DGhost's Blog

A sysadmin thoughts about the Internet and technologies…

27 February 2017
by DGhost
0 comments

Les signes d’un routeur de qualité

Il y a plusieurs mois de ça, mon routeur principale, un ubiquiti Edgepro Lite 3 ports a sauté. C’est arrivé durant une panne de courant, bien sûr, mon système de télécom est branché sur un UPS mais ca n’envoie pas le signal de faire un shutdown clean comme je le fais pour mes serveurs. Bref, lors du retour du courant électrique, mon routeur démarre mais ne fonctionne plus. Les lumières allumes mais rien ne route et je ne suis même pas en mesure de communiquer avec, que ce soit par l’interface web ou un simple ping.  Le temps étant une donnée trop précieuse pour moi, au lieu de vérifier quel était le problème, je décide simplement d’utiliser mon autre vieux router, un cisco RV042G, qui fonctionne très bien et qui surtout à encore en mémoire mon paquet de règle de firewall qui est long a reconfigurer…

Continue Reading →

20 October 2015
by DGhost
1 Comment

Active Directory ; Having problem raising forest level functionality?

I gotta say I’m having a hard time giving a good title for this post. This article is mostly a small reminder for myself after encountering small problems when I wanted to add a new Windows 2012 Server DC to an existing Active Directory domain infrastructure. I have a domain with 2 Windows Server 2008 acting as the domain controller and my main objective was to add a new DC running on Windows Server 2012 for replacing one of the old Windows 2008 server before it dies.
Continue Reading →

13 September 2015
by DGhost
33 Comments

Banning an entire country with IPTables/IPSet

A couple of years ago I would have been shocked with this simple idea. To ban an entire country from ever using the service of one of my public hosted server. I would have never proposed or even agreed to an idea like this. This was a longtime ago and now the landscape of the Internet has changed so much that I’ve been resolved to use this simple, yet so effective, solution. I mean, this goes against the basic nature of the existence of the Internet; Information wants to be free and it should be available to anyone who wants to access it, anywhere on this world. And yet, here I am today, banning whole countries forever reaching the services of web and email services on some of the servers that I managed. Why? Because I’m tired of some organizations abusing servers. I am tired of constantly checking the status of the networks I must look after. I am tired of seeing that almost 99% of time, the attacks are always coming from the same countries. So after many years of consideration, in the autumn of 2013, I finally gave in and I’ve started banning entire countries with iptables. After many months of using it, the only conclusion that I have is, why I haven’t done that before?

Continue Reading →

6 August 2014
by DGhost
2 Comments

Centralizing and simplifying your SVN administration

As a follow-up to my popular post on how to setup Subversion with SASL authentication against an Active Directory Windows Server, I’ve decided to push this further and share how I manage a high number of repositories with SVN on Linux. There are many different solutions for achieving that, everyone has their own custom solution for doing so. Mine was developed after trying some different tools and choosing the ones that did exactly what I wanted. I also had to speak with the management of the development to have their approval for putting in place a standardized way on how to manage the repositories by the leader of each development team. So that solution had some technical setup to do but it was mostly a political challenge because I was now sharing the administration of the repositories with different people. I empowered them with the tools and the rights to create and manage their own repositories. The final result of this was, of course, to have more security and more options for managing all the different projects under Subversion and less job for me. Hooray! Continue Reading →

15 July 2014
by DGhost
0 comments

Why should I switch to MariaDB?

Why indeed? That is the question I’ve been wondering myself for the past weeks. I recently had to update some MySQL servers running on Linux, these installations were an old version and I had to bring it up to one of the latest, stable version with PHP for some custom web applications. While doing this operation some weeks ago, I remembered that there was this hot new thing (released in 2009, already) called MariaDB that was created by the original author of MySQL – Michael “Monty” Widenius – who abandoned the ship when MySQL was bought from Oracle (inserting the obligatory Star Wars theme, the Imperial March here). The acquisition from MySQL to Oracle is a little bit more complicated than this resume. So while doing the upgrade, I remembered that I had on my – never ending – to do list, try this thing called MariaDB. Not on a production system, but on a less mission critical server for a starting point to see, what was the big fuzz about this… thing… Continue Reading →

10 April 2014
by DGhost
0 comments

La fin d’une génération du SSL

La sortie publique il y a quelques semaine de l’existence de la faille de la librairie du OpenSSL, baptisé “heartbleed” m’a rappelé que depuis un certains temps je voulais écrire sur le SSL et par la même occasion faire l’oiseau de malheur sur son future. Donc laisser moi ouvrir ma prophétie sur cette affirmation :

Oyez Oyez brave gens! Sachez que le système d’encryptage le plus populaire sur Internet est promue à l’échec! Continue Reading →

16 November 2013
by DGhost
10 Comments

The power of Fail2ban

Fail2ban might be, in my own humble opinion, the most useful software that was made for Linux. If you are managing a Linux server that is opened on the Internet, you should know that at any time, there is a bot (run by someone) somewhere on this planet, trying to get in the server by brute forcing an account. In this post I will talk how Fail2ban works, what you need to run it, give some example on how to use it and how you may improve the security of your Linux server by using it. I will use for the demo the SSH service, which is the most used one and will also explain how you can secure a mail server with all of the services attached to it, POP3, IMAP, SMTP and authentication and how you can also fight against spammer. Continue Reading →

2 November 2013
by DGhost
0 comments

Linux pour faire fonctionner l’Internet?

Je ne pourrais dire combien de routeurs, firewall (pare-feu) ou switchs (commutateurs) que j’ai configuré à date dans ma vie mais le nombre est déjà élevés. Les marques et modèles disponibles qui nous sont offerts sont énormes et faire son choix pour l’un de ses appareils est très difficiles. Sauf quand notre première prérogative est le prix.

Continue Reading →

23 October 2013
by DGhost
0 comments

La guerre des terres rares commence au Québec.

Si vous n’êtes pas au courant de ce que sont les terres rares je vous suggères fortement de regarder le reportage de l’émission “Enquête” sur les terres rares. Le reportage (présenté en 4 partie sur le web) est une production française. En bref, les terres rares sont un groupe de métaux (tel que l’europium, le terbium, le samarium, le cerium, le gadolinum, lutecium, il y en a 17 en tout) qui sont soutiré du sol sous formes de terres et doivent être par la suite traitées et purifiées. Les terres rares sont utilisés principalement dans tout les appareils de hautes technologies, télévisions, téléphones intelligent, tablettes, disques durs, voitures électriques, machine à laver et j’en passe. On ne peut plus s’en passer aujourd’hui puisque nous sommes rendu dépendant de nos jouets électronique.

Continue Reading →