sshd without-password vs prohibit-password

Upgrading a server from Debian 8 to Debian 9 - I noticed in /etc/ssh/sshd_config that ‘PermitRootLogin’ had the argument ‘prohibit-password’. Having not seen that before I wondered what the difference was between that and ‘without-password’.
Turns out that mean and do the same thing - but ‘prohibit-password’ was introduced to be less ambigous. So there you have it!

Check out the release notes here for proof :-)

Check if DNS Server can zone transfer

If you work in the ISP space you might need to check if a down or upstream server is set up to allow Zone Transfers (AXFR).

Test via:

dig -b your-dns-server-ip-with-permission-address @their-dns-server-ip-address exampleDomain.com AXFR
eg. dig -b 8.8.8.8 @208.67.222.222 exampleDomain.com AXFR

And it should return some records about the zone!

Debug Splunk Inputs or script

I’m always forgetting how to debug a python script within Splunk.
Use the following command to initialise the Splunk variables etc and debug your script:

$SPLUNK_HOME/bin/splunk cmd python /full/path/to/yourscript.py

Key_Events_On_Hosts - Splunk EventType

Once upon a time Splunk had an “EventType” named “Key_Events_On_Hosts” then one day it disappeared. It used to power some reports that I use. So I had to go find it from a backup. Here is the EventType is all it’s naked glory.

( sourcetype="WinEventLog*" OR sourcetype="XmlWinEventLog*" (Type="*Error*" OR Type="*Fail*" OR EventCode=1074 OR EventCode=19 OR EventCode=20 OR EventCode=21 OR Eventcode=1001) ) OR ( 
sourcetype="WindowsUpdateLog" (status="installed" OR status="failure" OR status="restart required") ) 

Configure Centrify Express with Apache’s mod_auth_kerb

I was lucky enough to spend the morning trying to get mod_auth_kerb working with our existing installation of Centrify without creating any additional SPNs.

It was actually very straight forward except for the missing component of the secret sauce, that’s not documented in many places.
Basically to get it to work perform the following on RedHat 6 (and CentOS 6):

yum install httpd
yum install mod_auth_kerb

vim /etc/httpd/conf.d/auth_kerb.conf

#
# The mod_auth_kerb module implements Kerberos authentication over
# HTTP, following the "Negotiate" protocol.
#

LoadModule auth_kerb_module modules/mod_auth_kerb.so

#
# Sample configuration: Kerberos authentication must only be
# used over SSL to prevent replay attacks.  The keytab file
# configured must be readable only by the "apache" user, and
# must contain service keys for "HTTP/www.example.com", where
# "www.example.com" is the FQDN of this server.
#

<Location /private>
  SSLRequireSSL
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate On
  KrbMethodK5Passwd On
  KrbAuthRealms YOURDOMAIN.COM
  Krb5KeyTab /etc/krb5.keytab
# KrbServiceName is the Centrify secret sauce
  KrbServiceName http
  require valid-user
</Location>

chown root:apache /etc/krb5.keytab
chmod 640 /etc/krb5.keytab

And that’s it. Hopefully “KrbServiceName http” was the secret sauce you needed!