Archive for 'Rex Consulting Tech Tips'

Who Did What? Privileged Execution, and How No-Password Accounts (even for Root) Help You Achieve this

Posted by:

Who Did What? Privileged Execution, and How No-Password Accounts (even for Root) Help You Achieve this

Privileged account access is a sensitive thing today, especially with all the compliance and regulations requirements built into most corporate information systems. Even without any regulation, most good UNIX and application operations people will want to know WHO did WHAT?

In the old days (pre-sudo), there was just “su” which was used to achieve the ability to run a command as another user, typically but not always root. The “su” was logged but it still could result in a lack of ...

Read More →
27
APR
0

Categories: Rex Consulting Tech Tips

Tags: , , , , , ,

Opportunistic vs. Required TLS

Posted by:

Opportunistic vs. Required TLS

TLS is Transport Layer Security, the public version of the SSL protocol originally developed by Netscape. It’s used today to secure many client server connections over TCP/IP networks, including web (HTTP), email (SMTP), directory (LDAP) connections as well as many more types of traffic. It’s fairly easy to set up and maintain. You have to be concerned with and schedule certificate replacements and deployments, but that can be easily accomplished with a solid procedure that can be dovetailed into the ...

Read More →
19
APR
0

Categories: Rex Consulting Tech Tips

Tags: , ,

Tip: Good monitoring and alerting saves money and promotes health

Posted by:

Tip: Good monitoring and alerting saves money and promotes health

A good monitoring rig and alerting system can significantly reduce the amount of work that needs to be done to operate a client server– or cloud– application system. Without a good monitoring system, administrators must rely on hit or miss spot-checking of logs and available metrics or instrumentation. Without good monitoring, there is no way to be sure that the system is healthy. It is true that a good administrator should and will continue to spot check logs and other ...

Read More →
24
FEB
0

Categories: Rex Consulting Tech Tips

Tags: , , ,

Tip: Hide those LDAP simple authentication passwords from the command line history

Posted by:

Tip: Hide those LDAP simple authentication passwords from the command line history

If you use LDAP simple authentication, you should take care to hide the LDAP password from the command line history. A lot of UNIX shells environments are configured to save the command line history. Of course this is a very useful function, on several levels, but it can also be a system security hazard as well, if we don’t pay attention to how we use it.

In an environment like most modern identity management systems, which often use LDAP servers to ...

Read More →
23
FEB
0

Categories: Rex Consulting Tech Tips

Tags: , , ,

Tip: Think before using SAN technology

Posted by:

Tip: Think before using SAN technology

In many situations, it is difficult recommend SAN technology. The advantages of central management, ease of backup, better disk utilization are clear, but availability is not improved by SAN vs DAS. And the reason for this is that SANs do fail, and when they do, they cause an entire data center to fail. When a SAN goes down, the storage and UNIX teams are heavily overwhelmed with incidents to manage and resolve. All of the applications are down and all ...

Read More →
29
JAN
0

Categories: Rex Consulting Tech Tips

Tags: , ,

Trick: Using the Sun Directory Server Tools LDIFDIFF.PL and LDIFFSORT.PL to Verify Bulk Loads

Posted by:

These tools come from Graham Barr’s excellent perlldap (Net::LDAP) perl module. Actually these are contributed scripts that take advantage of the Net::LDAP perl module. Not only is it a good sanity check on a bulk load, but it can also be a very good tool to do an ad-hoc manual synchronization of two directories. The output of this procedure is an LDIF that can be used to bring the ...
Read More →
29
NOV
0

Categories: Rex Consulting Tech Tips

Tags: , , ,

Trick: uidNumber Attribute Auto-Incrementing Method

Posted by:

The LDAP protocol has no way to auto-increment an integer value. This is necessary for Directory-enabled applications that need to create new users with an incremented, unique value. There can be a race condition if two applications try to increment the same value at the same time. If both applications read the value at the same time, they will both end up thinking that they have the same value.

With the Sun ...

Read More →
28
NOV
0

Categories: Rex Consulting Tech Tips

Tags: , ,