Security

Articles related to Security

OpenSSL Certificate Authority

How to run your own internal certificate authority using OpenSSL. When using SSL/TLS security internally you may want to set up your own certificate authority. Whether this is for a VPN, Secure Email or HTTPS the certificate authority is setup in the same way. In fact anywhere you can control or have a relationship with both ends of the secured connection you can use your own authority. Why pay verisign to add trust to an already trusting relationship?
 
 

Cisco Port-Security

How to set the number of mac-addresses allowed on a secure switch port. This is useful if you have setup swtichport security, but want to allow one or more ports to be used by multiple machines or virtual machines. This is how you enable more than one mac-address on a port.
 
When you have logged onto the switch and entered the enable mode. Enter the configuration terminal,
 
    conf term
    interface <interface name>

Solaris, Apache and mod_SSL

There is some kind of incompatability between the solaris yacc pre-processor and GNU flex when building mod_ssl. Also mod_ssl requires the GNU version of m4 and will not compile with the Solaris version.
 
M4 Failure 
If your build fails at "flex -Pssl_expr_yy -s -B ssl_expr_scan.l" with error "m4: bad option: -P"
then you are using the Solaris m4. Install the GNU m4 and ensure it is in your path before /usr/ccs/bin/m4
 

Solaris password history

Solaris 9 is a little confused when it comes to security. It implements some cool features likes roles, RBAC and BSM auditing, but doesn't include decent password strength or password history checks. Luckily Solaris 9 does include PAM so these things can be added as modules. 
 
Password cracking is easy, we just need to add a Solaris version of pam_cracklib, but I was unable to find a suitable module for password history. I decided to modify the pam_cracklib module  to include a password history check...