Weblog

General posts from the webinterface

Red Hat 7.4 beta released

0

Red Hat released the beta version of its 7.4 Enterprise Linux. Amongst others, new features are:

  • Ansible is included in the extra reporitory from not. Please not that these packages are FIPS140 compliant. Previous installed packaged need to be removed first.
  • ⁠Identity Management now supports FIPS. With this enhancement, Identity Management (IdM) supports the Federal Information Processing Standard (FIPS). This enables you to run IdM in environments that must meet the FIPS criteria. To run IdM with FIPS mode enabled, you must set up all servers in the IdM environment using Red Hat Enterprise Linux 7.4 with FIPS mode enabled.
  • Beter Active Directory support now let’s users login to the WebUI of an IPA server. Previously only kinit was supported.
  • usbguard is now included. You can whitelist and blacklist USB-devices to achieve better security.
  • ⁠openssh rebased to version 7.4, which provides a number of enhancements, new features, and bug fixes. This includes support for the resumption of interrupted uploads in SFTP and a new fingerprint type that uses the SHA-256 algorithm.
  • Standards Compliance. OpenSCAP scanner NIST certified, DISA STIG profile included
  • Support added in LVM for RAID level takeover now provides full support for RAID takeover, previously available as a Technology Preview, which allows users to convert a RAID logical volume from one RAID level to another. LVM also now provides support for RAID reshaping, which allows users to reshape properties such as the RAID algorithm, stripe size, or number of images.

The complete list of changes can be fount on the Red Hat website. Finally, according to this post, OpenSSL should be upgraded to 1.0.2k in RHEL 7.4.

Update ESXi standalone to 6.5

0

To update your standalone lab box to the latest ESXi version, first enable SSH. Then put all the VM’s into maintenance mode and log in via SSH. Use the esxcli command to update to the latest version (mind the build numbers) by using your internet connection. So no hassle with packages, downloads, etc.

Open the firewall if needed:

esxcli network firewall ruleset set -e true -r httpClient

Update the box (this will take 5-10 minutes if using slow USB stick as storage)

esxcli software profile update -p ESXi-6.5.0-4564106-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

Reboot the box, get coffee and login afterwards. You’re box is updated to latest-and-greatest. Don’t forget to update VMware Tools on the guests if needed.

Start testing CentOS 6.9

0

If you want to start testing CentOS 6.9 without the official release is there (re-packaging to fit all on one DVD) then install the CentOS CR (Continues Release) repository by: yum install centos-release-cr. After this, yum update will install CentOS 6.9.

Installation instructions for CentOS 7: The repository configuration file is included in the newest centos-release package. First update your system with yum update to get the new centos-release package, then run yum-config-manager –enable cr to enable the CR repository.

Red Hat 6.9 beta released

0

Last week, Red Hat released the beta of Enterprise Linux 6.9. This new version of RHEL supports Transport Layer Security (TLS) 1.2. This gives RHEL 6.9 complete support for TLS 1.2 in the shipped security libraries. TLS 1.2 is recommended by modern security standards. Simultaneously, insecure cryptographic protocols and algorithms, such as MD5, SHA0, RC4, or 512-bit DH, have been deprecated. For this reason alone, you’ll want to upgrade to RHEL 6.9 as soon as possible.

Goodbye cmd.exe

0

Remember all those times Microsoft, Microsoft MVPs, and others said “YOU MUST LEARN POWERSHELL” like there was no avoiding it?? Well, in case you didn’t start to learn, now is your last change. Microsoft released the latest insider build of Windows 10 and removed the 30-year old DOS command box. So, learn PowerShell (which celebrates it’s 10th birthday). Have a look at the Microsoft Virtual Academy for free courses.

Soft Restart in Windows Server 2016

1

A cool new, but optional feature has landed in Windows Server 2016: Soft Restart. Once installed, it provides the capability to initiate a soft restart, which skips hardware initialisation. In other words, it restarts the operating system without restarting the whole machine. After installation, there are two ways to initiate Soft Restart:

Command Line: shutdown /r /soft /t 0
PowerShell: Restart-Computer -Soft

The new (to be implemented) feature sounds very handy for physical servers with large amounts of memory and/or raid-controllers, eliminating the need to check these components. This will save minutes. This might, in particular, be handy when an unscheduled restart is needed during production hours. Well don’t, Microsoft.

RHEL 7.3 released

0

Last week, Red Hat released version 7.3 of her Enterprise Linux. CentOS builds will follow soon. There are a number of features introduced as Technology Preview. The complete release notes can be found on the Red Hat website.

Security

  • The SELinux userspace has been rebased and provides various enhancements and performance improvements. Notably, the new SELinux module store supports priorities, and the SELinux Common Intermediate Language (CIL) has been introduced.
  • OpenSCAP workbench now provides a new SCAP Security Guide integration dialog and enables modification of SCAP policies using a graphical tool.
  • The OpenSCAP suite now includes support for scanning containers using the atomic scan command.
  • Upgraded firewalld starts and restarts significantly faster due to a new transaction model. It also provides improved management of connections, interfaces, and sources, a new default logging option, and ipset support.
  • The audit daemon introduces a new flush technique, which significantly improves performance. Audit policy, configuration, and logging have been enhanced and now support a number of new options.
  • Media Access Control Security (MACsec) encryption over Ethernet is now supported.

