UWOT.EU

Generate a secure SSH key

In Fedora, CentOS and probably many other Linux distros “ssh-keygen” still defaults to RSA 2048.People have not yet realized that the newer, and also faster, elliptic curve cryptography is available; even between my peers I still see that many of them are using old and insecure RSA based keys.Since SSH clients support multiple keys transitioning to newer keys can be painless:1. create a new elliptic curve key;2. do not delete the old RSA key;3. …

Posted on

Generate a secure GPG key

For some reason “gpg –gen-key” still defaults to SHA1 and RSA2048, due to the known weaknesses of SHA1 it is probably a better idea to use SHA256.First of all, we need to create a configuration file.To generate a new key type (also specify to use RSA 4096):Other useful commands are:Those two .gpg files can now be imported in Thunderbird’s Enigmail or moved to other machines to be imported in the local keyring. …

Posted on

Configure apcupsd on CentOS

Apcupsd is a powerful daemon that can be used to manage APC UPS, add epel repositories and run:To configure apcupsd edit the following file:The configuration I use is pretty simple, basically shutdown the server if the power is down for more than one minute.ANNOY flag is also disabled (set to 0) because I don’t need it on headless servers.

Posted on

APC UPS and HP server gen8 not restarting automatically when power goes back online after shutdown procedure is already starded but not completed

I have got my hands on an APC UPS and some HP gen8 server, installed apcupsd on CentOS 7, connected the USB cable and everything was working fine except for this very annoying issue I had:1. power goes down (pull the UPS power cord).2. after some minutes the UPS battery threshold is triggered and the server shutdown procedure is launched by apcupsd.3. power goes back up (plug in the power cord) while the server is already shutting down but the shutdown sequence is not yet completed. …

Posted on

OpenVPN: tun tap invalid argument (code=22)

After upgrading my OpenVPN server to CentOS 7.5 I had trouble connecting to it. Specifically, I had two different issues: ** the laptop, which is running Fedora 28, was able to connect just fine but DNS resolution was broken. ** OpenVPN for Android was also connecting just fine but reporting a weird error: OpenVPN: tun tap invalid argument (code=22). The first one was caused by me because after the CentOS upgrade procedure was completed I also run yum autoremove which deleted dnsmasq; the solution was fairly simple, reinstall and reconfigure dnsmasq. …

Posted on

Nginx, PHP-FPM, SELinux and sendmail

Since I am a real master at forgiving things I am writing this one down.PHP mail function relies on sendmail but SELinux by default block webservers from sending emails, the usual error that pop-out is:Allow webservers to send email is as easy as editing the appropriate SELinux boolean:Use “sestatus” to check SELinux booleans:

Posted on

Compile LineageOS 15.1 for Oneplus 3 on Fedora

LineageOS in Android Oreo flavor is finally here, I guess it is time to update the guide I wrote a while back.Most of the stuff is exactly the same, for the sake of simplicity this guide will be pretty much a copy and paste of the old one with just some bits changed here and there.Required packages on Fedora are (rpmfusion repo must be previously installed):For some reason the compilation process stores some temporary files in /tmp which, in Fedora, is mounted on a tmpfs ramdisk. …

Posted on

Firejail and symlink pointing outside of home directory

I normally move /home/user/Downloadsoff /home/userto a secondary mechanical drive and then symlink it back to /home/user.Firejail for security reasons does not allow whitelisting directories residing outside of the home directory, the simplest solution I found is mount Download directory using mount –bind.To make the change permanent edit fstab:

Posted on