http://equivocation.org/blog The default view for the equivocation blog en http://equivocation.org/node/124 <p>It is quite common, and can be very effective, to use alternative/non-standard ssh ports to avoid port scans. Normally ssh listens for incoming connections on <a href="http://en.wikipedia.org/wiki/TCP_and_UDP_port">port</a> 22. As this is its published port number it is easy for people and software to connect to this port and try random or typical user names and passwords (e.g. "root" user with password "password"). To make this more difficult ssh can be set up to listen to a non-standard port so that only those who know which port it is can connect quickly and easily. This technique is one I have used successfully for many years. With the release of Fedora 9 and the expansion of its SElinux policy, getting ssh to listen on alternative ports requires an additional step.</p><p><a href="http://equivocation.org/node/124">read more</a></p> general selinux Sat, 07 Jun 2008 09:34:05 +0000 anaru 124 at http://equivocation.org http://equivocation.org/node/122 <p>In Fedora 9, kernel based virtual machines (KVM) are now constrained within SELinux. This is a good thing as it means any security bugs in the KVM/qemu infrastructure are less likely to impact on the host system. However, when moving from earlier versions of Fedora the KVM guest image files (e.g. of the form opensolaris.img) will probably be labelled with the wrong SELinux type which will prevent the guests from running on Fedora 9. To see the SELinux type labelling you can use the -Z option to the normal <code class="bin">ls</code> command:</p><p><a href="http://equivocation.org/node/122">read more</a></p> general kvm Sat, 31 May 2008 13:48:29 +0000 anaru 122 at http://equivocation.org http://equivocation.org/node/118 <p>Upgrading from Fedora 8 to Fedora 9 is fairly <a href="/node/117">straight forward</a> on the Dell XPS M1330. During the <a href="/node/96">Fedora 8 release</a> the UVC driver for the integrated web cam became part of the standard kernel, so by the time Fedora 9 came along, all the hardware was working under Fedora 8 with no major tweaking required. Fedora 9, however, introduces a couple of new quirks.</p><p><a href="http://equivocation.org/node/118">read more</a></p> general fedora Sun, 18 May 2008 19:43:00 +0000 anaru 118 at http://equivocation.org http://equivocation.org/node/117 <p>The new <a href="http://fedoraproject.org/wiki/Features/PreUpgrade">preupgrade</a> tool, available as a package on both Fedora 8 and 9, allows you to download and install all the necessary rpms required for upgrading from Fedora 8 to 9. This tool not only can save on media downloads, but also allows you to continue to use Fedora 8 while all the packages are being downloaded and prepared for Fedora 9.</p><p><a href="http://equivocation.org/node/117">read more</a></p> general fedora Sun, 18 May 2008 15:05:09 +0000 anaru 117 at http://equivocation.org http://equivocation.org/node/114 <p>Small and simple guest operating systems (i.e. those not running many services) can tend to have network difficulties when using the default KVM and <a href="/node/104">Virtual Machine Manager</a> virtualization. I use a very small <a href="http://www.debian.org/">Debian etch</a> guest that is a mirror of an identical small machine elsewhere. If the guest OS does not use the network connection for around 10 minutes, the idle network can become disconnected. This is actually a result of the <a href="http://www.netfilter.org/">iptables</a> <a href="http://en.wikipedia.org/wiki/Network_address_translation">NAT</a> setup by the Virtual Manager.</p><p><a href="http://equivocation.org/node/114">read more</a></p> general kvm Sun, 06 Jan 2008 21:44:17 +0000 anaru 114 at http://equivocation.org