What Are the Minimum Packages Necessary for Kerberos on CentOS?

Question 1:  What are the packages that must be installed on a CentOS server to have it serve as the Kerberos server?

Answer 1: These three packages: krb5-server krb5-libs krb5-auth-dialog

Question 2:  What are the packages that must be installed on a CentOS server to have it serve as the Kerberos client?

How to Install Suricata on an AWS Instance of RedHat Enterprise Linux Server

Updated 11/29/17

These directions will allow you to install Suricata.  The script in step 2 was designed to install Suricata 4.0.1 on an AWS instance of RHEL 7.4.  This script requires that your AWS RedHat Enterprise Linux server is in a security group that has access to the internet.  You do not need a subscription to RedHat packages. 

Step #1  Log into the Red Hat Enterprise Linux server. 
Step #2 

 » Read more..

Troubleshooting and an FYI Regarding OpenSSH

Problem scenario #1
You try to SSH to a Windows server with OpenSSH.  You get “Permission Denied.”
Solution
Go to the Windows server.  Go to Server Manager -Tools -Computer Management -Users and Groups.  Double click on the user you are trying with.  Uncheck “User must change password at next log on.”  This setting will not allow an SSH connection to happen.

Problem scenario #2
ssh-agent service is running on a Windows server with OpenSSH. 

 » Read more..

How Do You Create an RSA Private/Public Key Pair with OpenSSH in Windows?

Problem scenario
You have OpenSSH installed on a Windows machine.  You are in a PowerShell prompt as Administrator in the directory where the ssh-keygen.exe file is.  You run this:  .\ssh-keygen.exe -t rsa
You get “Generating public/private rsa key pair.”  No new prompt appears.  It hangs (or stalls) for a long time.  You wait, and find that it is essentially frozen.  You control-c to interrupt it and move on.

You are in a PowerShell prompt as Administrator in the directory where the ssh-keygen.exe file is. 

 » Read more..

PowerShell Can Throw a SetInfo With 0 Argument(s) Error When Creating a User

Problem scenario
You run a PowerShell script that has a command setinfo.  For example, the script is like this:

        #…
        $userName = ‘jdoe’
        $compName = $env:COMPUTERNAME
        $cona = [ADSI]”WinNT://$compName”
        $user = $cona.Create(‘User’,$userName)
        $user.SetInfo()

You get “Exception calling “SetInfo” with “0” argument(s): “The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.”

You may go to Administrative Tools ->

 » Read more..

Concerns About Creating a Docker Container With Optional Flags

Some online Docker literature suggests creating a new Docker container (e.g., the “docker run” command) with these two options:

–net=host –privileged=true

There are some caveats with these flags.  First, if you use them, within your container you can make changes to the Docker server itself.*  For some applications, this defeats Docker’s purpose.  Secondly, if the application you run in Docker becomes compromised, the entire host could be vulnerable to an attack through the Docker container.* 

 » Read more..

Ansible Managing Windows Servers

While as of right now, there is not a great way to install Ansible on Windows servers (because you have to install cygwin).  Ansible running on Linux can readily configure Windows servers and push files down to them.  There are some things to look out for when setting this up.  It is not overly documented on Ansible’s website.  Some documentation (on various websites) tells DevOps engineers (or the professional using Ansible) to use a windows.yml file in a group_vars directory. 

 » Read more..

How Do You Set Up Passwordless SSH to a Windows Server?

Problem scenario
Are are asking yourself “why am I being prompted for a password when my SSH keys were set up correctly?”  When the contents of the .pub file (the public key) are placed into the authorized_keys file (in the /home/jdoe/.ssh/ folder of a client machine), the user should be able to SSH over to the server with no password — unless the SSH key was generated with a passphrase.  Assuming the SSH key was generated with an ssh-keygen command and no corresponding passphrase was entered at the time of creation,

 » Read more..