LMDE with Unetbootin
Finally I got LMDE installed using Unetbootin. The current update included the support.
#henrik |
development and technology stuff |
Finally I got LMDE installed using Unetbootin. The current update included the support.
Just to remember the tomcat CentOS configuration with SSL. Found this
really helpful lnks
service http
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
redirect = 127.0.0.1 8080
log_on_failure += USERID
}
Tried and tried and tried to use a proxy with CentOS for yum and friends. Environment variables, yum.conf - tried it all with no success.
Finally the solution was to use http://ntlmaps.sourceforge.net/. Works like a charm.
I had a strange behavior when I migrated VirtualBox to Windows 7. A 32 bit linux guest (CentOS, Ubuntu) started on Windows 7 resulted in a high CPU load when the guest was just idling around --> 30 to 40 % CPU utilization. The solution for my problem was to enable a second CPU for the guests. This simple change resulted in a much lower CPU utilization when the guest was idle --> 3 to 5 % CPU.
VirtualBox has a number of networking options, default is NAT. Unlike with VMWare you cannot access the guest network ports. A possible solution is to use briged networking - the guest acts like a new node on your network. This was not the way I wanted it - I was looking for a way to achieve the VMWare-like behavior. I found Marco's "My.Debian.": There is a VBoxManage command to enable port forwarding to your running guest. You can find the details here. Basically you have to define the HostPort
VBoxManage setextradata "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort" 2222
the GuestPort
VBoxManage setextradata "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort" 22
and the protocol used:
VBoxManage setextradata "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol" TCP
The settings are stored in the XML definition of your vm.
Ready to go - using SSH you can tunnel all the required ports from your guest!
Today I wanted to secure a bunch of pdf files of a php web-app. The webapp takes care of user authentication, but the pdf-files to download are just served by apache without any authentication in between. It's plain easy to add some additional authentication by means of a mod_python apache handler. The handler checks for the existance of a specific cookie - if present access is granted otherwise not.
#!/usr/bin/python
# -*- coding: UTF-8 -*-
from mod_python import apache
from mod_python import util
import time
class _Handler:
""" simple handler, which checks for a specific .php file
and forwards to a different url
"""
def __init__(self,phase,status=apache.OK,delay=0):
self.__phase = phase
self.__status = status
self.__delay = delay
def __call__(self,req):
time.sleep(self.__delay)
## check the uri
if ".pdf" in req.uri:
# check for a usermanagemet-cookie
cookie_header = req.headers_in['COOKIE']
if 'usermanagement.session' in cookie_header:
return self.__status
# no cookie available - forbidden
req.log_error('access denied because no cookie available!')
return apache.HTTP_FORBIDDEN
else:
return self.__status
return self.__status
accesshandler = _Handler("accesshandler")The handler is placed in the python site-packages and referenced in the apache config.
## handle .pdf files via the python handler
PythonAccessHandler handler::accesshandler | .pdf
Creating self-signed certs for apache on ubuntu is plain easy. I found a debuntu howto:
sudo openssl req -new -x509 -days 365 -nodes -out /path/to/cert.pem -keyout /path/to/cert.pem
After that just use the certificate in your apache config:
SSLEngine on SSLCertificateFile /etc/apache2/ssl/cert.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM
