Archive for the ‘Software’ Category

SSH is a great tool for accessing systems remotely to perform system management tasks.  It can also be a security risk if it is not configured properly. Many administrators start with the best intentions.  Password complexity rules are put in place that require long passwords with a robust mixture of uppercase, lowercase, numbers and special characters.  Alternatively, a policy of using SSH public keys is implemented. In most, cases this is a great setup. However, there are times when a single method for authentication does not fit well.   (more…)

It is easier today than ever before to maintain the security posture of your servers thanks to the SCAP Security Guide, an open source project creating and providing SCAP security policies (such as PCI-DSS, STIG and USGCB) for various platforms – namely Red Hat Enterprise Linux 6 and 7, Fedora, Firefox, and others.

In this post, I will show how the SCAP Security Guide can be used to automate the application of a security policy on Red Hat Enterprise Linux and (RHEL) then validated with the official DoD STIG configuration that the Defense Information Systems Agency (DISA) publishes. (more…)

When I was still doing IT Operations work, I dreamt of a day when a system could be secured and done so reliably during the installation process.  Sure, I had scripts and other tools at my disposal, but the problem with them was that there was not consensus that the actions I was taking to secure the server was actually correct.  Additionally, what happened if the checks and remediation steps that I was performing changed?  How long, if ever, would it take me to change my scripts?

With the advent of SCAP and the associated tools, achieving compliance during installation has never been easier.  Long gone are the worries that I used to have and I can now be sure that the systems I am installing are secure from the first time that they touch the network. (more…)

After a long delay (I was moving into a new house and work keeps me very busy) here is the second part of my post on creating scale out workloads in OpenStack using Heat and Ceilometer.  In part one, we broke down the different parts of the Heat template that we will be using in this part of the posting.  We also covered how I had images and software repos configured to support the WordPress website the template will be deploying.  In this part, we will deploy the application, or stack as it is called in OpenStack lingo, and look at different ways to monitor the application to see what is going on. (more…)

Recently, I have been spending a fair amount of time tinkering with Red Hat Enterprise Linux OpenStack Platform 5 (RHEL-OSP 5) which is Red Hat’s Icehouse based offering of OpenStack.  My goal was to learn how to get OpenStack to scale workloads up and down as needed.  Elasticity like this is one of the essential characteristics of cloud computing as defined by the National Institute of Science and Technology (NIST), and is one of the capabilities that OpenStack has that traditional data center virtualization systems typically don’t possess. (more…)

Back to Basics: Creating an RPM

Posted: August 27, 2013 in Software

This upcoming Saturday, I will be at the Fredericksburg Linux Users Group ( presenting on the topic of Creating RPMs.  While not as flashy as the latest buzz in Cloud, application development or virtualization, it is a skill that can be used to package files in an easy to deploy format.  During the presentation, I will be covering what an RPM is and how to make a very simple RPM that contains exactly one executable file – kind of a spin on the ever popular “Hello World” test app.  I thought it would also be convenient to post the information that I am presenting here so that others can access it as well. (more…)