xca – Graphical X.509 certificate management tool

If you are looking for some tool to manage X.509 certificates then probably xca is your best guess. This is  a graphical tool and you can open any file and view the keys in it.

So, first install it:

sudo yum install xca

And some information on xca::

Description :   X Certificate and Key management is a graphic interface for managing

asymmetric keys like RSA or DSA, certificates and revocation lists. It is

intended as a small CA for creation and signing certificates. It uses the

OpenSSL library for the cryptographic operations.
:   Certificate signing requests (PKCS#10), certificates (X509v3), the signing

of requests, the creation of self-signed certificates, certificate revocation

lists and SmartCards are supported. For an easy company-wide use, customizable

templates can be used for certificate and request generation. The PKI structures

can be imported and exported in several formats like PKCS#7, PKCS#12, PEM,

DER, PKCS#8. All cryptographic data are stored in a byte order agnostic file

format, portable across operating systems.

Related articles across the web

• Creating Self Signed Certificates for your Fortigate Firewalls
• Secure Mobile X.509 Certificate Delivery – SecureAuth and MobileIron
• X.509 Certificates
• Public Key Document Signing for Oslo Messaging

Fedora.next – what is it?

Fedora.next is being much talked about but what it really is. If you want some insight’s and understand what it is, head over to this presentation.

A nice presentation that explains the concept for Fedora.next.

Related articles across the web

• A proposal for Fedora’s website (considering Fedora.next)
• Fedora Packaging Workshop Managua

Sandbox apache (httpd) for better security.

Apache/httpd is something which you would like to have contained. And now fedora provides a native way/mechanism to to so with virt-sandbox-service. With this, you can create a virtualized sanbox service and then connect/list/manage such with virsh.

We will be using LXC.

Basically its couple of commands and you have a contained service running.

# List all the containers
virsh -c lxc:/// list

# Create the sandbox, all default parameters. Will take dhcp address.
virt-sandbox-service create -C  --username amitag -u httpd.service httpd_conta

# Create the container with static IP.
virt-sandbox-service create -C  --username amitag -u httpd.service -N \
address=192.168.122.11/24%192.168.122.255  httpd_conta#Enable and start the service.
virt-sandbox-service start httpd_conta
virt-sandbox-service enable httpd_conta#Delete the container if not required any more.
virt-sandbox-service delete  httpd_conta

Sandbox Firefox – First step to security

First we will setup cgroup to limit cpu and memory usage, so here we go:

Add the configuration in /etc/cgconfig.conf

#------start cgconfig----------------
#new group
group firefox {
    perm {
        task {
#user your login id and group here, so that you can control this group
        uid = amitag;
        gid = amitag;
        }
        admin {
# same as above, set to your login id and group.
           uid = amitag;
           gid = amitag;
        }
    }
# set the limits for cpu.. by default there are 1024 shares of cpu with no other groups,
# so share of 102 would be around 10% .
    cpu{
        cpu.shares="102";
    }
# limit the cpus to be used to only 0-1
    cpuset{
        cpuset.cpus=0-1;
        cpuset.mems=0;
    }
# limit the maximum memory to 700Mb.
    memory {
        memory.limit_in_bytes="700M";
        memory.max_usage_in_bytes="0";
    }
}
#------end cgconfig----------------

fetchmail to get the mails from your imap account

Now, that you have set the RPi to send emails, lets do the next best thing. Setup fetchmail so that we can setup a cron job to run and get us the emails on Raspberry Pi. What can we do with these emails, lots 🙂 (I hope you already have a Raspberry Pi, if not then head over to  element14.)

For now, first install fetchmail:

sudo apt-get install fetchmail

and if you are one of the guys who wants easy configuration then :

Raspberry Pi automate certain tasks – script example

Now, if you have followed these :

fetchmail

ssmtp

Then you already have a working system for sending and receiving mail. Now, you can set the mda in the fetmailrc to a script which can do few things for you. The script below will get a page and mail it to you, if you have the subject as “get” and send “wake on LAN” to desired PC if you have subject as “wol”. Cool 🙂

get the contents of whole site like some wiki or wikia

For wikis and wikia, generally if you are trying to get some url mirror, then websucker.py is an excellent option. This script is in the python sources so, to get this tool,

yumdownloader --source python

Install the rpm downloaded in current directory and then go to ~/rpmbuild/SOUURCES.  You should find a Python-*.tar.xz file here, just extract with

tar xvf Python*.tar.xz

and there you go, you should find the tool in Tools/webchecker/websucker.py.