Setup nginx Reverse Proxy

install nginx
ubuntu:

sudo apt-get update
sudo apt-get install nginx

Centos: yum install ngix

Edit the config

Ubuntu: sudo nano /etc/nginx/sites-enabled/default
You might need to delete the config file contents and start fresh


server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    server_name blabla.domain.com;

    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/jenkins.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the “It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:8080;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:8080 https://blabla.domain.com;
    }
  }

Centrify NIS Maps Auto Deploy

Use the File Copy GPO from Centrify to copy the script below to the directory /usr/share/centrifydc/mappers/machine (assure the execute bit is on).


#!/bin/sh
# the next line restarts using tclsh \
exec adedit "$0" "$@"
bind -machine [adinfo domain]
slz [adinfo zone]
foreach map [get_nis_maps] {
    if ([regexp "auto*" $map]) {
                puts "Map is $map"
                slnm $map
                set output [open /etc/$map w 0644]
                foreach line [gnm] {
                    set entry [regsub -all "\{|\}" $line ""]
                    puts $output [regsub ":1|{|}" $entry ""]
                }
    close $output
    }
}

Source http://community.centrify.com/t5/Centrify-Server-Suite/NIS-Maps/m-p/20250#M223

Harden SSH

Add the following 2 lines to your /etc/ssh/ssh_config and the /etc/ssh/sshd_config file:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
MACs hmac-sha1

Restart services. Boom. FIPS compliant.

Reinstall Appassure Agent on Linux

If you don’t backup the agent config file, you will get a new Identity and won’t be able to align the backups back up with the same protected system.

to back it up:
cp -p /root/.mono/registry/CurrentUser/software/apprecovery/agent/agentid/values.xml ~/values-backup.xml

Uninstall the old agent, Reboot
Install the new agent, Reboot

Then Restore the file

mv ~/values-backup.xml /root/.mono/registry/CurrentUser/software/apprecovery/agent/agentid/values.xml

restart the appassure-agent service

You should be good to go.

Download Linux Repository (EPEL CENTOS)

i downloaded them by doing this:

rsync -avrt --progress rsync://mirror.cogentco.com/CentOS/6.7/updates/x86_64/ /ldata/repos/6.7/updates/x86_64/

rsync -avrt --progress rsync://mirror.cogentco.com/fedora-epel/6/x86_64/ /ldata/repos/epel/6/

then i used tar with bz2 to make them a little smaller.
Then used the Split command to make them fit on DVDs
split -b 1024m "file.tar.gz" "file.tar.gz.part-"

Then when they get over to the other side i used cat and piped to tar to extract the split files.

cat file.tar.gz.part-* | tar xj