A Technical I.T./DevOps Blog
Note: This posting should help you troubleshoot many different network problems (not just those described in the problem scenario below). Possible solutions 1 through 5 are ideal for erratic nmap results (inconsistent or discrepant output).
Problem scenario
A port seems blocked on a Linux server given the results of nmap. The host appears to be down. You know this port is not blocked by intermediate routers and/or firewalls.
…
Continue reading “How Do You Troubleshoot a Network Problem?”
Problem scenario
When users run a command with “sudo ” in front of it, they are prompted for a password. They are not prompted for a password again for a while. They can go 15 minutes of using “sudo ” commands with no prompt for a password.
You want to harden your environment and make them re-enter the password every three minutes in case they leave their desk shortly after they have used sudo.
…
Problem scenario
You know how to use TLS with Node.js because of this article. You want to use TLS with Nginx to test it out with a regular web browsing session. You want to implement TLS without Node.js. How do you set up TLS (without paying a certificate authority and without Node.js)?
Solution
This assumes that port 443 is not blocked from the workstation to the Nginx server.
…
Problem scenario
You want to configure passwordless SSH between two servers such that you can log in from server A to server B with no password. You want to be able to use scp between the two servers without being challenged for a password. How do you set up passwordless SSH between them?
Solution
Assumptions
Assuming both servers have a local user account named “ubuntu”,
…
Continue reading “How Do You Set up Passwordless SSH from One Server to Another?”
Question
What is SNI?
Answer
SNI stands for server name indication (OpenSSL.org). It is an extension of TLS (Transport Layer Security). TLS is a mechanism for secure network communication (Microsoft).
When using openssl, and thus TLS, the SNI name can be a DNS name or an IP address (OpenSSL.org). TLS needed the SNI extension capability for a client server to send the hostname in the first (a “client hello” message) of three parts of the TLS handhsake process (OpenSSL.org).
…
Problem scenario
You run puppet agent -t -d and get this error:
“Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using ‘eval_generate’: SSL_connect returned=1”
What do you do?
Solution
This is more of a resolution rather than a diagnosis. The error should go away if you follow these steps.
On the Puppet agent node run these commands:
sudo cd /var/lib/puppet/ssl
sudo rm -rf *
sudo puppet agent -t -d
If you cannot find the ssl directory in the above location,
…
Problem scenario
You created a tripwire keyfile. You perform a tripwire (e.g., twprint) command but you get this error:
### Error: Keyfile Read/Write error.
### /etc/tripwire/site.key
### Exiting…
What should you do?
Solution
Use sudo before the tripwire command. This error can happen when the Linux user has insufficient permissions to perform the tripwire (e.g., twprint) command
…
Continue reading “How Do You Use Tripwire Commands without the “Keyfile Read/Write error”?”
Problem scenario
You are trying to log into a Docker registry but you get this message:
“Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.29/auth: dial unix /var/run/docker.sock: connect: permission denied”
You know the credentials are correct. What is wrong?
Root cause
It could be that your user account is not a member of the “docker” group on the Linux system.
…
Problem scenario
You install the Lua Just-In-Time package named luajit (e.g., with sudo apt-get -y install luajit). You are trying to install Snort. When you run the ./configure script, you get this error:
“
— Checking for module ‘luajit’
— No package ‘luajit’ found
CMake Error at /usr/share/cmake-3.5/Modules/FindPackageHandleStandardArgs.cmake:148 (message):
/usr/bin/luajit-2.0.4
/usr/share/luajit-2.0.4/jit
“
You tried this:
./configure_cmake.sh –with-luajit-libraries=/usr/share/luajit-2.0.4/jit/ –with-luajit-includes=/usr/bin
But that command failed too.
…
Problem scenario
You want to install Snort on a Red Hat Enterprise Linux server. How do you do this?
Solution
1. Log into the server.
2. Create a file /tmp/snortinstaller.sh with the following content:
yum -y install libdnet
yum -y install https://www.snort.org/downloads/snort/daq-2.0.6-1.f21.x86_64.rpm
curl https://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/l/libnghttp2-1.28.0-1.fc28.x86_64.rpm libnghttp2-1.28.0-1.fc28.x86_64.rpm
rpm -ivh libnghttp2-1.28.0-1.fc28.x86_64.rpm
yum -y install https://www.snort.org/downloads/snort/snort-2.9.11-1.f25.x86_64.rpm
ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
3.
…