Creator

You are here:-Creator

About Creator

This author has not yet filled in any details.
So far Creator has created 47 blog entries.

HAProxy 1.8.x support tls v1.3 in CentOS 7

O. Prerequisites with openssl 1.1.1 yum -y install pcre2-devel zlib-devel 1. Download wget http://www.haproxy.org/download/1.8/src/haproxy-1.8.17.tar.gz tar -xvzf haproxy-1.8.17.tar.gz sleep 1 cd haproxy-1.8.17 2. Install make TARGET=linux2628 CPU=native USE_PCRE2=1 USE_PCRE2_JIT=1 USE_OPENSSL=1 SSL_LIB=/usr/local/ssl/lib SSL_INC=/usr/local/ssl/include/openssl USE_ZLIB=1 make install 3. Configuration   8. Reference https://dnsprivacy.org/wiki/display/DP/Building+HAProxy+so+that+it+can+use+TLSv1.3 https://certsimple.com/blog/haproxy-http2-dynamic-load-balancing-ssl http://itscom.org/archives/8377

NGINX install support tls v1.3 in CentOS 7

0. Prerequisites openssl 1.1.1 http://blog.plura.io/?p=9209 1. Install redhat-lsb-core yum install redhat-lsb-core yum -y install wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel pcre-devel 2. User add useradd builder groupadd builder 3. download wget http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-1.15.8-1.el7_4.ngx.src.rpm 4. Configuration rpm -ivh nginx-1.15.8-1.el7_4.ngx.src.rpm sed -i "s|--with-http_ssl_module|--with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.1.1a --with-openssl-opt=enable-tls1_3 |g" /root/rpmbuild/SPECS/nginx.spec 5. Compile rpmbuild -ba /root/rpmbuild/SPECS/nginx.spec 6. Install rpm -ivh /root/rpmbuild/RPMS/x86_64/nginx-1.15.8-1.el7_4.ngx.x86_64.rpm

syslog 빠른 설정

Legacy 클라이언트에서 원격지 syslog 서버를 이용하기 위한 설정 가이드 1. HP-UX vi /etc/syslog.conf *.info @10.10.52.149 /sbin/init.d/syslog stop /sbin/init.d/syslog start 2. Solaris vi /etc/syslog.conf *.info @10.10.52.148 svcadm restart system-log 3. AIX vi /etc/syslog.conf *.info @10.10.52.147 refresh -s syslogd command 명령어 수집 vi /etc/profile function logging { stat="$?" cmd=$(history|tail -1) if [ "$cmd" != "$cmd_old" ]; then

OpenSSL 1.1.1a upgrade for CentOS 7

What's new? OPENSSL 1.1.1a https://www.openssl.org/blog/blog/2018/09/11/release111/   1. compiler yum group install 'Development Tools' yum install perl-core zlib-devel -y 2. openssl download cd /usr/local/src wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz tar -xvzf openssl-1.1.1a.tar.gz 3. openssl compile cd openssl-1.1.1a ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib make make test make install   4. Configure Link Libraries cd /etc/ld.so.conf.d/ vi openssl-1.1.1a.conf /usr/local/ssl/lib 4.1 Now

Nginx 와 WordPress 에서 xmlrpc 접속 거부

1. Nginx 의 conf 수정 server { location ~* /wp-includes/.*.php$ { deny all; access_log off; log_not_found off; } location ~* /wp-content/.*.php$ { deny all; access_log off; log_not_found off; } location ~* /(?:uploads|files)/.*.php$ { deny all; access_log off; log_not_found off; } location ~* /modules/.*.php$ { deny all; access_log off; log_not_found off; } location ~* /skins/.*.php$ {

BASH 명령어를 rsyslog를 이용하여 ELK 취합 후 분석하기

BASH 명령어를 rsyslog를 이용하여 ELK 취합 후 분석하기 (Client) vi /etc/bash.bashrc export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"' vi /etc/rsyslog.d/bash.conf - rsyslog 추가 local6.* /var/log/commands.log vi /etc/rsyslog.d/01-json-template.conf - rsyslog 추가 template(name="json-template" type="list") { constant(value="{") constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339") constant(value="\",\"@version\":\"1") constant(value="\",\"message\":\"") property(name="msg" format="json") constant(value="\",\"sysloghost\":\"") property(name="hostname") constant(value="\",\"severity\":\"") property(name="syslogseverity-text") constant(value="\",\"facility\":\"") property(name="syslogfacility-text")

PRNG (Pseudorandom number generator) 사용하기

1. Openssl 인 경우 cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness device" (/dev/urandom or /dev/random) that serves this purpose. All OpenSSL versions try to use /dev/urandom by default; starting with version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not available. 참고: https://www.openssl.org/docs/faq.html

PLURA Syslog Collector Srv

네트워크 장비에서는 PLURA Agent 설치 지원을 하지 않기 때문에 Syslog 전송을 위해서는 PLURA Syslog Collector 설치가 필요합니다. PLURA Syslog Collector의 역할 - 네트워크 장비 또는 다른 서버의 syslog를 취합 - 취합한 syslog를 압축하고 암호화하여 PLURA 클라우드로 전송 PLURA Syslog Collector Server 지원 OS는 다음과 같습니다. CentOS/RHEL 6, 7, 8 AWS AMI 2018 AWS Linux AMI