I was looking for a solution to ban those ip that abuses my sshd processes using dictionary attack (some of them using romanian user accounts, just take a look at this link, from a slashdot article, and search for romania).

Having a look on google i have found this two methods:

• using denyhosts (through hots.deny) – http://howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
• using a patch for iptables (by using a new user-defined chain) – http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables

For me the easyest was by using denyhosts because it has rpms build already made for opensuse (link from opensuse’s wiki).

After some time I have found (by googling) a way to use MS Project web access (2003 version) in IE6 running in wine.

The problem is the IE6 installation doesn’t include MDAC necessary to access project server for data.
IE6 uses some activex, which wont work without MDAC. Installing MDAC was a little bit tricky (there are only a few pages mentioning how to install it for ies4linux) but I am sure you’ll manage to do it.

Here are the steps (tested in ubuntu 7.10 i386):

-install wine
-install ies4linux

wget http://www.tatanka.com.br/ies4linux/downloads/ies4linux-latest.tar.gz
tar zxvf ies4linux-latest.tar.gz
cd ies4linux-*
./ies4linux

- downlaod MDAC_TYP.EXE (search it on google) and copy it in “~/.ies4linux/ie6/drive_c/kits”
- get wine ready to install MDAC:

export WINEPREFIX="/home/username/.ies4linux/ie6"
open winecfg and “Add programs” and select MDAC_TYP.EXE, select compatibility level to windows 2000
Save and close

- install MDAC_TYP.EXE

hit wine MDAC_TYP.EXE and follow on-screen wizard.

-open ms pwa (here it comes

open ie6 and add the hostname of the ms project server at the trusted sites
enter the url of the MS PWA
install activex packages (both) when you are asked

- enjoy

Caveats:

It consumes a lot of memory. You better have at leas 1gb. At first ran of PWA in wine, my ubuntu consumed 1.3GB RAM, and the load of the system was about 4. It’s a little bit slow.

Anyway, it’s running…

Recently I wanted to enable https on a opensuse 10.2 server. After generating certificates using easy-rsa from openvpn package, and installing them in apache’s config I got an 12263 error in firefox.

Searching logs didn’t help: only messages about “Invalid method in request \x16\x03\x01“.

Googling for about 30-40 minutes didn’t help but i have found the following link:

http://en.opensuse.org/Apache_Howto_SSL

where, at the end of the page says:

to check your vhost setup, use "httpd2 -S -DSSL"

Cause: client speaks HTTPS, server speaks HTTP. If that happens to be port 443, it means that the server is listening on the port but not with SSL.

I went in apache’s config from sysconfig (/etc/sysconfig/apache2) and I have added “SSL” like below:

APACHE_SERVER_FLAGS="SSL"

and it worked .

I have searched for a method to make the font size on the console (press ctrl+alt+f1) on ubuntu instalation.

After a few hours (yeah, it took a while) I have found this link:

http://ubuntuforums.org/archive/index.php/t-652038.html

It works on dell 1501.

Here is my grub’s menu.lst:

title Ubuntu 7.10, kernel 2.6.22-14-generic
root (hd0,0)
kernel /boot/vmlinuz-2.6.22-14-generic root=UUID=c93d3013-5367-4fc7-9a55-9093c56f544a ro quiet splash
initrd /boot/initrd.img-2.6.22-14-generic
quiet
title Ubuntu 7.10, kernel 2.6.22-14-generic (recovery mode)
root (hd0,0)
kernel /boot/vmlinuz-2.6.22-14-generic root=UUID=c93d3013-5367-4fc7-9a55-9093c56f544a ro single
initrd /boot/initrd.img-2.6.22-14-generic
title Ubuntu 7.10, memtest86+
root (hd0,0)
kernel /boot/memtest86+.bin
quiet


No vga tags at all…:)

Now you can easy use the console if you like it.

Here is how I managed to successfully connect to a hardware vpn device using openswan and opensuse:

conn chkpnt
authby=secret
pfs=yes
keyexchange=ike
left=your.ip
right=vpn's.ip
auto=start
Easy…:)

/etc/init.d/ipsec restart

Check status and debug with:
ipsec auto --status
ipsec barf


Update:

Add: rightsubnet=ips.behind.vpn.box to to get in touch with remote network.