CentOS/RHEL Watchdog install 
Watchdog is a software which resets the machine if the machine is in some of the crash defunct state but the kernel lives somehow. The watchdog can be configured to check if the system is responsive via writting to the /dev/watchdog and some other subsequent check could be set up as well.

Watchdog opens /dev/watchdog and keeps writing to it often enough to keep the kernel from resetting, at least once per minute. Each write delays the reboot time another minute. After a minute of inactivity the watchdog hardware will cause the reset. In the case of the software watchdog the ability to reboot will depend on the state of the machines and interrupts.

# yum install watchdog

watchdog consists of the watchdog daemon and a kernel module softdog.


If the watchdog complains the device through which the process comunicates with the module /dev/watchdog is missing you have to create the device

# mknod /dev/watchdog c 10 130

in basic configuration the only change sufficient in /etc/watchdog.conf is to uncomment

file = /var/log/messages
watchdog-device = /dev/watchdog

I do recommend to check the watchdog documentation bundled in /usr/share/doc/watchdog

# rpm -ql watchdog

[ add comment ] ( 15 views )   |  [ 0 trackbacks ]   |  permalink
Encrypt/Decrypt files using gpg and password (with tar) 
# tar cz gpgtest | gpg --passphrase-file heslo.txt -c  > gpgtest.tar.gpg
# gpg -d gpgtest.tar.gpg | tar xz

[ add comment ] ( 11 views )   |  [ 0 trackbacks ]   |  permalink
GUI for tc - Ktctool 
Ktctool is a graphical interface for network bandwidth management in Linux. There already exists commandline program tc for this purpose. Ktctool is meant to be a graphical user interface to tc. tc is a part of iproute2 and controls Quality of Service support in Linux (included in kernel).


[ add comment ] ( 12 views )   |  [ 0 trackbacks ]   |  permalink
Seriál Pokročilé vlastnosti OpenSSH 
DNSSEC jako bezpečné uložiště SSH klíčů
http://www.root.cz/clanky/dnssec-jako-b ... ssh-klicu/

Stavíme tunely v OpenSSH

Používání klíčů v OpenSSH

[ add comment ] ( 11 views )   |  [ 0 trackbacks ]   |  permalink
Linux bash noclobber 
What the noclobber does?
# echo "hihi" > file
# cat file
# set -o noclobber
# echo "hihi2you" > file
-bash: file: cannot overwrite existing file
# set +o noclobber
# echo "hihi2you" > file
# cat file

clobber [noun] veci, kramy, hadry, ohoz
clobber [v] bit, tlouci, mlatit, uhodit, postihnout, zasahnout

[ add comment ] ( 11 views )   |  [ 0 trackbacks ]   |  permalink
Newton's First, Second, and Third 
http://ocw.mit.edu/courses/physics/8-01 ... lecture-6/

Topics covered: This lecture is all about Newton's First (inertia), Second (F=ma) and Third (action=-reaction) Laws.

Instructor/speaker: Prof. Walter Lewin

Date recorded: September 20, 1999

http://oyc.yale.edu/philosophy/death/co ... ure05.html


Professor Kagan discusses in detail the argument of free will as proof for the existence of an immaterial soul. The argument consists of three premises: 1) We have free will. 2) Nothing subject to determinism has free will. 3) All purely physical systems are subject to determinism. The conclusion drawn from this is that humans are not a purely physical system; but Professor Kagan explains why this argument is not truly compelling. In addition, near-death experiences and the Cartesian argument are discussed at length.

[ 1 comment ] ( 24 views )   |  [ 0 trackbacks ]   |  permalink
OpenSSH secure shell and X.509 v3 certificates 
V kryptografii je X.509 standard pro systémy založené na veřejném klíči (PKI, public key infrastructure) pro jednoduché podepisování. X.509 specifikuje mezi jiným formát certifikátů, seznamy odvolaných certifikátů (CRL, certificate revocation list), parametry certifikátů a metody kontroly platností certifikátů.


OpenSSH secure shell and X.509 v3 certificates


[ add comment ] ( 20 views )   |  [ 0 trackbacks ]   |  permalink
ldapsearch says hostname does not match CN  
if the TLS: hostname does not match CN in peer certificate error appears during LDAPS handshake get the LDAP server certificate to check for the servename with command

# openssl s_client -connect ldapserver:port

Acceptable client certificate CA names
/C=CZ/CN=I.CA - Standard root certificate/O=Prvni certifikacni autorita a.s.
/O=Sun Microsystems/CN=Directory Server/CN=XXXX/CN=ServerName.Domain.com

to avoid certificate check on client modify the /etc/openldap/ldap.conf and add/replace TLS_REQCERT ie


according to man of ldap.conf the level could be one of the following

       TLS_REQCERT <level>
Specifies what checks to perform on server certificates in a TLS session, if any. The <level> can be
specified as one of the following keywords:

never The client will not request or check any server certificate.

allow The server certificate is requested. If no certificate is provided, the session proceeds nor-
mally. If a bad certificate is provided, it will be ignored and the session proceeds normally.

try The server certificate is requested. If no certificate is provided, the session proceeds nor-
mally. If a bad certificate is provided, the session is immediately terminated.

demand | hard
These keywords are equivalent. The server certificate is requested. If no certificate is pro-
vided, or a bad certificate is provided, the session is immediately terminated. This is the
default setting.

[ add comment ] ( 8 views )   |  [ 0 trackbacks ]   |  permalink
Forensic hash databases  
taken from: http://www.sleuthkit.org/autopsy/help/index.html

Hash databases are used to quickly identify known good and known bad files using the MD5 or SHA-1 checksum value. Autopsy uses three types of hash databases to help the investigator reduce the number of files that they have to look at.
The NIST National Software Reference Library (NSRL) contains hashes of files that are found in operating systems and software distributions. These files are known to be good in that they came from trusted sources and are typically on authorized systems. When processing files in the image, this database can be used to ignore files because they are assumed to be known and therefore uninteresting. The location of this database is configured when Autopsy is installed. The NSRL must be obtained from NIST at www.nsrl.nist.gov.

[ add comment ] ( 20 views )   |  [ 0 trackbacks ]   |  permalink
odkaz na openldap TLS CACERTDIR hash 

[ add comment ] ( 19 views )   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | Next> Last>>