The new Poodle vulnerability lead me to disable SSLv3 on my Ubuntu server. I have TLS/SSL enabled on three services: apache2, exim4, and dovecot2. Each service required a different method to disable SSLv3. While SSLv3 is mostly history, the techniques I used can be applied to other TLS versions. Ubuntu uses configuration files split into… Continue reading Disabling SSLv3 to block Poodle
I recently discovered logs filling up with log messages for classes being unloaded during garbage collection. After a little research, I found that the TraceClassUnloading switch gets turned on by the Xloggc switch. After a little testing, I found that this can be resolved by adding the argument -XX:-TraceClassUnloading after the -Xloggc argument.
As the IPv4 addresses begin to run out I finally invested the time to investigate and implement IPV6. As my ISP has not yet announced the availability of IPV6 addresses I chose to implement a 6to4 tunnel. This is simple to implement, and currently well supported. My external firewall is an ASUS wireless router running… Continue reading Implementing IPv6 6to4 on OpenWRT
Cfengine is a declarative system configuration tool. This helps apply standards to system configuration. The configuration files specify the desired configuration and the engine applies these specifications to the system. It is useful to: Distribute configuration files; Install standard packages (including on Debian and Ubuntu with code provided here); Cleanup old files; and Ensure certain programs… Continue reading Cfengine 2 for Debian and Ubuntu