Reject Requests without a Host Name Header on NGINX

The Objective: Reject all requests that reach the NGINX server with our a host name in its header

Why it matters: When a request is made to via IP address (http://your.add.rress.here), it will return what is determined to be the “default server” for that IP address. This is often not the desired result. The result we are going for here is to close the connect with the requesting client.

The solution: 

  1. generate a bogus cert and store it in your /etc/nginx/certs/bogus/ (or  whichever folder you use for your certificates)
  2. create a “default.conf” configuration file in your /etc/nginx/conf.d/ (or whichever folder you include in your config)
  3. add the configuration to the “default.conf” file (update it if your folders are different for certs)
  4. test your configuration (/usr/sbin/nginx -t -c /etc/nginx/nginx.conf)
  5. if all is well, restart your service (sudo service nginx restart)
  6. validate it’s working as intended

Code Sample:
server {
listen 80 default_server;
server_name "";
return 444;
}
server {
listen 443 default_server ssl;
server_name "";
return 444;
ssl on;
ssl_certificate /etc/nginx/certs/bogus/cert.pem;
ssl_certificate_key /etc/nginx/certs/bogus/privkey.pem;
}

 

References:

  • http://nginx.org/en/docs/http/request_processing.html#how_to_prevent_undefined_server_names

How to add Domain Admins to sudoers

This process assumes your linux machine has Centrify Express running on it.

Determine the group name

$adquery user rick -G

domain_admins

domain_users

jira-software-users

Add entry to sudoers file

sudo echo “%domain_admins ALL=(ALL) NOPASSWD: ALL” >> /etc/sudoers

 

 

 

Ubuntu 15.04 Desktop on Hyper-V using Windows 10

Ubuntu 15.04 Desktop on Hyper-V using Windows 10

Issue: “The image’s hash and certificate are not allowed (DB) .

Solution:

1) Disable “Secure Boot”

2) Move up the DVD Drive in the Boot order

Capture

Capture

High load average (over 2.5)

Symptoms: the system responses poorly via GUI

Results: Load average dropped to 2.0

Notes: This virtual machine is configured for 2 vCPU’s

Action taken:

  1. Install ccsm ($ sudo apt-get install compizconfig-settings-manager)
  2. open ccsm ($ ccsm)
  3. Disable Effects > Animation & Effects > Fading Windows

Capture

 

 

Load average still high

Capture

Ubuntu 13.04 Corporate wireless connectivity issues

Event log entry in Windows NPS

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

Authentication Type: PEAP
EAP Type: –
Account Session Identifier: –
Logging Results: Accounting information was written to the local log file.
Reason Code: 265
Reason: The certificate chain was issued by an authority that is not trusted.

 

Solution

Remove “System-cs-cert=true” from /etc/NetworkManager/system-connections/<SSID>

I have noticed that you need to remove this entry every time you edit the SSID, even if you leave it in there and set it to false.