Showing posts from December, 2015

Gluster filesystem mount issue in LXC container

I was setting up a Gluster cluster file system in 2 LXC containers where I ran into an error. Implementation  process 1. Install gluster-server, in both containers: $ sudo apt-get install glusterfs-server 2. Peer the gluster nodes, in container01: $ sudo gluster peer probe container02 peer probe: success in container02: $ sudo gluster peer probe container01 peer probe: success 3. Create the glusterfs manager folder, in both containers: $ sudo mkdir /gluster_data 4. Create vol1 volume, in containers01: $ sudo gluster volume create vol1 replica 2 transport tcp container01:/gluster_data container02:/gluster_data force volume create: vol1: success: please start the volume to access data 5. Start the volume, in  container01: $ sudo gluster volume start vol1 volume start: vol1: success 6. Mount the newly created shared storage vol1: $ sudo mkdir /pool1 $ sudo mount /pool1  And here, when I tried to mount the vol1, i got following error:

Create Snappy Ubuntu as a Docker Image

Snappy ubuntu core is the latest member of ubuntu family that specifically designed to run on Linux containers. To put it simple it's a stripped down ubuntu with some advanced features such as transactional upgrades/rollback to bring more stability, security with AppArmor and new snappy package manager instead of apt-get. I wanted to run snappy ubuntu on a docker container, however I couldn't find the base snappy image on the docker hub to pull. So I decided to make and push it myself to docker hub. First we need to download the Snappy image. It can be downloaded from # wget It comes as a XZ compressed IMG filesystem dumped image. we will unzx it: # unzx ubuntu-15.04-snappy-amd64-generic.img.xz For ISO images we simply can loop mount and access them: # mkdir /mnt/iso # mount -o loop image.iso /mnt/iso And proceed to read the mounted di

OpenSSH client access issues after patching to version 7

After OpenSSH has been patched from vulnerable version 5 to the latest secure version 7.1p, we have encountered some connection issues with some of the clients. Error: # tail -f /var/log/messages  ... fatal: Unable to negotiate with no matching cipher found.  Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour [preauth] Root Cause: Based on the version 7.1 release note, many ciphers have been disabled due to security issues: OpenSSH 7.1 release note:   * Several ciphers will be disabled by default: blowfish-cbc,    cast128-cbc, all arcfour variants and the rijndael-cbc aliases    for AES. Solution: Need to add legacy ciphers to sshd_config in order to support the ssh client: # vim /etc/ssh/sshd_config ... Ciphers aes128-ctr,aes192-ctr,aes256-ctr,,,,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,aes128-cbc

Building RPM OpenSSH 7.1p1 on RHEL/CentOS 6.5

After I've implemented the OpenVAS vulnerability assessment system, I've made a complete vulnerability testing on the environment for both Linux and Wintel servers. The result for the all Linux servers were Red :) Severity 10.0(High). The reason was the OpenSSH version 5. Test result: High  (CVSS: 8.5) NVT: OpenSSH Multiple Vulnerabilities (OID: Product detection result: cpe:/a:openbsd:openssh:5.3 by SSH Server type and version (OID: Summary This host is running OpenSSH and is prone to multiple vulnerabilities. Vulnerability Detection Result Installed version: 5.3 Fixed version: 7.0 Impact Successful exploitation will allow an attacker to gain privileges, to conduct impersonation attacks, to conduct brute-force attacks or cause a denial of service. Impact Level: Application Solution Upgrade to OpenSSH 7.0 or later. For updates refer to Affected Software/OS OpenSSH vers