searchforsolutions

Just another WordPress.com site

Category Archives: System

Fixing the POODLE issue in Java client (HTTPSUrlConnection/Webservices etc.) , securing embedded jetty , fixing a .NET client stack (WCF etc.) and securing IIS7/8


– If your app is going to make HTTPS calls (act like a client) or for all Java apps using HTTPSUrlConnection set the following system property java.lang.System.setProperty(“https.protocols”,
“TLSv1,TLSv1.1,TLSv1.2”); or set the propety before starting the application with “java -Dhttps.protocols=”TLSv1,TLSv1.1,TLSv1.2″ MyAPP”

– To disable SSLv3 in embedded Jetty(v9.x)  setup the SslContextFactory

sslContextFactory.addExcludeProtocols(“SSLv3”);

sslContextFactory.setExcludeCipherSuites(“SSL_RSA_WITH_NULL_MD5”,
“SSL_RSA_WITH_NULL_SHA”, “SSL_RSA_EXPORT_WITH_RC4_40_MD5”,
“SSL_RSA_WITH_RC4_128_MD5”, “SSL_RSA_WITH_RC4_128_SHA”,
“SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5”,
“SSL_RSA_WITH_IDEA_CBC_SHA”,
“SSL_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_RSA_WITH_DES_CBC_SHA”, “SSL_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_DSS_WITH_DES_CBC_SHA”,
“SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_RSA_WITH_DES_CBC_SHA”,
“SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DHE_DSS_WITH_DES_CBC_SHA”,
“SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA”,
“SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DHE_RSA_WITH_DES_CBC_SHA”,
“SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA”,
“SSL_DH_anon_EXPORT_WITH_RC4_40_MD5”,
“SSL_DH_anon_WITH_RC4_128_MD5”,
“SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA”,
“SSL_DH_anon_WITH_DES_CBC_SHA”,
“SSL_DH_anon_WITH_3DES_EDE_CBC_SHA”,
“SSL_FORTEZZA_KEA_WITH_NULL_SHA”,
“SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA”,
“SSL_FORTEZZA_KEA_WITH_RC4_128_SHA”,
“SSL_DHE_RSA_WITH_AES_128_CBC_SHA”,
“SSL_RSA_WITH_AES_128_CBC_SHA”);

-For securing Tomcat 7 follow the following steps

http://wiki.apache.org/tomcat/Security/POODLE

-For protecting .NET WCF or client HTTPS invocatons endpoints by forcing them to use TLS always. Set it globally for each AppDomain via the System.Net.ServicePointManager.SecurityProtocol property when the application starts up.

 

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

-Disabling SSLv3 on IIS7/8

http://support.microsoft.com/kb/187498

http://support.microsoft.com/kb/245030

Fix broken chm ( compiled HTML file ) files


I’ve had a bunch of docs in *.chm format.
Looked like they were broken on Win 8.

Just figured out that due to some security enhancements the links & authority of the files weer broken.

To enable it:
1. Select the file
2. Right-click select properties
3. Watch out for the Unblock button.
4. Click on it and close the dialog by clicking on the button OK.
5. Launch the file and voila! It works!

C# : Working with .cab (cabinet) files


.NET does not have any classes for creating cabinet files out-of-box, so today I had to look what else is available out there. There are a couple of solutions I found for creating a .cab file from the .NET code. The one that actually worked for me was a library developed by Microsoft(!) as part of their Windows Installer XML (WiX) toolset. This toolset is distributed with a bunch of dlls as part of its SDK. The library that allows to create cabinet files is called Microsoft.Deployment.Compression.Cab and located under <WIX_Installation_Folder>\SDK.

In your project you need to add a reference to the Microsoft.Deployment.Compression.Cab.dll and to Microsoft.Deployment.Compression.dll (located under the same folder and has some base classes for types defined in the Microsoft.Deployment.Compression.Cab).

After doing this you can add files to a cabinet file from .NET with just a couple of line of code:

using Microsoft.Deployment.Compression.Cab;

//create a instance of Microsoft.Deployment.Compression.Cab.CabInfo
//which provides file-based operations on the cabinet file
CabInfo cab = new CabInfo(@”C:\Cabinet1.cab”);

//create a list with files and add them to a cab file
List<string> filesToArchive = new List<string>() { @”C:\file1″, @”C:\file2″ };
cab.PackFiles(null, filesToArchive, null);

//add a folder (including subdirectories) to another cab file with a maximum compression level
cab = new CabInfo(@”C:\Cabinet2.cab”);
cab.Pack(@”C:\folder”, true, Microsoft.Deployment.Compression.CompressionLevel.Max, null);

//unpack a cab file into C:\Unpacked folder
cab.Unpack(@”C:\Unpacked”);

The library has an MSDN style help file located under <WIX_Installation_Folder>\doc\DTFAPI.chm.

