Arvin's Howtos

I was setting up a Gluster cluster file system in 2 LXC containers where I ran into an error. Implementation  process 1. Install gluster-server, in both containers: $ sudo apt-get install glusterfs-server 2. Peer the gluster nodes, in container01: $ sudo gluster peer probe container02 peer probe: success in container02: $ sudo gluster peer probe container01 peer probe: success 3. Create the glusterfs manager folder, in both containers: $ sudo mkdir /gluster_data 4. Create vol1 volume, in containers01: $ sudo gluster volume create vol1 replica 2 transport tcp container01:/gluster_data container02:/gluster_data force volume create: vol1: success: please start the volume to access data 5. Start the volume, in  container01: $ sudo gluster volume start vol1 volume start: vol1: success 6. Mount the newly created shared storage vol1: $ sudo mkdir /pool1 $ sudo mount /pool1  And here, when I tried to mount the vol1, i got following error:

Snappy ubuntu core is the latest member of ubuntu family that specifically designed to run on Linux containers. To put it simple it's a stripped down ubuntu with some advanced features such as transactional upgrades/rollback to bring more stability, security with AppArmor and new snappy package manager instead of apt-get. I wanted to run snappy ubuntu on a docker container, however I couldn't find the base snappy image on the docker hub to pull. So I decided to make and push it myself to docker hub. First we need to download the Snappy image. It can be downloaded from https://developer.ubuntu.com/en/snappy/start/#try-x86 # wget http://releases.ubuntu.com/15.04/ubuntu-15.04-snappy-amd64-generic.img.xz It comes as a XZ compressed IMG filesystem dumped image. we will unzx it: # unzx ubuntu-15.04-snappy-amd64-generic.img.xz For ISO images we simply can loop mount and access them: # mkdir /mnt/iso # mount -o loop image.iso /mnt/iso And proceed to read the mounted di

After OpenSSH has been patched from vulnerable version 5 to the latest secure version 7.1p, we have encountered some connection issues with some of the clients. Error: # tail -f /var/log/messages  ... fatal: Unable to negotiate with 213.61.200.74: no matching cipher found.  Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour [preauth] Root Cause: Based on the version 7.1 release note, many ciphers have been disabled due to security issues: OpenSSH 7.1 release note:   * Several ciphers will be disabled by default: blowfish-cbc,    cast128-cbc, all arcfour variants and the rijndael-cbc aliases    for AES. Solution: Need to add legacy ciphers to sshd_config in order to support the ssh client: # vim /etc/ssh/sshd_config ... Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,aes128-cbc

After I've implemented the OpenVAS vulnerability assessment system, I've made a complete vulnerability testing on the environment for both Linux and Wintel servers. The result for the all Linux servers were Red :) Severity 10.0(High). The reason was the OpenSSH version 5. Test result: High  (CVSS: 8.5) NVT: OpenSSH Multiple Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.806052) Product detection result: cpe:/a:openbsd:openssh:5.3 by SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267) Summary This host is running OpenSSH and is prone to multiple vulnerabilities. Vulnerability Detection Result Installed version: 5.3 Fixed version: 7.0 Impact Successful exploitation will allow an attacker to gain privileges, to conduct impersonation attacks, to conduct brute-force attacks or cause a denial of service. Impact Level: Application Solution Upgrade to OpenSSH 7.0 or later. For updates refer to http://www.openssh.com Affected Software/OS OpenSSH vers