Ubuntu: Allow SSH access for ‘root’ user
KB ID 0001317 Problem First of all not being able to connect to your Ubuntu server via SSH as root is ‘by design’, and it’s a perfectly good security measure. I do find it interesting that every hosting company I ever used, spin up a new machine and then email me the root password and they’ve enabled it anyway? I needed to enable this recently and the internet is full of posts saying ‘just edit the...
Ubuntu: Setting Up a WordPress Website with LEMP – Part 1
KB ID 0001318 Problem At the time of writing this site is running on CentOS7 LAMP (Linux Apache MySQL and PHP). Well I’m actually using MariaDB not MySQL as it’s ‘supposed’ to be a little faster, but they are similar enough to be accepted. I’m planning to migrate to Ubuntu 17 LEMP (Linux ‘EnginX’ MySQL and PHP) again with MariaDB. As the site is getting more traffic I want to utilise the...
Migrating WordPress From One Server To Another
KB ID 0001315 Problem I have to say before I start, that most of the credit for this article lies with Allen White from www.techieshelp.com. Who gave me the three most important pieces of information that you need to migrate your WordPress site. Three Things You Need; The contents of your wp-content directory. The contents of the root of your site. A backup of your database, (this is a lot easier than you think). Now there may be a...
Exchange 2013 / 2016 / 2019 Default Receive Connector Settings
Default Receive Connectors KB ID 0001314 Problem Out of the box, Exchange 2016 (&2013) has five receive connectors. Three for the frontend transport service and two for the mailbox transport service. Front End Transport Service: Does not alter, inspect, or queue mail. It is the first port of call for ALL mail coming into (and out of) the Exchange organisation. This service creates THREE receive connectors All are bound to 0.0.0.0...
Cisco – Joining Layer 2 Networks Over Layer 3 Networks
KB ID 0001313 Problem It’s a common problem, you want to connect one site to another and still have them on the same layer 2 network. As you can see above both the routers at the bottom are in the 172.16.1.0/24 network, let’s assume they are clients in the same layer 2 network how would you connect them? Solution Option 1: xconnect over L2TP All the ‘heavy lifting’ is done on the SiteA and SiteB routers. We...
Microsoft PKI Planning and Deploying Certificate Services Part 3
KB ID 0001312 Problem Following on from Part Two, now we have an offline Root CA, and a CRL server, our next step is defined by our PKI design, are we three tier, or two tier? (Look in Part One for a definition). Solution As previously mentioned, Microsoft just treats Intermediate CAs and Issuing CA’s as the same thing (SubCAs). So the next step is identical for either. But I would suggest one difference, If I was deploying an...
WannaCry – Protect Yourself
KB ID 0001311 Problem Last Friday, the IT world was hit by another attack, WannaCry is a Ransomware infection, that exploits a hole in the windows SMB Protocol. This hole was patched back in March, (Security update MS17-010) so if your, (windows update supported systems) have updates enabled, you will probably already be protected. Why were big organisations like the NHS hit? Primarily because they have systems that are no longer...
Microsoft PKI Planning and Deploying Certificate Services Part 2
KB ID 0001310 Problem In Part One we deployed our offline Root CA Server, now we are going to deploy a ‘Certificate Revocation Location’ server. Solution Before you start: Create a DNS record for ‘pki’ that points to the IP address, that you will have the CRL web server hosted on. I’m installing my CRL server on a separate web server because thats good practice. Starting with a domain joined member...
ADMT (Active Directory Migration Tool) Domain Migration – Part 4
KB ID 0001308 Problem On the homeward stretch now, back in Part Three, we migrated service accounts, groups, and users. Now we turn our attention to our machines. Note ADMT 3.2 Only support the migration of Operating Systems up to Windows 7, (that doesn’t mean Windows 8 and Windows 10 wont work, it just means they are not supported). Migrating Windows 8 and 10 throws a lot of security translation errors, because of the way it...
Microsoft PKI Planning and Deploying Certificate Services
KB ID 0001309 Problem “I don’t know what it is about Certificates, I just don’t like them, I don’t understand them, and I don’t like working with them” I hear this a lot, In fact I heard it this week, and as I’m usually the ‘go-to-guy’ for certificates and PKI, it winds me up! IT pros take the time to learn concepts like DNS, DHCP, Kerberos etc. But mention Certificate Services and...