tech

trivial command line…..

 ipmi, tech  Comments Off on trivial command line…..
Sep 112016
 

Was just noticing the shell option in ipmitool.. wondered if you could echo a set of commands to it via stdin, and sure enough… the final bit is sending it a ctrl^D via \003 and echo -e. This sends a chassis power status as well as a sol, channel, and mc info to BMC – $ echo -e "chassis power status\nsol info\nchannel info 0\nmc info\n\004" | ipmitool -I lanplus […]

 Permalink  crypto, security, tech, web  Comments Off on
Feb 052016
 

The free certs from https://letsencrypt.org/ do indeed work as described. I wanted to check them out for some public facing services I wanted to run. To get the certificate you run a program on a host that DNS resolves to the cert you want to get – so if “foo.example.com” resolves to 10.6.6.6, you need to install the cert generation program on 10.6.6.6, and have either 80 or 443 free (I […]

really, really, really nuke iptables

 code, security, tech  Comments Off on really, really, really nuke iptables
Feb 092015
 
really, really, really nuke iptables

I think this is the way to really clear out all the stuff in iptables, the arcane packet filtering thing for Linux. At least… I think. My take on it, at least. For somewhat modern Linuxes at the time of this writing, IPv4 only. Basic method: loop over all the types of tables, flushing… then loop over all the builtin tables for the various types, reset the policies… then […]

<3 Policy

 art, audit, dinosaur, philosophy, security, tech, work  Comments Off on <3 Policy
Dec 082014
 
<3 Policy

Security Policies Let us praise, slay, and bury security policies together. A security policy is perhaps the best way to deal with the security monster. It concerns itself with business and organizational issues, and is designed to assist the organization succeed in spite of human nature. I sometimes not-so-glibly say that a security policy is simply an expression of your desire. What do you want to see within your organization […]

getting tcpdump to write to pcap format

 dinosaur, tech  Comments Off on getting tcpdump to write to pcap format
Nov 032014
 

I wouldn’t think I’d be writing something like this, but….. Apple changed the default of tcpdump to writeout pcap-ng format, which wireshark doens’t understand by default. Wasn’t sure what was up, but a quick search didn’t get any hits… turns out the -y flag is the key (at least, Mavericks+.) $ sudo tcpdump -w /tmp/1 tcpdump: data link type PKTAP tcpdump: listening on pktap, link-type PKTAP (Packet Tap), capture […]

© 2012 trouble Suffusion theme by Sayontan Sinha