Posts tagged SysAdmin Golf
So, I got a little tired of FTP and SSH brute force attempts. I know that if you have strong passwords on your system, you can safely ignore them, and on customer systems behind real firewalls, I do so. However, on my personal systems, I have 0 problem blocking people who annoy me. So I installed pfBlocker on my virtual firewall to see what I could do.
pfBlocker is a package that has blacklist functions that supersede a couple older packages. I initially installed it a replacement for CountryBlock. The first thing I did was go through my logs and see which countries were the most obnoxious. China was the first to go, followed by Southeast Asia, and Venezuela. Sorry, I don’t want you accessing my network.
That allow took care of 70% of my attempted exploits. There are, however, plenty of compromised machines in the United States of America, so I had to think of something else.
Recently I had a bit of a conundrum – I wanted to offer web-based FTP access to my friends who host on my personal cluster but I didn’t want to run a web server on that centralized machine. (disclosure: I have a vmForge VDC from ipHouse so I can rapidly prototype as needed)
Long story short, I decided to use relayd to answer on the outside interface for port 80 on the IP assigned to the file-server, and use phpWebFTP (looks ugly, works well) on my webcluster. I, however, wanted to use SSL for this server, which brought up its own challenge. How do I tell my Apache front-ends to serve up a different cert for this IP address. After some experimentation, I discovered the right process.
Some of us took the time last week to create something new. I chose to challenge myself by designing a system I had not built before and that I am not ready to share… quite yet. :) But I do want to share something about the design process in very general terms.
The lesson I learned: Feature freeze is a good thing. Know when to stop fixing.
Now early in the project, I had a pretty good idea of what pieces needed to go together but I did not have a very good idea of how to get there. I put down a quick design and while I was doing that I started to see problems..
- Pieces did not fit together.
- Some things were missing.
- This was not going to work.
Time to start learning. I love learning.
I don’t think anyone would disagree that the documentation for CloudStack still needs work. But all the documentation in the world can’t help if you decide to skip important sections.
So, we’ve been working real hard here at ipHouse figure out ways to help customers move machines into our vmForge VDC product. VMware Converter works for Windows machines, (allegedly, I’m going test it soon) but isn’t so helpful with Linux machines. After wracking my brain, I thought about the various tools used to clone Linux boxes. I’m familiar with dd, a block level disk copying tool, and tried to find a way to use dd to create a VMDK, that I could then convert into a OVF and upload. (more…)