29 Jan 2012

Postfix Dovecot User Admin Script 

By - scripts No Comments

While working on a postfix/dovecot non-mysql virtual domain configuration, I needed a simple admin script to add new users. The script below is what I came up with after about 30 minutes.

I was unable to find something that met my needs on the interweb, so I hope this post finds someone else in need!

Please submit bugs/suggestions to: nick.wilkens@mnxsolutions.com

Read more

11 Jan 2012

Terabytes on a budget – 106TB for $8788 

By - storage 1 Comment

When working with a client, we were discussing storage for an application they have developed. Storage price was a key component for success of this product. I read the BackBlaze posts here, and here — but I wanted a mix of cost savings, off the shelf parts, and hot-swappable drives.

Read more

13 May 2011

Two Factor SSH Authentication with Duo Security 

By - Linux, puppet, Security 1 Comment

As is probably obvious from our blog posts on Yubikey SSH/WordPress two factor authentication and Google Authenticator SSH two factor authentication, we at MNX Solutions are big proponents of multi-factor authentication schemes to add security to infrastructure. On the other side of things, though, we have to be agile system administrators in order to offer customers efficient and timely service when a problem occurs. While we still really enjoy our Yubikeys (especially for WordPress), we’ve found that the offering from Ann Arbor, MI based Duo Security is the one for us.
Read more

21 Apr 2011

Designing for failure with Amazon Web Services 

By - Amazon No Comments

Avoid single points of failure. You can and should assume everything will fail.

Start by listing all major points of your architecture, then break it down further, and then maybe one more level. Now review each of these points and consider what would happen if any of these failed.
Read more

21 Mar 2011

Securing SSH and WordPress with two factor authentication 

By - Security 4 Comments

I wrote a post about using Google Authenticator for SSH a month ago. After writing this post, I started looking at other solutions in the space for two factor authentication.

YubikeyYubikeys are USB based, and require no device drivers. They work with Mac, Linux, or Windows and are priced starting at $25 each. Compared to the security gained — Yubikeys are inexpensive.

If your going to be at the Indiana Linux Fest this coming weekend (March 25-27th 2011), stop by and visit us — we have extra Yubikeys to spare.
Read more

21 Mar 2011

Safari providing an SSL error “client certificate rejected” when other browsers work 

By - Apache, Quick Tip 1 Comment

If you’re receiving an error message such as:

Safari can’t open the page “https://example.com”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message.

It’s likely because the web server you are connecting to has Apache configured for “SSLVerifyClient optional”. It appears that with Safari 5 (or perhaps even earlier) the browser will negotiate client certificates improperly with the web server. While other browsers like Google Chrome and Firefox will not have an issue, Safari is rendered incapable of connecting to these sites without a server-side change.

Once you alter the Apache configuration to ‘none’ rather than ‘optional’, the browser will once again be able to connect as expected.

If anyone has experienced this issue or knows of a work-around for the Safari side of the equation, please comment!

18 Mar 2011

How little you know, and some useful commands for the week 

By - Quick Tip 5 Comments

Early in my career, I was writing a shell script and needed to print a line-number for each line in a text file. I ended up coming up with some function that did just what I needed.

I don’t recall the exact method, but it was something like:
Read more

18 Feb 2011

Two Factor SSH with Google Authenticator 

By - Security 24 Comments

Last week, Google enabled two factor authentication for everyone. This article explains how to install and configure Google Authenticator in conjunction with SSH for two factor authentication. Two-factor authentication relies on something you know (a password) and something you have (your phone).
Read more

16 Feb 2011

Automatically purge old configuration from Nagios deployed by Puppet 

By - Linux, puppet, Quick Tip 3 Comments

A problem that Puppet administrators have likely noticed when deploying its built-in Nagios functionality (called Naginator) is that creating configuration is very easy but ‘cleaning’ old configuration isn’t as straight-forward. If you are like me, you’d delete the affected file(s) that had cruft and let Puppet re-build the service configuration without the old services or hosts. Read more

01 Feb 2011

MNX Solutions YUM Repository: Puppet, mCollective, ActiveMQ, Foreman, & More 

By - puppet 1 Comment

To help the community deploy software that we actively use here at MNX Solutions, we’ve decided to create a public yum repository for packages that are generally found spread across many separate repositories. By organizing these open-source offerings in one location, we hope that people will be more inclined to deploy great technologies such as Puppet, Puppet Dashboard, mCollective, and Foreman.
Read more