The common scenario:
You installed Ubuntu Server and named your initial user something stupid. Now you need to change it. This is the only user with sudo permissions and if you try to change it while logged in as it, it won’t work. Here is the work around…
(more…)
I have already discussed Heartbleed in detail and have provided instructions on how to close the hole on affected server. Now that the hole is closed the final step is changing your server’s private key and “re-keying” your SSL certificates. Re-keying simply involves creating a new certificate signing request and sending it to your (most likely) external certification signing authority. Once received, they should send you an updated key pair. The last step will be telling your application that uses SSL (in this case, and many others Apache) to use the new keys. Lets dive in!
(more…)
Recently we had to wrestle with the Heartbleed bug. Heartbleed, was/is a major flaw in certain versions of OpenSSL, which is itself an “open source” project/application/codebase… This has had all of the armchair developers (myself included in that mix) either defending the concept of open-development or attacking it on grounds that it is less secure. I hold strongly to the former opinion that open development is a better way of doing things but that is rooted more in my personal philosophies (which I do believe have merit) and not exactly in some strong study on the issue itself.
A quick Google search shows me that most people don’t even think about it, they just speak their mind and move on (like so many other topics…) and as a result make a lot of idiotic statements one way or the other. Hopefully this isn’t just another idiotic statement adding to the noise :). That same search also tells me that very little hard research has been done on the matter to validate anyone’s opinions.
Well, now a critical error has been found in Internet Explorer and there has already been evidence of its exploitation in the wild. (more…)
Today I am doing a linux upgrade on an ubuntu server. One thing that commonly occurs (at least to me) is that the path:
/boot
doesn’t have enough space available for the upgrade. This necessitates cleaning it up. If you are working from the command line, learning how to do a simple “brace expansion” can save you a lot of time and typing. Let’s dive in!
(more…)
I have a single DC test environment at home and I am running on old hardware. One machine’s clock had gained 3 hours. That machine happened to be the domain controller. I am running Server 2012 R2 on all machines so i used powershell to run the following commands:
Check how far off the system time is from the ntp server at time.windows.com:
w32tm /stripchart /computer:time.windows.com /samples:5 /dataonly
Tell the system it is okay to sync its time with time.windows.com
w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update
Force the system to sync its clock
w32tm /resync
All other servers/computers in the domain sync their time with the Domain Controller that holds the PDC emulator role. This should fix time issues across the domain if run on the correct DC.
Hope you find this helpful!
PS. Traditionally you can use the command:
NET TIME /DOMAIN:<domainname> /set /y
to sync domain members with the DC holding the PDC role.
If that fails, you can force a sync to another server with either of these commands:
NET TIME \\<MACHINENAME> /SET /Y
NET TIME \\<IP Address> /SET /Y
NET TIME \\<IP Address> /SET /Y
Reference:
http://stackoverflow.com/questions/9786724/how-do-i-get-my-domain-controllers-to-sync-with-a-correct-external-time-source
http://support.microsoft.com/kb/193825