I have been investigating IBM End Point, which appears at first gance to be a fantasic tool. The help for Linux clients appears to be a little
light (or am I missing something?) but in order to install the End Point Client onto Linux you run the following commands:
I have placed the masthead and actionsite files onto my NAS for ease of use, but they are located in the following location on a standard
I am building a lot of temporary hosts at the moment and being able to install them as quickly as possible is always good. So I have decided to
install a PXE server that will allow my installations to install without human intervention.
To setup this you need an existing host that contains a mirror of Centos (you can get away without a mirror but syncing a mirror is so much faster than
going out onto the internet to download all the necessary patches that may be required). If you do setup a mirror allocate about 150Gb of Diskspace to
the mirror and sync it every evening using rsync.
On the host execute the following command:
Once the server is installed execute the following command:
To copy the files to enable the clients to boot execute the following commands:
NOTE: TFTP does not seem to work with symlinks so the files need to be copied.
When the server boots it will attempt to use it’s MAC address to determine what boot configuration it would use and will fall back onto a configration called “default”:
The above example will automatically install Centos using a kickstart file that configures it as per our build standards.
To ensure that the above is picked up, add the following line to your dnsmasq configuration file:
Where the PXE server is nas.justnudge.com with an IP address of 192.168.1.50.
We have been doing some work recently with Amazon Web Services and noticed that it now supports using Google Authenticator for two
factor authentication. For those that don’t know, the Google Authenticator is an application that you install onto your Android or
iPhone which acts like an RSA token, providing a random number that changes every 30 seconds.
When I saw that Amazon had integrated it into AWS it got me thinking that we could use it to secure some of our perimeter Centos hosts
using an SSH PAM module. A little bit of searching showed that this was possible and this post details how it was done.
Install Centos 6.2.
Download the source for the PAM module here.
Unpack the installation running the following command:
Change to the extracted directory and execute the command make install:
Installing the PAM module
Backup the file /etc/pam.d/sshd and add the following lines to it:
Backup the file /etc/ssh/sshd_config and ensure the following lines are present:
Once these changes have been made restart SSH by executing the following command:
Setting up the key for a user
su to the user that you want generate the token for and execute the google authenticator command::
You will notice above that it displayed a secret key and a URL, open the URL and it will show you 3D barcode.
Open the authenticator application and click the Scan Barcode button and scan the barcode from your screen.
You should then see the counter for the application.
Open up a new SSH terminal (such as Putty) to the host and login as the user that created the token above.
Enter the verification code from the Google authenticator.
Enter the users password.
All being well you should be able to login as shown below: