Tag: Server

How to rename your Ubuntu 12.04 Server

So, you just screwed up the name of your Ubuntu server?

Well that can be changed in no time and with no downtime

Just follow the ermm following;

  • Set a new hostname
sudo hostname your.brand.new.host.name
  • Edit the /etc/hosts file

sudo vi /etc/hosts

  • Edit the /etc/hostname file

sudo vi/etc/hostname

In some circumstances, you may also have to change the /etc/resolv.conf file.

Simple, yes! But worth 90 seconds to write out ;P


Disabling SSL2.0 & Others for IIS7.5 for PCI! /w Powershell

=========================================================

Just to note, this has since been revised. You can see the changes @ http://justfen.com/post/22121613280/pci-iis7-5-beast-vulnerability-donendusted

=========================================================

So, recently been touching up some of our setups for PCI compliance, one of the things we failed on was the fact SSL2.0 and other Protocols were enabled on our IIS7.5 sites.

This had to be implemented into our Web Server deployment scripts and was done with the following;

function Set-IISSecProtocols {

$protopath = “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols”

& reg.exe add “$protopathPCT 1.0Server” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$protopathSSL 2.0Server” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$protopathSSL 3.0Server” /v Enabled /t REG_DWORD /d 00000001 /f

& reg.exe add “$protopathTLS 1.0Server” /v Enabled /t REG_DWORD /d 00000001 /f

& reg.exe add “$protopathTLS 1.1Server” /v Enabled /t REG_DWORD /d 00000001 /f

& reg.exe add “$protopathTLS 1.2Server” /v Enabled /t REG_DWORD /d 00000001 /f

}

And for the Ciphers;

function Set-IISCiphers {

$cipherpath = “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers”

& reg.exe add “$cipherpathNULL” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$cipherpathDES 56/56” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$cipherpathRC2 40/128” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$cipherpathRC2 56/128” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$cipherpathRC2 128/128” /v Enabled /t REG_DWORD /d 00000000 /f 

& reg.exe add “$cipherpathRC4 40/128” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$cipherpathRC4 56/128” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$cipherpathRC4 64/128” /v Enabled /t REG_DWORD /d 00000000 /f

& reg.exe add “$cipherpathRC4 128/128” /v Enabled /t REG_DWORD /d 00000001 /f

& reg.exe add “$cipherpathTriple DES 168/168” /v Enabled /t REG_DWORD /d 00000001 /f

& reg.exe add “$cipherpathAES 128/128” /v Enabled /t REG_DWORD /d 00000001 /f 

& reg.exe add “$cipherpathAES 256/256” /v Enabled /t REG_DWORD /d 00000001 /f

}

To have these changes you must remember to restart the machine, yes REALLY. I actually fell for the trap, so thought I’d share!

And yes, it’s a little dirty but it works!