(more…)

Switching Apache to Nginx and Selfoss

0

After updating the Synology and switch webserver from Apache to Nginx, the web-based RSS reader selfoss stopped working. This application uses a .htaccess file to rewrite all requests in Apache. Unfortunately, Nginx doesn’t support .htaccess files.
Make these adjustments in: /etc/nginx/app.d/server.webstation-vhost.conf (last line before the final closing bracket ‘}’. Keep in mind, the space after $1 belongs in the configuration file. If you forget about this nginx won’t restart (with the command: nginx -s reload).

# Custom configuration by Randy - Fix SelfOss RSS reader
location /selfoss {
 root /volume1/web;
}
location ~ ^/selfoss/$ {
 index index.php;
}
location ~ ^/selfoss/favicons/(.+)$ {
 try_files /selfoss/data/favicons/$1 =404;
}
location ~ ^/selfoss/(.+)$ {
 try_files /selfoss/public/$1 /selfoss/index.php$is_args$args;
}

If you also want to switch other applications from Apache reverse proxy to Nginx, the configuration would be:

# Custom configuration by Randy - Add reverse proxies
location /sabnzbd {
  proxy_pass http://127.0.0.1:8080;
}
location /sb {
  proxy_pass http://127.0.0.1:8083/sb;
}
location /transmission {
  proxy_pass http://127.0.0.1:9091/transmission;
}
location /couchpotato {
  proxy_pass http://127.0.0.1:5053/couchpotato;
}
# Spotweb fix for API via NGingx
location /spotweb {
 if ($uri !~ "api/"){
 rewrite api/?$ /spotweb/index.php?page=newznabapi last;
 }
}

Synology Disk Station Manager 6.1 Beta

0

Yesterday, Synology unveiled the newest version of her Disk Station Manager: 6.1 Beta. Testers are urged to download this build and test out new features. Amongst others, these are PHP7-support, a switchable web front end between Apache (2.2) and NGinx. The resource manager is extended with lots of new features showing per-process indication of disk, cpu and network use. The Storage Manager let’s users switch from SHR-1 (RAID5) to SHR-2 (RAID6) online.

Furthermore, a new package calles Active Directory Server will be available soon. I guess this DS is based on Samba 4, the Windows file sharing service for Linux. Starting with version 4.0, Samba is able to run as an Active Directory (AD) domain controller (DC).

More information, features and downloads can be found on the Synology DSM 6.1 Beta website.

Franz: One application, endless possibilities

0

Meet Franz, the multi-platform, multi-messenger application to have a (tabbed) single pane of glass for messengers like WhatsApp, Facebook, Telegram, LinkedIn, Twitter, Slack, etc. Clients are available for Windows, Mac OSX and Linux. Yes. I Like It!

franz_screenshot-97ec75912b

Synology DSM6 and mod_proxy

3

Since Synonoly released version 6 of Disk Station Manager (DSM), things in the Apache configuration where changed. I used to have a reverse proxy using Apache mod_proxy. The old configuration was stored in /etc/httpd/sites-enabled-user/httpd-vhost.conf (or httpd-ssl-vhost.conf in my case since I use SSL). The new configuration to put your reverse proxy configuration can be found in: /usr/local/etc/httpd/sites-enabled/httpd-vhost.conf-user.

To set-up a reverse proxy to services listening on strange ports, like SabNZBd, SickRage / SickBeard, CouchPotato or Transmission use these lines as an example and edit them to your needs. With this configuration you should be able to download your CentOS images from usenet without getting blocked by the company firewall…

<Location /sb>
  ProxyPass http://127.0.0.1:8083/sb
  ProxyPassReverse http://127.0.0.1:8083/sb
</Location>

<Location /sabnzbd>
  ProxyPass http://127.0.0.1:8080
  ProxyPassReverse http://127.0.0.1:8080
</Location>

<Location /couchpotato>
  ProxyPass http://127.0.0.1:5053/couchpotato
  ProxyPassReverse http://127.0.0.1:5053/couchpotato
</Location>

<Location /transmission>
  ProxyPass http://127.0.0.1:9091/transmission
  ProxyPassReverse http://127.0.0.1:9091/transmission
</Location>

 

Welkom, Sierra

0

 

Schermafbeelding 2016-08-09 om 13.33.11

Bugs so far:

  • TimeMachine (Synology DS1815+) doesn’t work
  • Networking to Synology (AFP and SMB) share doesn’t work
    • Fix: Let the firewall accept incoming mDNSresponder connections
  • DHCP (FRITZ!Box 7390) doesn’t work. Fixed IP does
    • Fix: Let the firewall accept incoming configd connections
  • MacPGP (GPGmail) doesn’t work, but this was expected
    • Fix: Wait for update.
  • Citrix Receiver doesn’t work anymore
    • Fix: Reinstall Citrix Receiver from this package.

Fix Brew (MacPorts alternative)

sudo chown -R $(whoami) /usr/local
xcode-select –install

Edit: 28-01-2016: A beta of GPGTools for OSX Sierra is there.

Go to Top