Showing headlines posted by relst

This article sets up a Nitrokey HSM/SmartCard-HSM web cluster and has a lot of benchmarks. This specific HSM is not a fast HSM since it's very inexpensive and targeted at secure key storage, not performance. But, what if you do want more performance? Then you scale horizontally, just add some more HSM's and a loadbalancer in front. The cluster consists of Raspberry Pi's ...

This is a guide to get started with the NitroKey HSM (or SmartCard-HSM). It covers what a HSM is and what it can be used for. It also goes over software installation and initializing the device including backups of the device and keys. Finally we do some actual crypto operatons via pkcs11, OpenSSH and OpenSSL.

I have several email accounts at different providers. Most of them don't offer filtering capabilites like Sieve, or only their own non exportable rule system (Google Apps). My mail client of choice, Thunderbird, has filtering capabilities but my phone has not and I don't want to leave my machine running Thunderbird all the time since it gets quite slow with huge mailboxes. Imapfilter is a mail filtering utility written in Lua which connects to one or more IMAP accounts and filters on the server using IMAP queries. It is a lightweight command line utility, the configuration can be versioned and is simple text and it is very fast.

One of my Raspberry Pi's would not boot up after a reboot. The SD card was corrupted, sadly beyond repair. This article walks you through the steps I took to try to fix the SD card, including fsck, badblocks and other filesystem utilities. It also has tips to reduce the writing on the Raspberry Pi, this to save SD cards from some amount of wear and thus possible corruption.

This is a response on a great article from Pascal Bourguignon, namely how to run Emacs as PID 1. As we all know, nobody uses emacs. No, all joking aside, I found it to be a good article and wanted to see how I could do that with Vim. Not in User Mode Linux, but by creating an actual ISO. Boot to Vim, as you might want to call it. This is actually fairly simple. Compile vim statically, set it as init= at boot and you're done. We are going to use small 9MB distro named Tiny Core, Core edition and customize that to boot right into our static build of Vim.

This is a guide on installing the latest Nagios Core (4.0.8) on Ubuntu 12.04 and 14.04. Nagios is an open source computer system monitoring, network monitoring and infrastructure monitoring software application. Nagios offers monitoring and alerting services for servers, switches, applications, and services. It alerts the users when things go wrong and alerts them a second time when the problem has been resolved. The version in the Ubuntu 12.04 repositories is quite old, it is still the in the 3 branch. This guide helps to fix that by using the latest Nagios version. We also install Nagiosgraph, a plugin for Nagios which gives you graps of the metrics.

This is a guide on setting up an IPSEC/L2TP vpn server with Ubuntu 14.04 using Openswan as the IPsec server, xl2tpd as the l2tp provider and ppp or local users / PAM for authentication. It has a detailed explanation with every step. We choose the IPSEC/L2TP protocol stack because of recent vulnerabilities found in pptpd VPNs and because it is supported on all major operating systems by default. More than ever, your freedom and privacy when online is under threat. Governments and ISPs want to control what you can and can't see while keeping a record of everything you do, and even the shady-looking guy lurking around your coffee shop or the airport gate can grab your bank details easier than you may think. A self hosted VPN lets you surf the web the way it was intended: anonymously and without oversight.

Because of a [bug in mpd][1] which is fixed in 10-STABLE I wanted to move one of my FreeBSD machines from 10.0-RELEASE to 10.0-STABLE. The process to do so is fairly simple. Basically, you check out the new source code, build the world, build the kernel, install the kernel, install the world, merge some stuff and reboot. Read on to see the enitre simple process.

This article shows you how to manually verfify a certificate against an OCSP server. OCSP stands for the Online Certificate Status Protocol and is one way to validate a certificate status. It is an alternative to the CRL, certificate revocation list.

This tutorial shows you how to get an A on the SSL Labs test using the Apache2 webserver. We do this by disabling CBC based chipers to mitigate the BEAST attack, disabling SSL Compression to mitigate the CRIME attack, disable SSLv2 and below because of vulnerabilities in the protocol and we will enable Perfect Forward Secrecy when possible. This way we have a future proof ssl configuration and we get an A on the Qually Labs SSL Test.

NoPriv.py is a python script to backup any IMAP capable email account to a HTML archive, nicely browsable, instead of weird folders (Maildir), one huge file (mbox), only needing a web browser to view (thunderbird) and no propritary code, so you can make sure I won't steal your password.

This is a script which checks a file's md5 hash, compares it to a previous (or given) hash and mails a report with the option of attaching the file with the email. I wrote it because I use AIDE on some systems, and I let it auto update the database. This script runs via cron before and after the AIDE run, so I have an archive of databases. But it can be used for all kind of files, not just for the AIDE database.

This is a nagios plugin to check an OCSP server. It does so by having a PEM encoded certificate in the code, and the PEM encoded certificate of the issuer. This is sent to the OCSP server and the response is then parsed to give the correct nagios result. It is targeted at administrators who have their own OCSP and need to know when it is not working. The certificate is in the code because this saves going to a website and getting the certificate, the issuers certificate and then sending that to the OCSP server. It also can be used for certificates which are not public.

This guide is an introduction to Tahoe-LAFS, a distributed, redundant, and encrypted storage system - some may call it 'cloud storage'. Tahoe-LAFS is a Free and Open cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire filesystem continues to function correctly, including preservation of your privacy and security. This guide will help you with installing and configuring your own distributed, redundant, and encrypted storage system!

This is a guide on setting up a IPSEC/L2TP vpn on Ubuntu 12.04 using Openswan as the IPsec server, xl2tpd as the l2tp provider and ppp for authentication.

We choose the IPSEC/L2TP protocol stack because of recent vulnerabilities found in pptpd VPN's.

This is a cheatsheet for ed. It includes basic opening, saving, editing, moving around and regex for ed. ed is a line editor for the Unix operating system. It was one of the first end-user programs hosted on the system and has been standard in Unix-based systems ever since. ed was originally written in PDP-11/20 assembler by Ken Thompson in 1971.

This is an article about Ansible. Ansible is a radically simple model-driven configuration management, deployment, and command execution framework. I'll give an overview on how I use it, give an install and setup tutorial, give example commands and have example playbooks.

This is the short linux and open-source news overview for week 35 of 2012. It features small articles bundeling (important) open source related news in one page. This week includes a video with Stephen Fry on OggCamp, Lazarus, FreePascal, Wine, OpenEMR, Firefox, Thunderbird, Java, Ubuntu, Linux Mint and more...

Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location, while feeling as close to a real desktop application as possible. I will go over the features of TIny Tiny RSS, compare it to Google Reader and write some things I like about it, and things I miss about it.

This is the short linux and open-source news overview for week 32 of 2012. It features small articles bundeling (important) open source related news in one page. This week includes the Common Desktop Environment, A new tool I've written, Nautilus fork Nemo, a new release of Damn Small Linux, ClearOS 6.3, Scientific Linux 6.3, Roundcube 1.8, NVIDIA screwing up their driver, Cyanogenmod 9, Textmate and more...