Tag Archives: CentOS

Setup an OpenVPN server with certificate and two-factor authentication on CentOS 7

Introduction My goal was to have an OpenVPN server running, to which i can connect using different ports and by pipping it over an IP over ICMP tunnel (the latter will follow in another post). Ports i want to use: 1194/udp – The default OpenVPN port 53/udp – If im lucky and the network has DNS open by default… 1195/udp … Continue reading

Posted in CentOS, Firewalls, Linux, OpenVPN, Security, VPN | Tagged , , | 2 Comments

Check if the certificate of a domain was revoked

Just had the need to quickly check if the certificate of a domain was revoked or not, and found this tutorial:  OpenSSL: Manually verify a certificate against a CRL Well done, but two problems: If the server doesn’t send all certificates (including the root CA), the verify process will fail Too much to type… So i quickly created a bash … Continue reading

Posted in Bash, Linux, Security, SSL/TLS | Tagged , , , , , , | Leave a comment

Change host name of Puppet client

Here are the steps i use to change the host name of a puppet client: On the client side stop Puppet, remove old certificates and change host name: Change the host name in /etc/sysconfig/network and /etc/hosts, then reboot the client. Remove the old certificate on the server: If you’re using Foreman, change the host name there too. Finally, initialize a … Continue reading

Posted in CentOS, Linux, Puppet | Tagged , , | Leave a comment

Limit/prevent SSH brute force attempts

If you (have to) run a public available SSH server, you may have noticed already that there are a lot of brute force attacks trying to guess a user and password (have a look into /var/log/secure ). If you did it the correct way, you only allow public keys to authenticate of course. But maybe you can’t, because the client … Continue reading

Posted in CentOS, Firewalls, Linux, Security | Tagged , , , , | 1 Comment

Slow DNS lookup on CentOS 6 machines

Slow DNS lookups can have many reasons. Mostly they are easy to fix because it simply is a wrong IP address of the DNS  f.ex. But today i had a harder one, but was easy to fix if you know how… Looking up an address with dig works all the time, but when puppet gets its plugins or other files … Continue reading

Posted in CentOS, Linux | Tagged , , | Leave a comment