Welcome to Myatu's

The site that has been wasting bits and bytes daily, since 2008!

Most recent blog entries

Quick note: FUSE inside Proxmox LXC container

February 26, 2016 | comments

Proxmox’ LXC containers do not have the /dev/fuse device created automatically.  A quick way of doing that is by adding the following two lines to the container’s configuration on the host node (in /etc/pve/lxc/<$container_id>.conf):

lxc.autodev: 1
lxc.hook.autodev: sh -c "mknod -m 0666 ${LXC_ROOTFS_MOUNT}/dev/fuse c 10 229"

I’m using “sh -c” directly rather than a separate script, so that this configuration is migrated to other nodes in the cluster.

As a note, it should already be in the lxc.cgroup.devices.allow by default, so doesn’t need to be added again.

 

continue reading →

Quick Note: Disable SSLv3 in OpenLDAP with GnuTLS

October 15, 2014 | comments

Due to the SSL POODLE vulnerability, it is best to remove support for the outdated SSLv3 protocol.  As OpenLDAP with GnuTLS is a beast of its own, here’s the quick change to remove SSLv3 support:

cat > nossl.ldif <<EOF
dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: SECURE256:-VERS-SSL3.0

EOF

ldapmodify -Y EXTERNAL -H ldapi:/// -f nossl.ldif

And we’re done! Obviously, if you already have olcTLSCipgerSuite, then use “replace” instead of “add”.

A quick test:

~# gnutls-cli-debug -p 636 127.0.0.1
Resolving '127.0.0.1'...
Connecting to '127.0.0.1:636'...
Checking for SSL 3.0 support... no
Checking whether %COMPAT is required... no
Checking for TLS 1.0 support... yes
Checking for TLS 1.1 support... yes
Checking fallback from TLS 1.1 to... N/A
Checking for TLS 1.2 support... yes
continue reading →

Latest Tweets

 

 

Some of my projects

More projects →