses I chose to implement a 6to4 tunnel. This is simple to implement, and currently well supported. My external firewall is an ASUS wireless router running OpenWRT. As I have a static IP address, my implementation is simpler than is required by a dynamic address. Support for dynamic IPv4 addresses is not covered here, but this configuration should work as long as your address does not change.

    I initially created a 6to4 implementation without a firewall. Then to secure my systems I implemented a firewall using Shorewall6-lite. Until I figured out how to configure the 6tunnel script, I used the command line to bring up the network. This documentation uses the 6tunnel script instead of the manual commands. My configuration does not yet include any IPsec functionality.

    (more…)

  • Cfengine 2 for Debian and Ubuntu

    Cfengine is a declarative system configuration tool. This helps apply standards to system configuration. The configuration files specify the desired configuration and the engine applies these specifications to the system.  It is useful to:

    • Distribute configuration files;
    • Install standard packages (including on Debian and Ubuntu with code provided here);
    • Cleanup old files; and
    • Ensure certain programs are/are not running.

    This documentation applies to Cfengine version 2. Version 3 has made significant changes to the scripting structure but maintains the capability to run the version 2 format files.

    (more…)
Cookie Consent with Real Cookie Banner