thorko.deLinux / Unix systems administrator

Latest SysadminDB entries


Automatic updates on Ubuntu and Debian

First install the package

~$ apt-get install unattended-upgrades apt-listchanges

 

Create file /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

 

In /etc/apt/apt.conf.d/50unattended-upgrades add

# for ubuntu
"${distro_id} stable";
"${distro_id} ${distro_codename}-security";
# for debian
"o=Debian,a=unstable";
...
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::Mail "your@mail.com";
Unattended-Upgrade::MailOnlyOnError "false";
Unattended-Upgrade::Automatic-Reboot "false";



Generate a QR code to use on your android mobile to connect to your wireless network

Install qrencode

~$ apt-get install qrencode

 

To generate the QR code

~$ qrencode -t svg -o example.svg 'WIFI:T:WPA;S:My Network;P:My Password;;'

 

Make sure all the backslashes, single-quotes, double-quotes, semicolons, colons, dots, commas in your SSID and Password get escaped with a \




Poodle-Attack - Disable SSLv3 in apache, postfix, dovecot

Apache

In your site configuration add

SSLProtocol all -SSLv2 -SSLv3 +TLSv1 +TLSv1.2 +TLSv1.1
SSLHonorCipherOrder On
SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4

 

Postfix

In your main.cf file

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

 

Dovecot

In your 10-ssl.conf file

ssl_protocols = !SSLv2 !SSLv3
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_cipher_list = 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!LOW:!SSLv2:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'

 

To test if SSLv3 is disabled you can run

openssl s_client -connect www.thorko.de:443 -ssl3

 




Install dependency when compiling from source

When you install some software from source it is always a pain to get the packages which are needed for dependency. Auto-apt is a package which solves this issue.

~$ apt-get install auto-apt
~$ auto-apt update
~$ auto-apt update-local
~$ auto-apt -y -x run ./configure .....

auto-apt will check during the configure run which packages are needed and installs them automatically.




Use perl to compare version numbers

~$ perl -wle 'print 1 unless "7.0.23-1" gt "7.0.25-2"'



(c) 2014 by thorko.de