Logging packets with iptables and ULOG
Imagine you have got the following iptables rule set: *filter :INPUT ACCEPT [2:130] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [119:14185] -A INPUT -s 127.0.0.0/8 -j ACCEPT -A INPUT -p tcp -m tcp –dport 22...
View ArticleHide process information for other users
Debian GNU/Linux Debian 7.0 (aka Wheezy) will be a “general hardened” distribution in my eyes. Not only that it now enabled hardened building of packages (see http://wiki.debian.org/Hardening), the...
View ArticlePlaying with Apache mod_geoip
If you want to add some rules to your Apache based on the clients country, mod_geoip is perfect for it. Installation On Squeeze following is enough: # apt-get install libapache2-mod-geoip...
View ArticleWhat an ugly (PHP) work..
We still have got some more or less webapplications which are not compatible with PHP higher than version 5.2.x, which is the only blocker for the last Lenny servers to upgrade them to Squeeze.. I do...
View ArticleBASH fix Debian Lenny (5.0) CVE-2014-6271, CVE-2014-7169 aka Shellshock
Hello, I have decided to create fixed bash packages for Debian Lenny. I have applied the upstream patchsets from from 052 until 057, so some other issues are also addressed in it. :-) And here they...
View ArticleDebian Jessie 8.3: Short howto for Corosync+Pacemaker Active/Passive Cluster...
Hello, since I had to change my old “heartbeat v1” setup to an more modern Corosync+Pacemaker setup, because “heartbeat v1” does not support systemd (it first looks like it is working, but it fails on...
View ArticleBe careful: Upgrading Debian Jessie to Stretch, with Pacemaker DRBD and an...
Detached DRBD (diskless) In the past I setup some new Pacemaker clustered nodes with a fresh Debian Stretch installation. I followed our standard installation guide, created also shared replicated DRBD...
View Article
