Not the best of days - so-called security PDF Print E-mail
Written by Michael Felt   

Yesterday my ISP turned me "off" because a certain "port" responded. They concluded - incorrectly - I was an open something (bot, relay - or who knows - they would not actually say - only hint).

Bottom line: my UDP port 123 was responsive - so I was evil.

Anyway, about 8 hours after receiving "special treatment" - things are back as they were.

Lesson learned: do not test NTP without first blocking UDP port 123 in  the "firewall".
Last Updated ( Tuesday, 31 January 2017 )
Hard to be current! PDF Print E-mail
Written by Michael Felt   

Just saw a retweet - and followed it to see that IBM is being more serious about having opensource "more" current. But it is hard to be current - as I know from what I do on my own - for myself mainly. So, when I saw the IBM httpd package was newer than mine - I thought - time to get updated.

As an example, mine packaging is at level 2.4.20 and IBM's is at 2.4.23 - and the current level is 2.4.25. Hard to be current. Example 2: my curl is at 7.52.1(the current level) and IBM's is at 7.51.0. Again - Hard to be current.

A bit of maintenance - downtime explained PDF Print E-mail
Written by Michael Felt   

You may have noticed a bit of downtime today - my apologies, but I needed to get some updates finally applied.

Soon I will write about configuring pop3ds and imapds - as this is something I have wanted to have working, but have always missed one or two bits. With the update I seem to have it configured so that it will work with TLS1.2 and not with SSLv3 or SSLv2. And, after a few more tests on some "undocumented" behaviors I will have a short blog on SecuringAIX and a longer tutorial on

mksysb - yes, something new! PDF Print E-mail
Written by Michael Felt   

We have always known that backups using mksysb could be done on a live system - except it may be necessary to stop certain applications that keep meta information in rootvg. That time has been - massively - shortened. And, fortunately, this is "so old" we should all have it by now.

Basically, before generating a list of files to makeup AIX is making a "LVM snapshop" of the rootvg - and then backing up that list of files. So, to be safe - still stop your vital applications BUT! once you see this:


Last Updated ( Monday, 19 December 2016 )
Feels like cheating - Part 2a - OpenSSL and AIX PDF Print E-mail
Written by Michael Felt   

OpenSSL - there is "suddenly" a lot happening. The sudden is that sites and portals are now really enforcing TLS1.2 connections (some so far to not even support "not-encrypted" aka port 80 connections).

And so, the things I was thinking about back when I started "part 1 " over a year ago (i.e., lot really so sudden - there was lots of time to prepare) have now come to be the status quo.

In short, I got bit by my own predictitions - in part because of a typo (thinking I was looking for /var/ssl/cacert.pem when I had "hard-coded" /var/ssl/capert.pem.

In any case - I had to get to work with my AIXTOOLS packaging.

The short story: you need at least openssl.base.  (currently latest version is openssl.base. via IBM AIX Web Download Programs.

So - the message to take with you today: get the latest OpenSSL for AIX from  IBM AIX Web Download Programs. Additionally, take a look at some packages that rely on OpenSSL that I have repackaged for AIX - e.g., python , git , and curl. If you have any questions or issues with the packages - leave a note at the forum for AIXTOOLS.

Last Updated ( Friday, 21 October 2016 )
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>