Great South Run 2014

Great South Run weekend is here! Today we had the 5k run which Laura, Anne and Des took part in and all did very well, and Abi’s 1.5k Mini Run – even Jessica was enjoying running on the race track they had there and is keen to do the mini run next time round.

Now all that’s left is my one tomorrow – I’m going to be running the 10 mile Great South Run for the first time to raise money for gain. If the technology works you should be able to watch live at http://runkeeper.com/user/rickymoorhouse and you can sponsor me at http://justgiving.com/rickymoorhouse . I’ll update this again tomorrow after the race!

Disabling SSLv3

With POODLE the time has come to disable SSLv3 everywhere. There will be clients that break and need fixing but it needs doing. You can read more details and background on the vulnerability.

Here’s a few useful snippets from my experience with it this week:

Apache

Make sure the combination you have for the SSLProtocol line disables SSLv2 and v3 – something like:
SSLProtocol All -SSLv2 -SSLv3

DataPower

Ensure your crypto profiles have SSLv2 and v3 disabled in the options line:

  switch <domain>
  co 
  crypto 
  profile <profile>
  option-string OpenSSL-default+Disable-SSLv2+Disable-SSLv3
  exit 
  exit 
  write mem 

Java

If you have problems with handshakes from Java client process force the protocols to use with
-Dhttps.protocols=TLSv1

nginx

Make sure the ssl_protocols line in your SSL configuration doesn’t have SSLv3 in it.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

nodejs

Make sure you don’t have secureProtocol:SSLv3_method anywhere in https options – use TLSv1_method instead if it’s really needed.

Websphere

See Security bulletin

Review of Elasticsearch Server 2nd Edition

Elasticsearch Server Second Edition is a good book to read if you’re getting started with Elasticsearch or considering using it. It goes through all the main areas of getting your data indexed and then searching and analysing it.

The book is well written and easy to read through and serves well as a reference guide to refer back to later. It has helped me get an overview of some of the features of Elasticseach that I’ve not yet used, some of which I hope to explore in further depth following on from the examples in the book. All of the chapters in the book include useful references to sources for further information on the topic covered and for more in-depth coverage the authors recommend going on to read their other book, Mastering Elasticsearch which I hope to read as well as a follow on.

Recovering encrypted filesystems

  1. Boot from Live CD / USB
  2. Decrypt the filesystem
    cryptsetup luksOpen /dev/sda5 *hostname*
    
  3. Mount filesystems
    mount /dev/dm-2 /mnt
    mount /dev/dm-3 /mnt/home
    mount /dev/sda1 /mnt/boot
    mount --bind /dev /mnt/dev
    mount --bind /sys /mnt/sys
    mount --bind /proc /mnt/proc
    
  4. Enter chroot
    chroot /mnt

/etc/crypttab should have: sda5crypt UUID=*sda5uuid*