Fedora on Apuntes de root

Tips for running Fedora in a Raspberry Pi 2

jorti@pm.me (Juan Orti Alcaine) — Wed, 29 Jul 2015 00:00:00 +0000

This is a list of tips I’m using while running Fedora in my Raspberry Pi 2.

Modoboa for Fedora

jorti@pm.me (Juan Orti Alcaine) — Wed, 03 Dec 2014 00:00:00 +0000

I’ve recently discovered modoboa, a mail hosting and management platform which looks very promising. It uses Django and can be a frontend of postfix, amavisd-new, radicale, etc.

I’ve submitted some RPM packages based on the previous work of Didier, and will begin to do some tests in a couple of days to see how everything plays together.

Any help/suggestion is welcomed.

Restore EFI boot entry

jorti@pm.me (Juan Orti Alcaine) — Wed, 10 Sep 2014 00:00:00 +0000

After clearing the CMOS in a computer, the EFI boot entry of my Fedora installation disappeared. To restore it, I booted a Live CD and registered it again:

# efibootmgr -c -w -d /dev/sda -l 'EFIfedorashim.efi' -L "Fedora"

fail2ban 0.9

jorti@pm.me (Juan Orti Alcaine) — Tue, 25 Mar 2014 00:00:00 +0000

With the recent release of fail2ban 0.9 there are very important improvements to the journal and firewalld integration. With these simple configurations, I get fail2ban working in Fedora 20 without a syslog daemon and avoiding being DOSed by a local user.

/etc/fail2ban/fail2ban.local

[Definition]
loglevel = INFO
logtarget = SYSLOG

In /etc/fail2ban/jail.local we set the backend to systemd, so we monitor directly the journal, we also choose as default action firewallcmd-ipset, so the rules are inserted with firewall-cmd and use the ipset facility. Finally, all the jails needed are enabled.

[DEFAULT]
backend = systemd
banaction = firewallcmd-ipset
bantime = 3600

[sshd]
enabled = true

[postfix]
enabled = true

[dovecot]
enabled = true

Configure fail2ban in Fedora 20 to use firewall-cmd and ipset

jorti@pm.me (Juan Orti Alcaine) — Thu, 27 Feb 2014 00:00:00 +0000

Note (October 20 2014): This post is outdated, please, refer to the post fail2ban 0.9 for more up to date information.

fail2ban is a handy daemon that monitors the log files to identify connection attempts and other kind of attacks and ban those IPs for a certain period of time.

Currently, fail2ban upstream is adding support to firewalld and the use of ipset, so some modifications are needed at the stock config.

First of all, install the needed packages, I add rsyslog because it’s not included in the default Fedora 20 installation and it’s needed to generate /var/log/secure. I hope fail2ban will support some day querying the journal directly.

dnssec-tools and bind authoritative name server in Fedora

jorti@pm.me (Juan Orti Alcaine) — Mon, 30 Sep 2013 00:00:00 +0000

Some time ago, I wrote a post about using dnssec-tools for managing an authoritative name server in CentOS, now I’m going to extend it to cover their usage in a Fedora system.

First of all, I’m going to use the latest versions which currently is not in the repositories. Download the source rpm, recompile and install the rpms: $ mock -r fedora-19-x86_64 dnssec-tools-2.0-1.fc18.src.rpm # yum install /var/lib/mock/fedora-19-x86_64/result/*rpm

The configuration of bind as authoritative name server /etc/named.conf:

Enabling ECC in Fedora and CentOS

jorti@pm.me (Juan Orti Alcaine) — Tue, 27 Aug 2013 00:00:00 +0000

Because the recent revelations about PRISM, it feels that everybody is revisiting their security infrastructure.

After testing during many hours the available ciphers in the Apache web server, I realized that it’s impossible to get Perfect Forward Secrecy with Red Hat and its derivatives. See bug #319901

I have decided to recompile openssl and apache for the servers I manage, I have uploaded the scripts I use to this repository: https://github.com/jorti/fedora-compile-with-ecc