Configuring RBAC, TLS Node Bootstrapping On An Existing Kubernetes(1.11) Cluster. Below is a continuation to my previous post(S) part 1-6 on how to configure Kubernetes 3 Master Node cluster. In the post below I am going to show you. How to enable and configure RBAC on an your existing kubernetes cluster. how to automatically bootstrap …
Solaris 11/12 PF Firewall NAT Configuration Below is an update on how to configure NAT in Solaris 11/12, the original post used IPfilter(IPF). Since Solaris now officially switched to the BSD firewall(PF) I created the updated example below. Assumptions The network used in the kernel zones are 10.10.1.0/24 The network used on the global zone …
Configuring NAT Using PF Firewall in Solaris 11 / 12 Zones Read More »
Workaround for Oracle ZFS Appliance(ZFSSA) LDAPS / TLS Reject When Using OUD I recently patched/upgraded firmware on a Oracle ZFS Appliance. Once the upgraded was completed, the ZFS Appliance LDAPS connections stopped working, the error was due to the ZFS Appliance rejecting the Diffie-Hellman(DH) Cipher being used in the LDAPS connections. It turns out the …
openssl pkcs12 -export -out certificate.p12 -inkey certificate-key.pem -in certificate-cert.pem Enter Export Password: Verifying – Enter Export Password: Then use/provide the password at firefox import
Note: For an update on how to configure PF firewall – Please check Configuring NAT Using PF Firewall on Solaris 11/12 Assumptions The network used in the zones is 192.195.40.0 create an etherstub with one local interface used as the gateway ip address give each zone an ip address on a vnic on the same …
Modify /etc/security/access.conf + : ALL : LOCAL + : @groupA : ALL + : userA : ALL + : root : ALL + : userB : ALL -:ALL:ALL
Configuring a user as Primary Administrator in Solaris To configure a User in Solaris 11.2 as Primary Administrator follow the below steps Note: Primary Administrator was removed in Soalris 11.2 because its of a security concern. /etc/user_attr sshsvc::::type=roles;lock_after_retries=no;defaultpriv=all;profiles=Primary Administrator,All /etc/security/prof_attr.d/core-os Primary Administrator:::Can perform all administrative tasks:auths=solaris.*,solaris.grant;help=RtPriAdmin.html /etc/security/exec_attr.d/core-os Primary Administrator:suser:cmd:::*:uid=0;gid=0
A very helpfull site https://blogs.oracle.com/SashaN/entry/packet_gets_blocked_eventhoug_it
Splunk is a great tool for searching logs, but its high cost makes it prohibitive for many teams. In this article, we present a free and open source alternative to Splunk by combining three open source projects: ElasticSearch, Kibana, and Fluentd. http://docs.fluentd.org/articles/free-alternative-to-splunk-by-fluentd
The default settings are quite conservative, and should be increased. user@opensolaris:~# ipfstat | grep lost fragment state(in): kept 0 lost 0 not fragmented 0 fragment state(out): kept 0 lost 0 not fragmented 0 packet state(in): kept 798 lost 100 packet state(out): kept 612 lost 234 The default settings are quite conservative. user@opensolaris:~# ipf -T list …