Sunday, October 24, 2010

Does God give grace?

Romans 8:38-39
For I am convinced that neither death nor life, neither angels nor demons, neither the present nor the future, nor any powers, neither height nor depth, nor anything else in all creation, will be able to separate us from the love of God that is in Christ Jesus our Lord.
God promises forgiveness of our sins, and that he won't give up on us. But for how long? Through how much? Can we mess up so much that god won't forgive us?

Think back to how we were before we found God. God loved us enough to die for us even when we didn't care, or love, or even try. How much more now that we love him back!

Romans 5:6
You see, at just the right time, when we were still powerless, Christ died for the ungodly.

Friday, October 22, 2010

Reset the root password to a random value

I recently began setting up some Linux servers at work and become concerned about access to the root user account. I have stressed the need for using SUDO, but the fact that people may know the root account was a gaping hole in accountability - if everyone logs in as root, how do I know who made what change?

I decided that a good method of enforcement would be to change the root password on a daily basis to a random string. The thinking is that anyone with SUDO access doesn't need the password, the password can be changed through the use of SUDO, and worst case scenario we can boot to a rescue disk and change it from there.

I did some searching on the net and found the below perl script at http://www.sunmanagers.org/pipermail/summaries/2005-May/006495.html. I put this script in the crontab for root and set it to run every day. Hopefully when I come back into the office, my root account password will have changed.

script:
#!/usr/bin/perl -w

use strict;

my $shadow="/etc/shadow";
my @Salt=("a".."z","A".."Z",0..9,".","/");

my ($uid,$gid)=(stat($shadow))[4,5];
(defined $uid) || die "$0: Failed to stat(\"$shadow\") - $!\n";

my $pass="";
map { $pass=$pass . sprintf("%c",int(rand(93))+33) } (1..8);
my $unx=crypt($pass,$Salt[int(rand($#Salt + 1))] . $Salt[int(rand($#Salt + 1))]);

open(OLD,$shadow) || die "$0: Failed to open $shadow for reading - $!\n";
open(NEW,">$shadow.new") || die "$0: Failed to open $shadow.new for writing - $!\n";
chmod(0600,"$shadow.new") || die "$0: Failed to 
chmod(0600,\"$shadow.new\") - $!\n";

while(<OLD>) {
 s/^(root):[^:]+:(.*)$/$1:$unx:$2/;
 print NEW $_;
}

if (!close(OLD)) {
 unlink("$shadow.new");
 die "$0: Failed to close file handle on $shadow - $!\n";
}
 if (!close(NEW)) {
 unlink("$shadow.new");
 die "$0: Failed to chown($uid,$gid,\"$shadow.new\") - $!\n";
}

if (!rename("$shadow.new",$shadow)) {
 unlink("$shadow.new");
 die "$0: Failed to rename(\"$shadow.new\",\"$shadow\") - $!\n";
}

exit 0;

Thursday, October 21, 2010

Using RedHat public YUM repository

I never found anything official about RedHat having a public YUM repository, but I stumbled across something that appears to work.

Simply create a new repo file under /etc/yum.repos.d/ and set the baseurl line to
baseurl = http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/

Tuesday, October 19, 2010

Definition of Cloud Computing

We have heard a lot about cloud computing recently, but what exactly is it? After a lot of sales pitches, and various lingo thrown around, I finally found this article (http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc) that breaks it down into these 5 key items:
  1. On-demand self-service
  2. Broad network access
  3. Resource pooling
  4. Rapid elasticity
  5. Measured Service
If you have started virtualizing your environment and use web applicaitons at all, you probably have most of these features - but it is important to have all to properly scale up and out.
An example of the reasoning why you want all of these components is from http://www.oracle.com/dm/offers/fy11/2_powering_new_generation_cloud_implementations.pdf where the transitions from a silo environment to a cloud environment.