The recommended approach for CentOS-6 is to use livecd-iso-to-disk from livecd-tools with DVD1. This has been tested with livecd-tools-13.4-1.el6 from EPEL. Thanks to forum user AndrewSerk for the recommendation in a forum post.
Building a distribution on a USB key as of CentOS 6.2 – thanks to Mark Roth for the CentOS-6 procedure, and to Yves Bellefeuille on the CentOS-Docs list for several additions and corrections. 继续阅读
We generally do both dedicated and VPS hosting for our websites, apps and some premium projects we run for others.When we choose to have VPS servers (aka virtual machines or VMs for short) instead of dedicated servers, we usually opt for VMware‘s free ESXi 5 and install Ubuntu Server as the OS for the VPSs we create on top of ESXi 5. It may not be as friendly as some VPS providers like Amazon, Rackspace etc. but you got more control and it’s on YOUR hardware (pretty important actually!)…
Now, when you build a VPS on VMware, you start with say 40GBs of hard disk space. You install the OS, setup the server, move the sites on this new server and you’re on. But what happens when there’s no more room on the server for your site or sites and you need to add more disk space?
The goal of this document is to help operational teams with the configuration of TLS on servers. All Mozilla sites and deployment should follow the recommendations below.
The Operations Security (OpSec) team maintains this document as a reference guide to navigate the TLS landscape. It contains information on TLS protocols, known issues and vulnerabilities, configuration examples and testing tools. Changes are reviewed and merged by the OpSec team, and broadcasted to the various Operational teams. 继续阅读
There are many wordy articles on configuring your web server’s TLS ciphers. This is not one of them. Instead I will share a configuration which is both compatible enough for today’s needs and scores a straight “A” on Qualys’s SSL Server Test.
Disclaimer: I’m updating this post continually in order to represent what I consider the best practice in the moment – there are way too many dangerously outdated articles about TLS-deployment out there already.
Therefore it may be a good idea to check back from time to time because the crypto landscape is changing pretty quickly at the moment. You can follow me on Twitter to get notified about noteworthy changes.
If you find any factual problems, please reach out to me immediately and I will fix it ASAP. 继续阅读
GnuTLS has a command line app gnutls-cli that can inspect any various SSL or TLS connections. Check it out!
On Debian, install the gnutls command line tools with:
$ sudo apt-get install gnutls-bin
Let’s check out the scottlinux.com TLS connection over port 443. The tack d is debug, and then debug level 5 here. 继续阅读
This issue occurs if the virtual machine Configuration Parameter isolation.tools.setinfo.disable is set to True. When configured this way, the guest operating system does not pass IP Address and DNS Name information to the ESXi/ESX host for display in vCenter Server. Newly created virtual machines without this virtual machine Configuration Parameter set to True do not exhibit this problem.
Note: It is not required for the vCenter Server to be apart of the domain for the fully qualified domain name of a managed virtual machine to be displayed; however, if the virtual machine is not member of domain, then DNS name on virtual machine’s Summary tab will display the hostname only. 继续阅读
本文以通俗的方法阐述 udev 及相关术语的概念、udev 的配置文件和规则文件,然后以 Red Hat Enterprise Server 为平台演示一些管理设备文件和查询设备信息的实例。本文会使那些需要高效地、方便地管理 Linux 设备的用户受益匪浅,这些用户包括 Linux 最终用户、设备驱动开发人员、设备测试人员和系统管理员等等。
概述:
Linux 用户常常会很难鉴别同一类型的设备名,比如 eth0, eth1, sda, sdb 等等。通过观察这些设备的内核设备名称,用户通常能知道这些是什么类型的设备,但是不知道哪一个设备是他们想要的。例如,在一个充斥着本地磁盘和光纤磁盘的设备名清单 (/dev/sd*) 中,用户无法找到一个序列号为“35000c50000a7ef67”的磁盘。在这种情况下,udev 就能动态地在 /dev目录里产生自己想要的、标识性强的设备文件或者设备链接,以此帮助用户方便快捷地找到所需的设备文件。 继续阅读