Tuesday, 10 May 2011

Use of yum priorities

Some time ago I faced a need to have some useful tools installed with the stable core packages on my CentOS servers. How I did it? I've added an rpmforge repository to the yum configuration and disabled it with enabled=0 in the repository configuration, because if you leave it enabled, some packages that you need to be more stable could be upgraded with the newest versions from rpmforge. Then, when I need to install something out of the main, I did it like that:

# yum --enablerepo=rpmforge install some-tool

Of course it was inconvenient, I had problems with updates and so on.

Then, a single look on the yum documentation showed me the yum-priorities package.
Now I have all the repositories enabled and prioritized. For example, the [base] repository has priority=1 and [rpmforge] has priority=20.
This way, yum update will not replace httpd with the latest version from rpmforge, and  yum install htop  will succeed. Of course, you can make it in another way. For example, you can add a PostgreSQL repository and make it higher priority than base/updates - this way you'll always keep your postgresql packages up-to-date using just  yum update  without a need to upgrade it manually.

Monday, 9 May 2011

Altuscan firmware upgrade

Well, let's put the next note here.

And the topic is: upgrade the firmware sequentially.

Today I've faced some problems with an Aten KL9116 KVM. I went to the firmware download page and have downloaded the last FW available (it was 1.0.081).
First, when I tried to upgrade it from version 1.0.068 right to 1.0.081, the window with the upgrade process stopped at 50% progress.  Then, I tried to reset the device and restart the upgrade. But, even after I've got a message about the upgrade success and after the device reset, the firmware still was the 1.0.068 version. Then, I've got the previous FW (V1.0.069) and tried to upgrade with it - upgrade succeed. Then upgrade from V1.0.069 to 1.0.081 - successful again.

Unfortunately, the manual doesn't make it clear that the firmware should be upgraded sequentially. Hope this post will.

Tuesday, 3 May 2011

Complicated passwords - it's easy!

I've decided to write about the passwords in a first post, because it's something I think about almost every day. Maybe, because people around me just thinks that hard passwords are hard to remember, so a "small" chance to have their passwords stolen don't worse the real danger to forget it. I'm facing the weak passwords issues pretty often, and every time I say a magic phrase: "mnemonic formulas". "What is it?" asks users. "It's something that will help you to have the complicated unique passwords for every site you're visiting". I will not come up with my own definitions and descriptions and just put some quotations below.

So, the first result of the google search for "password mnemonic formulas" gave me this document with a simple definition:
A Mnemonic Password Formula, or MPF, is a memory technique utilizing a predefined, memorized formula to construct a password on the fly from various context information that the user has available.
Actually, information in the document is enough to understand how it works, I just to put here a quote with a simple formula example:
A Simple MPF
The following simple formula should be sufficient to demonstrate the MPF concept.
Given the authenticating user and the corresponding authenticating system, a formula like that shown in the following example could be constructed. This example formula contains two elements: the user and the target system identified either by hostname or the most significant octet of the IP address.
< user >! < hostname|lastoctet >
The above MPF would yield such passwords as:
• ”druid!neo” for user druid at system neo.jpl.nasa.gov
• ”intropy!intropy” for user intropy at system intropy.net
• ”thegnome!nmrc” for user thegnome at system nmrc.org
• ”druid!33” for user druid at system
This simple MPF schema creates fairly long, easy to remember, passwords that contain a special character. However, it does not yield very complex passwords. A diligent attacker may include the target user and hostname as some of the first combinations of dictionary words used in a brute force attack against the password.
Due to the fact that only the hostname or last octet of the IP address is used as a component of the schema, passwords may not be unique per system. If the same user has an account on two different web servers, both with hostname ”www”, or two different servers with the same last address octet value within two different sub-nets, the resultant passwords will be identical. Finally, the passwords yielded are variable in length and may not comply with a given systems password lengthpolicies.
 Generally - that's it. Stay secured!