Thursday, October 23, 2008

Adding packages into a yum server and self-signing them


  • Dump the rpms into a subdirectory
  • gpg --gen-key

  • Edit ~/.rpmmacros:

    %_signature gpg
    %_gpg_name Peter Parente

  • In the RPMS directory:
    rpm --resign *

  • gpg --export --armor key name > RPM-GPG-KEY-mine

  • On both clients and server:
    cp RPM-GPG-KEY-mine /etc/pki/rpm-gpg

  • On server:
    createrepo /my/repo/where/rpms/are

  • Add a+r on files and a+x on directories for serving.
  • On the client:
    rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mine

Sunday, October 19, 2008

VMWare Server Console broken on Hardy - gcc version conflict

VMWare-server-console ships with a bad library that reports errors about version GCC_3.4 not found. Easily fixed: delete the bad library from /usr/lib/vmware....

Thursday, October 16, 2008

Cisco pix firewall configuration notes

To start logging for debug:
logging buffered debugging

To view logs:
show logging

Log to remote syslog:
logging trap errors
logging host inside ip

Need a default route as a catchall on the outside interface:
route outside 0.0.0.0 0.0.0.0 ip 1

NTP:
ntp server 10.0.0.205 source inside prefer

Disable nat in both directions:
nat (inside) 0 0.0.0.0 0.0.0.0
static (inside,outside) internalip internalip netmask

If you are dicking around with nat rules make sure you:
clear xlate
clear arp
show xlate

Use nat to do inside --> outside nat. Use static for outside --> inside. To use port address translation (PAT) for inside --> outside with the outside external ip:
nat (inside) 1 ip netmask
global (outside) 1 interface

Enable SSH login from a IP range on the internal side:
ssh ip netmask inside
ca generate rsa key 2048

To save config:
wr mem
ca save all

Thursday, October 2, 2008

Vim neutered on hardy

So on ubuntu hardy the default vim install is vim-tiny, which is rubbish. Can't even do syntax highlighting. To get usable vim, install vim-runtime, or for the real deal vim-full.