How to View Logs for a Docker Container

Pre-Flight Check
  • As of June 2014 Docker has officially released v1.0.0.
  • These instructions are intended for viewing logs for Docker containers.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.6 server (or CentOS 7, Ubuntu 14.04 LTS, Fedora 20, Fedora 21), and I’ll be logged in as root.

Continue reading “How to View Logs for a Docker Container”

Update and Patch OpenSSL on CentOS for the CCS Injection Vulnerability

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the CCS Injection Vulnerability”?

The ChangeCipherSpec (CCS) Injection Vulnerability is a moderately severe vulnerability in OpenSSL, known formally as “SSL/TLS MITM vulnerability (CVE-2014-0224)“. As of June 05, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

This vulnerability is likely not as severe as the Heartbleed Bug. In some circumstances, this flaw allows an attacker to conduct a man-in-the-middle attack on servers running vulnerable versions of OpenSSL. The attacker would be required to intercept and alter network traffic, and do so in real time, to exploit the flaw; in that case, the attacker could potentially view and/or modify the otherwise secured traffic.

What do I do?
  • Update OpenSSL and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on CentOS 6 against the “SSL/TLS MITM vulnerability (CVE-2014-0224)“.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL on CentOS for the CCS Injection Vulnerability”

How To Change the SNMP Port on CentOS

SNMP 101: The Basics
I. How To Install and Configure SNMP on CentOS
II. How To Change the SNMP Port on CentOS
Introduction

SNMP, or Simple Network Management Protocol, is widely used to communicate with and monitor network devices, servers, and more, all via IP. In the previous article we installed an SNMP agent on a CentOS 6.5 server. This agent allows for collection of data from our server, and makes the information available to a remote SNMP manager. To add a little security, we’ll now change the port that SNMP listens on.

Pre-Flight Check
  • These instructions are intended for changing the SNMP port.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.
  • SNMP is installed and configured per the tutorial on How To Install and Configure SNMP on CentOS.

Continue reading “How To Change the SNMP Port on CentOS”

How To Install and Configure SNMP on CentOS

SNMP 101: The Basics
I. How To Install and Configure SNMP on CentOS
II. How To Change the SNMP Port on CentOS

Introduction

SNMP, or Simple Network Management Protocol, is widely used to communicate with and monitor network devices, servers, and more, all via IP. In this case, we’ll be installing an SNMP agent on a CentOS 6.5 server, which will allow for collection of data from our server, and make the information available to a remote SNMP manager.

Pre-Flight Check

  • These instructions are intended for installing SNMP and doing a very basic configuration.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “How To Install and Configure SNMP on CentOS”

How to Commit Changes and Create Docker Images

Pre-Flight Check
  • As of June 2014 Docker has officially released v1.0.0.
  • These instructions are intended for committing changes to Docker containers.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.6 server (or CentOS 7, Ubuntu 14.04 LTS, Fedora 20, Fedora 21), and I’ll be logged in as root.
  • In the previous tutorials in this series we’ve installed Docker and got a container running, and then we listed which containers were running, and attached to a running Fedora container.

Continue reading “How to Commit Changes and Create Docker Images”

How To List and Attach to Docker Containers

Pre-Flight Check
  • As of June 2014 Docker has officially released v1.0.0.
  • These instructions are intended for listing and attaching to Docker containers.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.6 server (or CentOS 7, Ubuntu 14.04 LTS, Fedora 20, Fedora 21), and I’ll be logged in as root.
  • I have one Docker container running.

Continue reading “How To List and Attach to Docker Containers”

How To Install Docker on CentOS 6

Introduction

Docker is a container-based software framework for automating deployment of applications. “Containers” are encapsulated, lightweight, and portable application modules.

Pre-Flight Check
  • As of June 2014 Docker has officially released v1.0.0.
  • These instructions are intended for installing Docker.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “How To Install Docker on CentOS 6”

Update and Patch OpenSSL for Heartbleed Vulnerability

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the Heartbleed Bug”?

The Heartbleed Bug is a severe vulnerability in OpenSSL, known formally as “TLS heartbeat read overrun (CVE-2014-0160)“. As of April 07, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

In short, the risks are many. In most circumstances, this flaw allows an attacker to read the memory of servers running vulnerable versions of OpenSSL. This would allow attackers to impersonate users and services, and provide a means for data theft. For example, the exposed memory could include sensitive information such as private keys. If private keys are leaked, then it is possible that SSL certificates are compromised, and in that case should definitely be reissued.

What do I do?
  • Update and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
  • Consider getting your SSL certificates reissued.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on CentOS 6 against the “TLS heartbeat read overrun (CVE-2014-0160)” vulnerability.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL for Heartbleed Vulnerability”