Andreas Happe: linux
Migrating to Middleman
My blog has a history of migrations. It started as wordpress, then was converted Octopress. After Octopress was missing update-love and jekyll started to be actively maintained again it switched over to jekyll. And now, it finally is based upon Middleman. Sorry for any inconvinient bugs or layout errors that will happen during the migration. Why have I switched to middleman? as I’m a RoR devleoper it seems better suited for me.
Using a (host) reverse-proxy together with LXC application servers
The basic idea is to move application servers into LXC containers while keeping the HTTP server part (which is also responsible for hosting static files) on the host system. Normally an incoming request would be handled by an HTTP server on the host as well as by an HTTP server on the virtualized client: 1 browser -> http server(host) -> http server (guest) -> app-server (guest) I’m configuring the host HTTP server to directly communicate with the app worker, thus:
How to convert an KVM image into a LXC container
KVM was an improvement over Xen for me. Still for many use-cases a LXC are a more performance, light-weight alternative – which also seems to be en vougue nowadays. Through switching to LXC I’ve reduced my overall memory usage a bit – the main benefit is, that processes within an LXC container are separated processes within the host system. This should allow the host system to manage memory (think cache, buffers, swap, etc.
How to use virt-install to install new virtual machines within libvirt/kvm
I’ve been using KVM and virt-install to manage virtual machines on one of my servers, this post shows how to use virt-install. According to the package management system I’m having the following packages installed: 1 2 3 4 5 6 7 8 9 root@edgewalker ~ # dpkg -l | grep virt ii libvirt-bin 1.1.1-0ubuntu8.1 amd64 programs for the libvirt library ii libvirt0 1.1.1-0ubuntu8.1 amd64 library for interfacing with different virtualization systems ii munin-libvirt-plugins 0.
Rogue Access Point and SSL Man-in-the-Middle the easy way
After I’ve tried setting up a rogue access point using squid and hostapd I’ve seen that KDE’s network-manager offers host access-point functionality. How easy is it to combine this with BURP for an SSL man-in-the-middle attack? Well some GUI clicking and 3 command line invocations.. The Hardware I bought two USB 802.11n wireless adaptorts on deal extrem, so far both of them work as an access point: a small whitish one for $5.
How-to setup a rogue access point with a transparent HTTP(s) proxy
I’m always reading about dangerous rogue access points but never actually have seen one in action. So what better than create a test setup.. Hardware for this test setup will be my old linux notebook (a macbook pro) as fake access point a small deal extreme network card (Ralink 5070 chipset). I’ve actually bought three differnet wireless cards for under $20 and am trying out the different chipsets. This card is rather small (like an usb stick), so it isn’t to conspicous The basic idea is to use hostap to create a virtual access point.
How to use FakeS3 for S3 testing
I’m contributing to a secure cloud project (well, it’s not that secure yet, but getting there..). It’s backend storage options include S3 so I want to test the S3-functionality against a locally installed S3 server. I first tried to utilize OpenStack Object Storage (Swift) or Riak, but both solutions were rather heavy-weight and cumbersome to setup. Bear in mind, that I just wanted some fake S3 storage server which would be deployed within a local network (without any internet connection).
Linux: How to force an application to use a given VPN tunnel
I’ve changed my approach and am now using a simple docker setup to achieve the same result Somehow I have to use VPN services throughout the day: when pen-testing from abroads I really need to login to my company’s network first. Otherwise my provider is kinda grumpy when I’m doing fast non-cloaked scans against large companies. also when pen-testing I like to use some cloaking VPNs to test the client’s detection capabilities if I would ever use bit-torrent I’d really like to make sure that the torrent program can only communicate through a private proxy (as pia).
Git with transparent encryption
This is part three of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. git was originally written by Linus Torvalds as SCM tool for the Linux Kernel. It’s decentralized approach fits well into online OSS projects, it slowly got the decentralized OSS of choice for many.
Secure Online Data Backup using Duplicity
This is part two of a series about encrypted file storage/archive systems. My plan is to try out duplicity, git using transparent encryption, s3-based storage systems, git-annex and encfs+sshfs as alternatives to Dropbox/Wuala/Spideroak. The conclusion will be a blog post containing a comparison a.k.a. “executive summary” of my findings. Stay tuned. Duplicity is a command-line tool similar to rsync: you give it two locations and it synchronizes the first location to the second.