similar to: Puppet SSL cipher suites

I am using stored configs to manage my nagios host and services checks and I have run into a problem that I have been unable to solve. When the stored configs are purged from puppet the nagios server correctly removes them from the services and hosts file but does not notify the nagios service and instead throws an error. So the entries are still there and nagios still reports on them until

Hi everyone, Please help, I have built a new server and installed puppet (2.6.17) running on RHEL 6.3. It seems that it is not listening on port 8139. iptables -L: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt

# HG changeset patch # User David Hicks <david at hicks.id.au> # Date 1373085976 -36000 # Sat Jul 06 14:46:16 2013 +1000 # Node ID ccd83f38e4b484ae18f69ea08631eefcaf6a4a4e # Parent 1fbac590b9d4dc05d81247515477bfe6192c262c login-common: Add support for ECDH/ECDHE cipher suites ECDH temporary key parameter selection must be performed during OpenSSL context initialisation before ECDH and

Hi there, I just saw this morning after mistakenly installing the -amd64 packages on a 32bit machine, that the i386 packages had disappeared from debian from jessie onwards. I was wondering about the reason for this disappearance. Is it because upstream cut off support for 32 bit systems? I scratched really fast on the bug reports and couldn't see one that talked about this. -- Gabriel

Given the following hiera hash: common.yaml: --- *allowed_ips:* * "First IP": 1.2.3.4* * "Second IP": 5.6.7.8* and the module: *class iptables ($role) {* * file {/tmp/test:* * content => template(iptables/test.erb)* * }* *}* with the corresponding template test.erb: *<% role.each do |role| -%> * * code* *<% end %>* *<%

Hi, Following 2 vulnerabilities were detected in VA scan required for PCI compliance: 1. SSL Weak Cipher Suites Supported 2. SSL Medium Strength Cipher Suites Supported I'm using CentOS 5.8 with open ssl version "openssl-0.9.8e-22.el5_8.4". Any idea how to get rid of this? Thanks, Anumeha

I''m troubled with a node-definition not able to resolve a class: Could not find class rhnsd::common at /etc/puppet/manifests/nodes.pp: 8 on node X Content of manifest/site.pp: import "nodes.pp" [...] The layout of modules/rhnsd/ is: |-- files | `-- up2date-rhn |-- manifests | |-- client.pp | |-- common.pp | |-- init.pp | `-- rhn.pp A `cat'' from each

Hello, the attached patch for Dovecot 2.2.4 improves the logging to include information about the cipher suite used for a TLS connection. Here is an example log line: Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=<tron>, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=10567, TLS=<TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)>,

I see that there''s a thread from September asking a very similar question ("Official puppetlabs position on cron vs puppet as a service?"). I want to ask what should I take into account when making this decision? Just some background: - All my servers are Red Hat or CentOS - We have about 5 servers managed by Puppet now. The goal is to have ~50 servers. These are generally

I think I have a misunderstanding of variable scope in classes. Wy isn''t tfel4_ClusterDbType set in the elements::tfel4::elements class? It''s set in elements::tfel4::defaults but then goes *poof* when elements::tfel4::elements tries to access it. class elements::tfel4::defaults { if ( !$tfel4_ClusterDbType ) { $tfel4_ClusterDbType = "oracle" }

Hello again. Just thought I'd ask and see if it would be possible to get this sometime in the future: TLS and SSL connection information in a variable like %c today, but more exhaustive. For example I can from postfix get a log like: postfix/smtpd[432]: Anonymous TLS connection established from xxxxxx: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) This would be nice to see if you have

Hello, Is it possible to specify which of the OpenSSL ciphers to utilize during client/server communication? Thank you, -- Rob -- ____________________________________________________________________________________ 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news

Hi, could it be possible to log the TLS cipher suite as Postfix does? This is a typical TLS Dovecot log line: imap-login: Login: user=<user at acme.com>, method=DIGEST-MD5, rip=1.2.3.4, lip=4.3.2.1, mpid=19671, TLS, session=<Jsvr46wt2c1ScQfY> This is the Postfix equivalent postfix/smtp[59723]: Anonymous TLS connection established to mail.acmne.com[1.2.3.4]:25: TLSv1.2 with cipher

List, good afternoon, I was reading up on a TLS Diffie Hellman protocol weakness described here https://weakdh.org/sysadmin.html which is similar to the earlier FREAK attack, and can result in downgrade of cipher suites. Part of the solution workaround that the researchers describe for Dovecot here https://weakdh.org/sysadmin.html includes altering DH parameters length to 2048, and

I am just getting started with Puppet, went through the install on a SuSE Linux (11.1) system. I wanted to use the web console but run into this error: "Ruby on Rails application could not be started" "Permission denied - /opt/puppet/share/puppet-dashboard/config/ database.yml" I''ve checked the permissions on this yml, changed it to 777 for good measure but still

On 17.4.2019 23.00, Kostya Vasilyev via dovecot wrote: > I'm not Aki but hope you don't mind... > > On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: >> Hi, >> >> MariaDB documentation says it accepts OpenSSL cipher strings in its >> ssl_cipher parameters like ssl_cipher="TLSv1.2". >> This is also mentioned when creating or

Quoting Gedalya <gedalya at gedalya.net>: > On 05/26/2015 10:37 AM, Ron Leach wrote: >> https://weakdh.org/sysadmin.html >> >> includes altering DH parameters length to 2048, and re-specifying the >> allowable cipher suites - they give their suggestion. > > It looks like there is an error on this page regarding regeneration. In > current dovecots

This module does basically what I have done in the very beginning. Create an empty directory as a preparation step for the configuration files. But this configuration also did not regenerate the files. Seems, I will stick with my workaround and delete the files manually and the restart the Puppet agent. If anyone is interested in details, see: http://wp.me/p1RukY-1n. Thanks for helping, Gabriel!

Hello, Is it possible to store samba passwords in ldap without configuring samba as a PDC? All the documents/references I've come across are related to using LDAP as a samba PDC backend, not as just a db file replacement. Thanks, David Filion