December 23, 2013

Why You Should Implement equals() and hashCode() In Hibernate

It is not directly obvious why you should override and implement equals() and hashCode() in Hibernate. Here are two good documentation for why:

- Hibernate ORM documentation
http://docs.jboss.org/hibernate/orm/4.3/manual/en-US/html/ch04.html#persistent-classes-equalshashcode

JBoss Community Wiki
https://community.jboss.org/wiki/EqualsAndHashCode

Essential iptables on RHEL

I good getting starting guide and also very well explained is casting by Red Hat.'

Hardening access to network services with iptables
http://www.redhat.com/resourcelibrary/articles/training-webinars

Hardening Apache Web Server (httpd)

For hardening Apache Web Server, look at

http://benchmarks.cisecurity.org/downloads/browse/index.cfm?category=benchmarks.servers.web.apache

Hardening RHEL 6

For Red Hat Enterprise Linux 6 hardening, look at 

http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120

Packt’s $5 eBook Bonanza is back!

Following on from the success of last year’s festive offer, the publisher will be celebrating the holiday season with an even bigger $5 Bonanza.

From December 19th, customers will be able to get any eBook or Video from Packt for just $5. This sale covers every title in the 1700+ range and customers can grab as many as they like until January 3rd 2014 – more information is available at http://bit.ly/1jdCr2W.

December 21, 2013

Hardening RHEL5

The NSA has been getting a lot of attention in the media lately, but NSA has also published a lot of interesting document. A good example of that is the

Guide to the Secure Configuration of Red Hat Enterprise Linux 5
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf

December 11, 2013

JBoss Vault in JBoss EAP 6.2.0 uses jceks as Default KeyStore Type

Today I upgraded to JBoss EAP 6.2.0, but ran into some trouble with the keystore I have. I have one for the SSL connector and one for the JBoss Vault.

To be able keep you old JBoss Vault keystore that is stored with the jks format you need to add the KEYSTORE_TYPE vault option.

</extensions>
<vault>
    <vault-option name="KEYSTORE_URL" value="/your/absolute/path/vault/vault.keystore"/>
    <vault-option name="KEYSTORE_PASSWORD" value="MASK-3/VY6BIQ1KQ9LdJmX8m9Vn"/>
    <vault-option name="KEYSTORE_ALIAS" value="vault"/>
    <vault-option name="SALT" value="12345678"/>
    <vault-option name="ITERATION_COUNT" value="45"/>
    <vault-option name="ENC_FILE_DIR" value="/your/absolute/path/vault/"/>
    <vault-option name="KEYSTORE_TYPE" value="jks"/>
</vault>
<management>

Reference

December 10, 2013

Changing Broadcom Driver In Ubuntu

I have a Broadcom Wireless Network Adapter and I had all sort of problem with the standard driver, Broadcom STA Wireless driver or wl that the module is called.

To identify which Broadcom chipset you have. Run:

$ lspci -vvnn | grep 14e4
45:00.0 Network controller [0280]: Broadcom Corporation BCM4313 802.11bgn Wireless Network Adapter [14e4:4727] (rev 01)

To identify which modules (driver) you are using (running):

$ egrep 'ssb|wl|brcmfmac|brcmsmac|bcma' /proc/modules 

I had the STA or wl module running. To remove all possible Broadcom modules.

$ sudo modprobe -r b43 ssb wl brcmfmac brcmsmac bcma 

And to really remove the default STA or wl module, also remove the debian package. After the purge, that remove configuration files as well, I double run apt-get with remove autoremove, which will remove unused package and finally I run clean, to clean the apt-get cache. All for precaution.

$ sudo apt-get purge bcmwl-kernel-source && sudo apt-get autoremove && sudo apt-get clean

Now you must test which driver/module that suites you best. I started with the b43 driver/module.

$ sudo apt-get install firmware-b43-installer
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  b43-fwcutter
The following NEW packages will be installed:
  b43-fwcutter firmware-b43-installer
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 22.8 kB of archives.
After this operation, 120 kB of additional disk space will be used.
Do you want to continue [Y/n]? Y

To load the new module/driver.

$ sudo modprobe b43

Now test you installation, if successful reboot and double check, that everything is working correctly..

Other possible driver are b43legacy package firmware-b43legacy-installer and LP-PHY package firmware-b43-lpphy-installer.

For more hardware commands, please read http://magnus-k-karlsson.blogspot.se/2013/01/how-to-install-atheros-ar8161-ethernet.html

Reference

December 7, 2013

The Medibuntu Project has come to an end

For many people the first thing they have done after installing Ubuntu, was to add the Medibuntu repository. But now it is dead. See announcement Here.

But what is the impact? Not much. Ubuntu already offers most of the things that existed in Medibuntu and this only natural progress of the growth of Ubuntu.

December 5, 2013

Managing Network in RHEL 6

Tools

The simplest way to manage network settings is to use the system-config-network tool or the non-graphical variant system-config-network-tui

To start, stop, status all our network devices

$ service network [start|stop|status|restart]

Other useful tools are:

ifconfigDisplay our network settings.
pingUsed for check network connectivity
route -nDisplay routing and Gateway
tracerouteDisplay network routing to a host.
netstat -nrDisplay open ports.

Configuration

Main network configuration file is /etc/sysconfig/network-scripts/ifcfg-<name>.

Hostname

$ hostname 
tester1.example.com

Routing

Local routing for e.g. localhost, but also for static routing.

$ cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Main routing configuration file. Any changes will be overwritten, unless disabled in above sysconfig network-scripts with PEERDNS=no.

$ cat /etc/resolv.conf 
$ Generated by NetworkManager
search example.com
nameserver 192.168.1.1

Reference

  • network-scripts: /usr/share/doc/initscripts-<version>/sysconfig.txt