• Citrix XenServer 5.5 vs. Debian 5.0 upgrade to 6.0

    Gergely Polonkai
    May 27, 2011 :: 17:33

    Few weeks ago I’ve upgraded two of our Debian based application servers from 5.0 to 6.0. Everything went fine, as the upgraded packages worked well with the 4.2 JBoss instances. For the new kernel we needed a reboot, but as the network had to be rebuilt, I postponed this reboot until the network changes. With the network, everything went fine again, we successfully migrated our mail servers behind a firewall. Also the Xen server (5.5.0, upgrade to 5.6 still has to wait for a week or so) revolted well with some storage disks added. But the application servers remained silent…

  • Gentoo hardened desktop with GNOME 3 – Round two

    Gergely Polonkai
    May 18, 2011 :: 10:28

    After several hours of package.keywords/package.use editing and package compiling, I managed to install GNOME 3 on my notebook. Well, I mean, the GNOME 3 packages. Unfortunately the fglrx driver didn’t seem to recognise my ATI Mobility M56P card, and the open source driver didn’t want to give me GLX support. When I finally found some clues on what should I do, I had to use my notebook for work, so I installed Fedora 14 on it. Then I realised that GNOME 3 is already included in Rawhide (Fedora 15), so I quickly downloaded and installed that instead. Now I have to keep this machine in a working state for a few days, so I will learn SELinux stuff in its native environment.

  • Zabbix performance tip

    Gergely Polonkai
    May 13, 2011 :: 19:03

    Recently I have switched from MRTG + Cacti + Nagios + Gnokii to Zabbix, and I must say I’m more than satisfied with it. It can do anything the former tools did, and much more. First of all, it can do the same monitoring as Nagios did, but it does much more fine. It can check several parameters within one request, so network traffic is kept down. Also, its web front-end can generate any kinds of graphs from the collected data, which took Cacti away. Also, it can do SNMP queries (v1-v3), so querying my switches’ port states and traffic made easy, taking MRTG out of the picture (I know Cacti can do it either, it had historical reasons we had both tools installed). And the best part: it can send SMS messages via a GSM modem natively, while Nagios had to use Gnokii. The trade-off is, I had to install Zabbix agent on all my monitored machines, but I think it worths the price. I even have had to install NRPE to monitor some parameters, which can be a pain on Windows hosts, while Zabbix natively supports Windows, Linux and Mac OS/X.

  • Ethical Hacking 2012

    Gergely Polonkai
    May 12, 2011 :: 20:54

    Today I went to the Ethical Hacking conference with my boss. It was my first appearance at such conferences, but I hope there will be more. Although we just started to redesign our IT security infrastructure with a 90% clear goal, it was nice to hear that everything is vulnerable. I was thinking if we should sell all our IT equipments, fire all our colleagues (you know, to prevent social engineering), and move to the South Americas to herd llamas or sheep, so the only danger would be some lurking pumas or jaguars. Or I simply leave my old background image on my desktop, from the well-known game, which says: Trust is a weakness.

  • Gentoo hardened desktop with GNOME 3 – Round one

    Gergely Polonkai
    May 12, 2011 :: 20:32

    After having some hard times with Ubuntu (upgrading from 10.10 to 11.04), I decided to switch back to my old friend, Gentoo. As I’m currently learning about Linux hardening, I decided to use the new SELinux profile, which supports the v2 reference policy.