Paul's Blog

The articles below are on various topics, though the majority are focused on some aspect of systems administration.

Of CFEngine and CentOS 7 · September 6, 2014

All the cool DevOps kids are using puppet and chef for configuration management these days, but I’m still sticking with CFEngine, which has served me well since the late 1990s.

CentOS doesn’t have a native cfengine package, so I’ve used the EPEL cfengine package on CentOS 6 machines for some time now. There’s currently no such package for CentOS 7, however, so I’ve relied instead on the one found in the Fedora 20 package set.

Read more...

Block Single Host with firewalld · September 1, 2014

I’m fairly fluent in basic firewall operations with iptables, but the firewalld included in CentOS 7 is new to me. I’d gotten the firewalld-friendly version of fail2ban working on a VM I manage. One remote host was pounding away on port 22/tcp; it was duly denied access for several minutes at a time, but it never took the hint and went away.

I finally decided just to drop all packets from the IP address completely. To do so, I had to spend some time in the man page for firewall-cmd, the command-line interface to firewalld.

Read more...

Welcome · August 23, 2014

So I’ve got a blog now. I like DocBook for the precision it gives me in my long-form articles, but it presents too much overhead for shorter pieces. The software behind the blog is Hexo, which is based on node.js. Writing is done in the lightweight markdown markup language. I did have to wrestle with the Hexo theme quite a bit before the blog layout would work and play well with the rest of my site, but I’m pretty pleased with the results.

Read more...