Monday, December 26, 2011

Securing SSH

If you are having a machine exposed to the Internet via SSH you should secure your system.
Here is a quick recipe how this can be achieved:

Modify your SSH server configuration /etc/ssh/sshd_config:
  • change the default port
  • do not allow root login
  • do not allow password login
Port 221234
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no

Before you disable password authentication make sure you have copied your public key to the server. This can be achieved via ssh-copy-id command.

# ssh-copy-id myuser@server

In addition install denyhosts to block brute-force SSH login requests.
Denyhosts will continuously update your hosts.deny file with bad IPs / Hosts.

Posted by at 15:21 0 comments
Labels: , ,

Thursday, December 15, 2011

SCM-Manager

SCM-Manager is a cool Jetty based HTTP-server for managing your source code repositories. Just one single mangement instance for dealing with various SCMs which makes it a lot easier to maintain your projects.

SCM-Manager supports Mercurial, Git, and Subversion. You can manage all your users and their permissions very easily.  Of course SCM-Manager also provides bridges for different kinds of authentication like PAM, LDAP and Active Direcotry.

With a bunch of plugins  and the possibilty to write your own plugins there are basically no limitations with this great software. Highly recommended is the Jenkins plugin which allows to inform your CI whenever there are changes on your repo so there is no need for dump polling.

Installation on Debian / Ubuntu:
  •     download latest release of scm-server
  •     unpack to /opt/scm-server
  •     add the script below to /etc/init.d/scmserver
  •     add a user scmserver
  •     run update-rc.d-insserv scmserver defaults
  •     /etc/init.d/scmserver start 

#!/bin/sh
#
### BEGIN INIT INFO
# Provides:          scmserver
# Required-Start:    $remote_fs $syslog $network
# Required-Stop:     $remote_fs $syslog $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start scmserver at boot time
# Description:       Control Repositories
### END INIT INFO

# Source function library.
if [ -x /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
fi

# Check for and source configuration file otherwise set defaults
RETVAL=0

appname=ScmServerDaemon

# See how we were called.
start() {
    # Call the scm-server script as our user
    /bin/su - scmserver -c "/opt/scm-server/bin/scm-server start >> /opt/scm-home/logs/scm-manager-output.log 2>&1 & "

}

stop() {
    if [ ! status = 0 ]
    then
          SCM_PID=$( ps auxwww | grep  java | grep ${appname} | awk '{print $2 }' )
          kill -9 $SCM_PID
    else
      echo "SCM is not running"
    fi

}

status() {
    ps auxwww | grep  java | grep ${appname} || echo "SCM is not running"

}

restart() {
    stop
    SECONDS=0
    STAT=$( ps auxwww | grep  java | grep ${appname} |  wc -l )
    while [ $STAT -ne 0 ]
    do
      sleep 3
        if [ $SECONDS -gt 300 ]
        then
          SCM_PID=$( ps auxwww | grep  java | grep ${appname} | awk '{ print$2 }' )
          kill -9 $SCM_PID
        fi
      STAT=$( ps auxwww | grep  java | grep ${appname} |  wc -l )
    done
    start

}

# See how we were called.
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        restart
        ;;
  status)
        status
        ;;
  *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
esac

exit $RETVAL
Posted by at 23:27 6 comments
Labels: , , ,

Wednesday, December 14, 2011

Make Nexus startup script LSB compliant

I recently ran into the following error with  Nexus and Debian:

warning: script 'nexus' missing LSB tags and overrides insserv... 

which causes a loop within insserv. This is due to a non LSB compliant startup script of Nexus. To make your nexus startup script LSB compliant add the following stuff at the beginning:

#! /bin/sh

### BEGIN INIT INFO
# Provides:          nexus
# Required-Start:    $remote_fs $syslog $network
# Required-Stop:     $remote_fs $syslog $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Nexus Maven Proxy
# Description:       Nexus Maven Proxy
### END INIT INFO
Then run:
# insserv nexus 
and you are done.

Insserv is now aware of preconditions for properly starting and stopping Nexus.
Posted by at 17:46 0 comments
Labels: , ,

Here I am

I am a Java Software Developer and  Debian Linux user always trying out new stuff and also facing problems. Here I will share my experience and solutions to problems I had to deal with.
Posted by at 17:18 0 comments
Subscribe to: Posts (Atom)