Category: Services

Written by Daniel Kawuma26Mar, 2021

Resizing disk size for a Ganeti instance

This process entails two stages:

a) Adding Disk space to a Ganeti instance

Stop the machine using the command below:

root@master-node:~# gnt-instance stop cloud.renu.ac.ug

NB: cloud.renu.ac.ug is the name of the Ganeti instance to be re-sized

There after, run the command below.

Warning: Since this command usually takes long to complete, it’s strongly advised that you run it when working directly on the console of the machine, or in screen mode in case you’re working remotely.

root@master-node:~# gnt-instance grow-disk cloud.renu.ac.ug 0 50g

This command will grow the disk 0 (first disk) of the ganeti instance called cloud.renu.ac.ug by 50GB, meaning the disk size will be increased by 50GB from its initial, that is to say, from 200GB to 250GB.

Continue reading “Resizing disk size for a Ganeti instance”

Written by Daniel Kawuma24Jan, 2021

Migrating from Zimbra to Zimbra (ZCS to ZCS)

There can be a number of reasons for migrating from one mail server to another, the commonest being “running low on disk storage”. Other reasons may include “the need to having a failover mail server” in case of any catastrophic event that may compromise the active email server, among others.

In other words, this same technique can be used to create a clone of your currently running email server to ensure redundancy.

In order to have virtually zero down time, we will proceed as follows :

  1. Set the DNS TTL Entries pertinent to the mail server to the shortest possible time (Ideally this is done a day before to make sure the ttl propagates accordingly)
  2. Prepare a fully working new server
  3. Import all existing domains from the old server.
  4. Import all existing accounts, passwords, distribution lists, and aliases from the old server
  5. Move all DNS Pointers and firewall port forwards to the new server (or leave the DNS Pointers as they are, and simply swap the servers’ I.P. Addresses old to new, and new to old. (More about this later)
  6. Make sure that new mail is arriving  on the new server.
  7. Make sure users are able to connect and use the new server.
  8. Export Mailbox data from the old server, and import it to the new while the new server is running

Continue reading “Migrating from Zimbra to Zimbra (ZCS to ZCS)”

Written by Claire Nakakeeto08Jul, 2020

Installing and configuring cacti on ubuntu to monitor the network

In a recent article, http://“https://blog.renu.ac.ug/index.php/2020/06/17/using-Cacti-to-monitor-your-bandwidth-consumption/”, we learnt how to monitor bandwidth consumption using Cacti and the assumption was that your service provider had given you access to their own Cacti tool which they use to monitor your consumption.

In this article, we shall learn how to install and configure Cacti on your own server either on premise or in the cloud.

Our installation focus is going to be on Ubuntu though it could also be installed on Windows which requires installation of a lot more software as compared to Linux. If you want to install on windows use the link below,

“http://“https://subscription.packtpub.com/book/networking_and_servers/97817 88299183/1/ch01lvl1sec11/installing-Cacti-on-a-windows-system”

With your own Cacti you will be able to monitor not only the bandwidth consumption but also the state (up or down) of your devices and how long they have been in that state.

Continue reading “Installing and configuring cacti on ubuntu to monitor the network”

Written by mwotila28Aug, 2018

Intel Reports

Accessible RDP

This report identifies hosts that have Remote Desktop (RDP) Service running and accessible to the world on the Internet. Misconfigured RDP can allow miscreants access to the desktop of a vulnerable host and can also allow for information gathering on a target host as the SSL certificate used by RDP often contains the system’s trivial hostname.

Remedy: Disable RDP from being world accessible by applying firewall rules either at the border or at the server itself

Accessible Telnet

This report identifies hosts that have a Telnet instance running on port 23/TCP that accessible on the Internet. Telnet provides no encryption and may expose sensitive information or system credentials.

Remedy: Disable Telnet service and use more secure protocols such as SSH or firewall the telnet services

SSL Scan

This report identifies hosts that allow the use of SSL v3.0 with cipher-block chaining (CBC) mode ciphers which are vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. See US-CERT alert TA14-290A at: https://www.us-cert.gov/ncas/alerts/TA14-290A for more information on this vulnerability and exploit.

Continue reading “Intel Reports”

Written by mwotila26Oct, 2016

Configuration of Radsecproxy with f-ticks

  1. Download package radsecproxy and nettle library from internet.
  2. Extract these tar files by using
    # tar -xvf radsecproxy-1.6.5.tar.gz
    # tar -xvf nettle-2.7.1.tar.gz
  3. Move into nettle folder by using
    # cd nettle-2.7.1
  4. Install gcc compiler which is nettle’s prerequisite
    # yum install *gcc*
  5. Install Nettle by running the following commands:
    #./configure –prefix=/usr && make
  6. To test the results, issue:
    # make check
  7. Now, as the root user:
    # make install
  8. Now,Move into radsecproxy folder
    # cd radsecproxy-1.6.5
  9. Now,Type the command
    #./configure –enable-fticks
    # make
    # make check
    # make install
  10. Put radsecproxy configuration file in /usr/local/etc/ folder
    # cp radsecproxy.conf /usr/local/etc/
  11. Start the radsecproxy by using command
    # radsecproxy
  12. Install apache server
    # yum install httpd*
  13. Open file httpd.conf.
    # vim /etc/httpd/conf/httpd.conf
  14. Uncomment NameVirtualHost and put the IP of server by replacing * such as NameVirtualHost IP-OF-THE-MACHINE:80
  15. In VirtualHost,Edit
    <VirtualHost IP-OF-THE-MACHINE:80>
    ServerAdmin root@ IP-OF-THE-MACHINE
    DocumentRoot /radsecproxy-1.6.5/
    ServerName IP-OF-THE-MACHINE
    </VirtualHost>
  16. Check it in browser by http:// IP-OF-THE-MACHINE/f-ticks
Written by mwotila06May, 2016

Sectigo SSL Certificates

The administrators at RENU will create you an account for access to https://cert-manager.com/customer/UbuntuNet

Prerequisites

  • Administrator account for access to https://cert-manager.com/customer/UbuntuNet
  • OpenSSL on your local/working machine
  • Validated Entry for the domain (Covered below). Using email validation is a tested and easier method and this requires you to have access to one of the following email addresses. (Assuming your domain is  utamu.ac.ug);  admin@utamu.ac.ug, hostmaster@utamu.ac.ug

Continue reading “Sectigo SSL Certificates”

Written by mwotila07Apr, 2016

NTP Server on CentOS 7

Step 1: Install and configure NTP daemon

 
1. NTP server package is provided by default from official CentOS /RHEL 7 repositories and can be installed by issuing the following command.

# yum install ntp

2. After the server is installed, first go to official NTP Public Pool Time Servers, choose your Continent area where the server physically is located, then search for your Country location and a list of NTP servers should appear. Continue reading “NTP Server on CentOS 7”

Written by mwotila11Mar, 2016

Zimbra: Install a Comodo SSL Certificate

1. Get the bundle from Comodo in crt format, or sometimes like a zip file. You can also login to https://cert-manager.com/customer/eI4Africa and download the X.509 Root/Intermediate(s) bundle.

2.  Copy the downloaded bundle to the mail server under /tmp. The bundle contains the following files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt

Continue reading “Zimbra: Install a Comodo SSL Certificate”