Another dll that also comes with WiX toolset SDK is Microsoft.Deployment.Compression.Zip.dll that provides similar functionality for packing and unpacking zip files.

Ref: http://wix.sourceforge.net/

C# : Credentials management on windows 2008


I was looking at options to save credentials on Wnidows platform.The traditional way is registry or DB or filesystem.But then one has to keep an eye on security issues & other headaches that follow.

Then i saw this feature in W2K8 ,”Credentials Manager”. The API for it are in C/C++ , but i needed a solution in C#. So I triaged a bit & came across a solution for the same http://www.microsoft.com/indonesia/msdn/credmgmt.aspx .

Another one : http://www.developerfusion.com/code/4693/using-the-credential-management-api/

Enjoy!

Add command prompt shortcut to Windows Explorer


  1. Click on Start=>Run & Open registry using “regedit”.
  2. Navigate to “HKEY_LOCAL_MACHINE/Software/Classes/Folder/Shell”.
  3. Create a Key called “command prompt”.Set the default string to value “CMD Prompt Here”.
  4. Under the key created above,create another key called “command”.Set the default string to “cmd.exe /k pushd %1”.
  5. It takes effect immedialtely try out in the windows explorer.

Enabling menu bar in windows explorer on windows 2008


  1. Open Windows Explorer
  2. Click on “Organize” menu option @ the top left hand corner
  3. Select “Layout” & from the sub-menu select Menu Toolbar

My notes about Opscode Chef


Chef is a configuration management tool designed to bring automation to your entire infrastructure.

1. API Doc

http://rubydoc.info/gems/chef/frames

2. Chef wiki

wiki.opscode.com/display/chef/Home

3. Codebase

https://github.com/opscode

4. Reset admin password from the workstation where knife is configure

https://gist.github.com/613172

Installing MongoDB 2.0.3 on Ubuntu 10.04


I tried following the following wiki:http://www.mongodb.org/display/DOCS/Ubuntu+and+Debian+packages

Didn’t workout so i decided to have my own triage 🙂 . I’m going to assume user is comfortable with Ubuntu.This should work with Ubuntu 11.x too.

  • Create Apt source

Create /etc/apt/sources.list.d/mongodb.list
Add the following line to the above created file : deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

  • Add the GPG Key and Update Index

sudo mkdir /etc/apt/trusted.gpg.d/

sudo apt-key adv –keyserver keys.gnupg.net –recv 7F0CEB10

sudo gpg –export richard@10gen.com | sudo tee /etc/apt/trusted.gpg.d/mongodb.org-keyring.gpg > /dev/null

sudo apt-get update

sudo apt-get upgrade

  • Install MongoDB

sudo apt-get install mongodb-10gen

Have fun!

Linux internals

Ubuntu – My tryst


Some tips & tricks while working behind corporate firewall/proxy on Ubuntu(11)

1. Setting up proxy server on Ubuntu

export http_proxy=’http://{DOMAIN}\{USERNAME}:{PASSWORD}@{PROXY HOST NAME}:{PORT}/’

2. Setting up proxy for apt-get

Acquire::http::Proxy ‘http://{DOMAIN}\{USERNAME}:{PASSWORD}@{PROXY HOST NAME}:{PORT}/’;

Acquire::https::Proxy ‘https://{DOMAIN}\{USERNAME}:{PASSWORD}@{PROXY HOST NAME}:{PORT}/’;

if you have “@” symbol in your password use %40

3. Turn off firewall

ufw disable

4. Install Vmware tools

mount /dev/cdrom /media/cdrom

cp /media/cdrom/VMwareTools-8.3.7-341836.tar.gz /tmp

tar zxvf /tmp/VMwareTools-8.3.7-341836.tar.gz

cd /tmp/vmware-tools-distrib

./vmware-install.pl

5. Install git

apt-get git-core gitosis

6. Howto configure network

https://help.ubuntu.com/10.04/serverguide/C/network-configuration.html

7. If you are looking for one stop shop for Ubuntu release apart from the LTS version here is the link http://cdimage.ubuntu.com/releases/