It was always annoying for me to type in the login credentials on the Hotspots of Deutsche Telekom. As I’m lazy, here is a script which can be integrated with networkmanager via dispatcher.d interface, which checks for the right interface and right SSID, then calls the login page with according credentials.

Read more →

Puppet structure

puppet

It not always easy to find a good folder hierarchy and structure for puppetmaster, as you have to find a way to combine it with different tools and workflows like git, librarian or r10k.

As I still miss some kind of best practice whitepaper from puppetlabs, I want to cover here my view on this:

  • with using hiera
  • with or without using full autodeployment like r10k
  • without any git submodules

Read more →

I wanted to setup phpVirtualBox on my new Intel NUC, which is running gentoo-hardened. Unfortunately VirtualBox can’t run with couple of grsecurity/pax flags enabled in kernel. To get VirtualBox running you have to disable following kernel config flags: CONFIG_PAX_KERNEXEC CONFIG_PAX_RANDKSTACK CONFIG_PAX_MEMORY_UDEREF CONFIG_GRKERNSEC_HIDESYM and to enable: CONFIG_PAX_ELFRELOCS (if you have CONFIG_PAX_MPROTECT)

Read more →

SSH key management is required in each environment.

In this post I want explain how to do it with puppet on the simple way.

I’ve created a module, which is a wrapper around core puppet types User and Ssh_authorized_key. This wrapper enables an easy key management via integration with hiera on puppet. (and it was a good exercise in rspec-puppet:) )

Read more →

Hiera within Puppet is a great thing, especially starting with puppet 3.

But there are still some limitations, like priority lookup only with automatic parameter lookup.

Read more →

I use following iptables and ip6tables rules as a default. This rules provide basic security level:

  • statefull inspection
  • port knocking for management services like ssh
  • port scan protection

Read more →

There are already several articles about perfect forward secrecy and safe ssl configuration with according recommendations on the net, like this

But I missed somehow a short overview for me with verification instructions and all information links in one place. So this article is going to cover Perfect Forward Secrecy(PFS) for the software: apache, postfix, dovecot and represents somehow a summary over different information.

Read more →

The installer of Linux Mint doesn’t support the installation on encrypted raid 1 with LVM out of the box.

Following steps are required to do this with Linux Mint 16 (without GPT&UEFI)

Read more →

We are using only Linux and no Odin and VirtualBox to update Galaxy S II to Android 4 alias Ice Cream Sandwich.

Read more →

We are going to install ClockworkMod Recovery on the Galaxy Tab 2 10.1 (GT-P5100) with heimdall. After that you can root your stock image or install CyanogenMod on your tab. If you have another version of Galaxy Tab 2 you will need other images for it, for links take a look at the links at the bottom.

Read more →