Heartbleed OpenSSL vulnerability

Tuesday, 8. 04. 2014  –  Category: stash, sw

OpenSSL advisory CVE-2014-0160 Heartbleed Here’s a oneliner to check if a remote server might be vulnerable by checking if it advertises the Heartbeat TLS extention during connection negotiation. $ openssl version OpenSSL 1.0.1e-freebsd 11 Feb 2013 $ < /dev/null openssl s_client -connect example.com:443 -tlsextdebug 2>&1 | grep -i heartbeat TLS server extension "heartbeat" (id=15), len=1 […]

/dev/tty inside LXC under libvirt on CentOS 6

Thursday, 26. 09. 2013  –  Category: sw

Search engine fodder: The stock CentOS RPMs: Sep 11 06:42:15 Installed: libvirt-0.10.2-18.el6_4.9.x86_64 don’t create a /dev/tty inside the LXC container. This breaks SSH (host key prompts), sudo (password prompt) and doubtless more things too. To fix roll something more current from Fedora: Sep 25 11:29:23 Updated: libvirt-1.1.2-3.local.x86_64 Seems the project first thought /dev/tty was a […]

IPv6 for SmartOS guest VMs on Hetzner hosts

Sunday, 25. 08. 2013  –  Category: sw

This Hetzner wiki page covers how to configure a SmartOS installation at Hetzner including how to route an IPv4 subnet to guests via the global zone. Matters are a little bit more involved for IPv6, because vmadm and friends don’t support IPv6, so you have to configure guests manually Hetzner network won’t talk to the […]