No Image

mkpasswd

June 15, 2017 Andy 0

The other day I couldn’t remember what package provided the mkpasswd binary….. yum whatprovides */mkpasswd yum install expect mkpasswd -l 12 The above creates a password of length 12 with two uppercase letters, two numbers and one special character.

No Image

Rackspace Cloud Monitoring Agent

April 11, 2015 Andy 0

The Rackspace cloud monitoring agent allows you to monitor CPU, memory, filesystem usage and system processes. It does this by collecting information about the system and pushing it out to Rackspace Cloud Monitoring web services, where they can be analyzed, graphed, and alerted on. It is this technology that the Rackspace monitoring checks are built upon. Plus you get a nice pretty little bar graph in the server details section of the control panel 🙂 Install the Agent While the instructions used here are for Ubuntu 14.04 LTS, this page lists the exact commands needed for all major distros. If […]

No Image

Protect Your Cloud Infrastructure Servers with Isolated Cloud Networks

March 31, 2015 Andy 0

Create a Private Cloud Network Create an isolated cloud network. Here I am using the supernova client to communicate with the Rackspace OpenStack API. Take note of the id – you’ll need it shortly! Create a Proxy Server and Attach to the Private Network The above creates a server using the CentOS 6.6 image. Other images of interest are: Proxy Bastion Configuration Later we create a cloud server with no public IP, which is protected by sitting behind our proxy bastion. From the bastion side, in order for our protected server to have access to the internet, we need to […]

No Image

Install and Configure fail2ban on CentOS 7

February 21, 2015 Andy 0

To install fail2ban on CentOS/RHEL 7, you first need to make sure you have the EPEL repository enabled. Then you can simply install it with yum as usual. Configure fail2ban You will need to create a file call jail.local. To do this, make a copy of jail.conf (do not edit this file), and edit that. To enable fail2ban to work with SSH, make sure enabled=true is somewhere under the [sshd] section. [sshd] enabled = true To make sure fail2ban is started and has picked up your changes, run the below. Check Service You should always check the service you have […]

No Image

Repodata is over 2 weeks old

February 21, 2015 Andy 0

In Red Hat 7 / CentOS 7, you may need to clear your repository cache if you see the below message when using yum. Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast To clear your cache simply run the below.

No Image

Securing an SSH Server

February 15, 2015 Andy 0

Nobody likes to log into their server and see this! Over 31,00 failed root login attempts in just a few days!! Disable Root Logins By default (on my system atleast), root logins are enabled. Before you disable root logins, make sure you have setup a regular user and can successfully login with that user using either a strong password or key-based authentication. To change the default setting, search for the following and remove the comment…. #PermitRootLogin yes …and change the value to no like so. PermitRootLogin no Don’t forget to restart SSH. Lock-down SSH by User Add each user that […]

No Image

Getting Started with the Rackspace Nova Client

February 1, 2015 Andy 0

You will need to export some environment variables used by the Nova client. If you have a UK-based Rackspace cloud account, you will need to enter something like this: …And if you have a US, Hong Kong and Sydney (based) account: Because we have our password in a plain text file, it is recommended that we at least lock down the permissions so no other system users can see it: Don’t forget that whenever you make changes to your bash profile that you need to run the below command first for the changes to take affect on your current users […]

No Image

Installing the Rackspace Nova Client on CentOS 7

February 1, 2015 Andy 0

Installing the Rackspace Nova client should just be as simple as installing the below packages. However, you will first need to make sure you have the development tools or the installation will fail with messages about not being able to find the GCC compiler.