What more could you want?
chuck
This user hasn't shared any biographical information
Homepage: http://www.ozymo.com
Posts by chuck
Plesk 9 and PCI compliance
Apr 14th
The basics are easy, as one can attest with a Google search: Apache, Mail, etc.
But, I’ve found that the Plesk CP for Plesk 9 doesn’t run on Apache, it runs on Lighttpd. To disable weak ciphers on a Plesk/Red Hat box, edit /etc/sw-cp-server/applications.d/plesk.conf and add this line:
ssl.cipher-list = “TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH”
I don’t know if you can add it just anywhere, but you ought to be able to. Personally, I put it between the “include_shell” and “index-file.names” lines in the conf, line 11. After all that, issue “service psa restart” and you’re good to go.
You can test the setup using this command:
# openssl s_client -connect localhost:8443 -ssl2
Run that from the box itself, either as root or as a regular user. It gave me a “Connection reset by peer” error on SSLv2 connection. This is expected, and means that SSLv2 has been successfully disabled. Go run that scan again.
Also, keep in mind the recent “Plesk broke openssl” (or vice-versa) fiasco.
/cs
Teensy ELF executables
Mar 17th
Holy crap. I wish I was at awesome as systems programming as this guy.
/cs
at jobs in OS X
Mar 10th
So, Apple turned at off by default, cause who uses at, right? Well, I do. Here’s how you can too:
$ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.atrun.plist
Once this is done, the at service is running. To make a handy-dandy alert system, try using at with the “open”
command, like so:
$ at 3:01 today [hit return] ps ax | open -f [hit return and Ctrl+D] job 9 at Wed Mar 10 03:01:00 2010
This will run the ps command and pipe the output to the open command. The -f flag tells open to place the input into the default editor for the system, so when your at job runs, TextEdit opens with your ps output.
Also handy for things like:
$ echo "STOP WORKING and go home, you loser" > /tmp/opentxt && open -W -a OmmWriter /tmp/opentxt && rm /tmp/opentxt
This will clear the screen and tell you to go home. 
So, here I go.
/cs
GPG, Mail 4.2, Snow Leopard, and Happiness
Feb 5th
I discovered Cyanide and Happiness on YouTube the other day. It’s hilarious.
Also, I found a way to use GPG signing and encryption in Apple’s Mail app.
First, quit Mail. I know it’s hard, but you can do it!
Second, back up your GPG keys and REMOVE YOUR EXISTING ~/.gnupg directory if it exists. The configuration file that already exists somehow conflicts with the pinentry app that prompts for your GPG password. I back up my keys this way:
$ gpg -a –export me@ozymo.com >> me_ozymo.com.asc$ gpg -a –export-secret-key me@ozymo.com >> me_ozymo.com.asc
Note that this will store your PRIVATE key in the file as well. This is necessary for importing, but not ideal to keep around on some random computer. Use your head.
Third, download this file. If you don’t trust me, look here on page 6. Or here. Same file. Once it downloads, drag it into ~/Library/Mail/Bundles. If there is already a GPGMail.mailbundle there, remove it and drop the new one in place.
Fourth, open Mail.
Fifth, be happy. And check out Cyanide and Happiness. It’s REALLY funny. I laughed my ass off and sewed it to a chair.
/cs
Netstat + MacOS X – Linux = Nightmare
Jan 23rd
Being a Linux user, I am quite accustomed to the netstat flags that I use most often (plant, or sometimes tupac). I recently acquired a MacBook Pro, and found the netstat flags quite different.
clstearns@olly:~$ netstat -ntpl
netstat: l: unknown or uninstrumented protocol
clstearns@olly:~$ netstat -ntl | wc -l
221clstearns@eli:~$ netstat -ntl | wc -l
6
How annoying it is, having to change one’s habits.
Rather than learning the new flags, I pulled out my trusty lsof:
$ lsof -i tcp:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssh 8383 clstearns 3u IPv4 0x060b0334 0t0 TCP olly.ozymo.com:56829->mail.ozymo.com:ssh (ESTABLISHED)
Using lsof, I can see in the NAME field I can see what kind of connections I have open.
According to the lsof man page, the -i flag takes an option [i] specified as an Internet address. From the man page:
An Internet address is specified in the form (Items in square brackets are optional.):
[46][protocol][@hostname|hostaddr][:service|port]
where:
46 specifies the IP version, IPv4 or IPv6 that applies to the following address. ’6′ may be be specified only if the UNIX dialect supports IPv6. If neither ’4′ nor ’6′ is specified, the following address applies to all IP versions.
protocol is a protocol name – TCP, UDP
hostname is an Internet host name. Unless a specific IP version is specified, open
network files associated with host names of all versions will be selected.hostaddr is a numeric Internet IPv4 address in dot form; or an IPv6 numeric address in
colon form, enclosed in brackets, if the UNIX dialect supports IPv6. When an IP version is selected, only its numeric addresses may be specified.service is an /etc/services name – e.g., smtp – or a list of them.
port is a port number, or a list of them.
At least one address component - 4, 6, protocol, ,IR hostname , hostaddr, or service – must be supplied. These addresses can get hairy, according to this example, which means TCP, ports 1 through 10, service name smtp, port 99, host name foo:
tcp@foo:1-10,smtp,99
lsof allows me to gain the information I need pertaining to my network connections, and when combined with some of the simpler options for MacOS’s netstat version (Mach-O universal binary with 3 architectures; it’s also the BSD4.2 version, whereas my Ubuntu box reports that the installed netstat command version 1.42 is from the net-tools package) it makes for a very handy tool.
Thanks to Greg and the man for the information on lsof.
/cs