The articles below are on various topics, though the majority are focused on some aspect of systems administration.
At work, we’ve got an internal-only blog for some upcoming special projects. Our experience, however, is that blogs get ignored without some external notification system like RSS. The problem is that some of our employees use public aggregators like feedly, which cannot see behind our firewall.
Our internal blog generates an RSS feed, but the feed includes
<summary> sections that we really don’t want published in a public RSS feed.
My solution is to copy the feed to a public web host, but massage it with XSLT to remove the sensitive sections.
All the cool DevOps kids are using puppet and chef for configuration management these days, but I’m still sticking with CFEngine, which has served me well since the late 1990s.
CentOS doesn’t have a native cfengine package, so I’ve used the EPEL cfengine package on CentOS 6 machines for some time now. There’s currently no such package for CentOS 7, however, so I’ve relied instead on the one found in the Fedora 20 package set.
I’m fairly fluent in basic firewall operations with
iptables, but the
firewalld included in CentOS 7 is new to me. I’d gotten the firewalld-friendly version of
fail2ban working on a VM I manage. One remote host was pounding away on port 22/tcp; it was duly denied access for several minutes at a time, but it never took the hint and went away.
I finally decided just to drop all packets from the IP address completely. To do so, I had to spend some time in the man page for
firewall-cmd, the command-line interface to