Apt-get this /scratch (apt/steam cache, exim greylist, owncloud, tumblr daily post, etc)

 

I conveniently use, since more than 10 years, one debian package to distribute over different computers some scripts, notably all the ones published here and on github (except rawdog and pxe setup – but that could change). While it’s practical for me, it’s not for anyone else since the package content is overly random.

Someone using the apt/steam cache as described on this blog can easily end up with out-of-date scripts – unless he fetch updates from git directly.

I decided to split this big package into multiples and improve the conffiles so they are more or less zeroconf.

The result is:

  • -keyring: Keyring used to signed packages along with repository set-up
  • -utils-cache-apt: APT downloads cache setup
  • -utils-cache-steam: Steam downloads cache setup
  • -utils-cloud: Owncloud setup and apps
  • -utils-exim: Exim greylist, bogofilter and spamassassin setup
  • -utils-torrent: Manage transmission via NFS/Samba
  • -utils-tumblr: Automated image post on tumblr
  • -utils-webmail: Roundcube setup and plugins
  • and some others packages that these depends on.

 

The easiest way to get anything is to first install the keyring package and then directly apt-get:

  	# wget http://apt.attique.org/stalag13-keyring.deb
	# dpkg -i stalag13-keyring.deb
	# apt-get update
	# apt-get install stalag13-...

 

Advertisements

Improving Qualys SSL server test results regarding Poodle attack and SHA1

Fancy being in the Qualys list of worst recent server tested for SSL? Got a T rating (A being the target)  mainly it’s due to the fact that I’m using self-signed certificates (no need to certify my authenticity toward myself), otherwise I’d get a C.

I fixed the following issues so now I get a A (ignoring self-signed):

It’s a good practice to get servers tested every now and then.

Update: for dovecot imap server edit /etc/dovecot/conf.d/10-ssl.conf and set

ssl_protocols =  !SSLv3

# note: add also !SSLv2 if openssl < 1.1

 For exim the relevant options should be added in your main conffile (depends on your setup, splitted or not, etc):

#openssl_options = +no_sslv2 +no_sslv3  # compiled with SSL
tls_require_ciphers = NORMAL:!VERS-SSL3.0