The Pegboard Office Desk

What does an OCD do when he has an afternoon to kill and 3 computers to setup? He does what your about to see. Total cost is approx $20.

• $10 pegboard
• $1 for each bag of wingnuts, screws and washers
• $10 for the nylon ties

So I have 3 computers. A linux box, windows box, and a linux router. They're all accessible via a 4-port KVM. This equates to a mess of power, monitor and network cables. My previous setup was with nylon zip ties, but I didn't quiet think them thru and tied & tightened all the zip ties after I was done. This didn't prove to be useful later when I needed to add or remove something. So I learned from my mistakes and hopefully this setup is much more useful.

Before:

After:


Click here to find out more. Note, to follow the process, change the smugmug style to Journal.

Daniel at Red Hat

Daniel came to stay with me for a few days. I had a spare cube next to my desk which he sat in. He 'worked' there a few days.

There was one day I was a few rows of cubes away and heard bagpipe music. I knew it wasn't one of my techs. Obviosally I walked up on Daniel to see a bagpipe video playing.

Cat with a foot fetish

Truman prefers being rubbed by feet rather than hands.

Shadowmans real body

RHN RSS feeds

Red Hat & JBoss merged recently. During that time, I was asked to look at their Operations Network. One of the things I noticed was rss feeds for their errata and releases. Why doens't RHN have that? So I made these feeds to update every 12 hours (6am EST/6pm EST).

The feeds and the script I use to make them are found here:

http://people.redhat.com/mdavis/rss/

Soon I'll make a feed for each severity.

Secure SSH without disabling ssh

I ran into a delima with wanting to secure sss. My requirements were simple:

1 - Allow ssh over port 22 for regular users
2 - Deny root for port 22
3 - Allow root on a non-standard port
4 - Managable via init scripts

The answer was to spawn a 2nd sshd on a 2nd port and deny root access on sshd port 22. But having it manged via init.d was tricky. But here's how I did it on my RHEL4 box (applical to nearly any RHEL or Fedora release).

1 - Copy /etc/ssh/sshd_config -> /etc/ssh/sshd_config.root
2 - Lock down the current sshd. Uncomment the following line:

PermitRootLogin no

3 - Specify a port in /etc/ssh/sshd_config.root other than port 22 and make sure you have PermitRootLogin set to yes or commented out.
4 - Make the following changes to /etc/rc.d/init/sshd

--- sshd.orig 2006-05-27 23:15:11.000000000 -0400
+++ sshd 2006-05-27 23:15:43.000000000 -0400
@@ -24,6 +24,7 @@
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
+OPTIONS="-f /etc/ssh/sshd_config.root"
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
@@ -104,6 +105,7 @@
do_dsa_keygen

echo -n $"Starting $prog:"
+ initlog -c "$SSHD" && success || failure
initlog -c "$SSHD $OPTIONS" && success || failure
RETVAL=$?
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd

And your done. It's a bit of a hack, but it works. Restarting the sshd service will bring down both deamons and start both daemons. You can even combine this with port knocking tricks or for the really paranoid, my recent tip about dictionary attack blocking.

Dictionary blocking with iptables

I've been looking for a working example of dictoinary attack block using iptables. This link has a working example and gave the reason why his example is different from the others you'll find online. The working example is:

# iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
# iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set

I've verified this with my personal RHEL4 installation.