Archive

Archive for the ‘Linux’ Category

Setting up an ad-hoc TCP listener for connection testing using Python’s web service

September 14, 2021 Leave a comment

I recently needed to set up a connection test so that an outside vendor could verify that firewall rules had been set up correctly on both ends and that a connection which originated at a specific IP address on the vendor’s end was able to resolve a DNS address on our end and make a connection.

I remembered that Python has a simple way to set up a web server, so I decided to use this to create a script which creates a connection listener by setting up a web server on the desired port. For more details, please see below the jump.

Read more…

Categories: Linux, macOS, Scripting, Unix

Jamf Pro deprecating the ability to issue a Tomcat certificate from the Jamf Pro built-in certificate authority

June 15, 2021 1 comment

As part of the release of Jamf Pro 10.30, the following entry was added to the Deprecations section of the Jamf Pro Release Notes:

Functionality to issue the Tomcat SSL/TLS certificate from Jamf Pro’s built-in certificate authority — Jamf Pro’s functionality to issue the Tomcat SSL/TLS certificate from the JSS built-in certificate authority (CA) will be discontinued in a future release of Jamf Pro. The release version for this change has not been determined.

Before this change occurs, it is recommended that all on-premise Jamf Pro instances leveraging this functionality switch to a publicly trusted third-party CA to issue the Tomcat SSL/TLS certificate. This will prevent the potential loss of MDM communication from Jamf Pro to enrolled devices.

If needed, a Tomcat SSL/TLS server certificate for Jamf Pro may be issued from an internal certificate authority. The JSS built-in CA will maintain its current ability to manually issue server certificates to other servers.

Screen Shot 2021 06 15 at 3 08 31 PM

For shops which use Jamf Pro’s built-in certificate authority to create the SSL certificate used by the Tomcat web application, this means that at some point in the near(ish) future, you will need to plan to use a certificate for your Jamf Pro server which is no longer being issued by your Jamf Pro server’s built-in certificate authority.

Screen Shot 2021 06 15 at 3 11 52 PM

For more details, please see below the jump.

Read more…

Categories: Jamf Pro, Java, Linux, PKI

Connecting to AWS EC2 instances via Session Manager

April 1, 2021 Leave a comment

When folks have needed command line access to instances running in Amazon Web Service’s EC2 service, SSH has been the usual method used. However, in addition to using SSH to connect to EC2 instances in AWS, it is also possible to connect remotely via Session Manager, one of the services provided by AWS’s Systems Manager tool.

Session Manager uses the Systems Manager agent to provide secure remote access to the Mac’s command line interface without needing to change security groups and allow SSH access to the instance. In fact, Session Manager allows remote access to EC2 instances which have security groups configured to allow no inbound access at all. For more details, please see below the jump.

Read more…

Backing up Der Flounder Revisited

February 12, 2021 2 comments

Nine years ago, I wrote a post on how I backup this blog. Overall, the reasons I’m backing up haven’t changed:

  • I like this blog and don’t want to see it or its data disappear because of data loss.
  • WordPress.com’s free hosting doesn’t provide me with an automated backup method.

To create the backups, I make a nightly mirror using HTTrack. As time has passed and host machines were replaced, I’ve moved the backup host a few times. For the last move, I decided for budgetary reasons to move off of using Macs and onto a Raspberry Pi. For those wanting to know more, please see below the jump.

Read more…

Categories: Backup, Linux, Raspberry Pi

Backing up a Jamf Pro database hosted in Amazon Web Services’ RDS service to an S3 bucket

February 16, 2020 Leave a comment

For those using Amazon Web Services to host Jamf Pro, one of the issues you may run into is how to get backups of your Jamf Pro database which you can access. AWS’s RDS service makes backups of your database to S3, but you don’t get direct access to the S3 bucket where they’re stored.

In the event that you want a backup that you can access of your RDS-hosted MySQL database, Amazon provides the option for exporting a database snapshot to an S3 bucket in your AWS account. This process will export your data in Apache Parquet format instead of a MySQL database export file.

However, it’s also possible to create and use an EC2 instance to perform the following tasks:

  1. Connect to your RDS-hosted MySQL database.
  2. Create a backup of your MySQL database using the mysqldump tool.
  3. Store the backup in an S3 bucket of your choosing.

For more details, please see below the jump.

Read more…

Monitoring Jamf Infrastructure Managers on Red Hat Enterprise Linux

August 23, 2019 Leave a comment

A vital component of a Jamf Pro server setup is usually its LDAP connection to a directory service (usually an Active Directory server.) This connection allows the Jamf Pro server to not only leverage the directory service’s users and groups, but also automatically populate information about the owner of the device by doing a lookup in LDAP as part of a computer‘s or mobile device’s inventory update and assist with providing user-specific policies in Self Service.

As more folks move from using self-hosted Jamf Pro servers to now having Jamf host them in Jamf Cloud, this LDAP connection usually requires an LDAP proxy in order to securely connect a Jamf Cloud-hosted Jamf Pro instance to a company’s internally-hosted directory service. Jamf provides an LDAP proxy for this purpose in the form of the Jamf Infrastructure Manager (JIM). 

Because the LDAP connection is so vital, it’s just as vital that the JIM stay up and working all the time. To assist with this, I’ve written some scripts to assist with monitoring and reporting for a JIM running on Red Hat Enterprise Linux. For more details, please see below the jump.

Read more…

Slides from the “Providing the best Mac experience possible, from the Apple CoE team with ♥” session at Jamf Nation User Conference 2018

October 24, 2018 Leave a comment

For those who wanted a copy of my Mac management talk at at Jamf Nation User Conference 2018, here are links to the slides in PDF and Keynote format.

PDF – http://tinyurl.com/JNUC2018SAPPDF

Keynote – http://tinyurl.com/JNUC2018SAPKeynote

Automating Jamf Infrastructure Manager setups on Red Hat Enterprise Linux

June 23, 2018 1 comment

As part of a project, I needed to build an automated setup process for a Jamf Infrastructure Manager (JIM). Thanks to the help of some folks at Jamf, I have a process which runs non-interactively and which does the following on Red Hat Enterprise Linux 7.x:

  1. Installs the JIM software
  2. Enrolls the JIM with a Jamf Pro server

For more details, please see below the jump.

Read more…

Implementing log rotation for the Jamf Infrastructure Manager logs on Red Hat Enterprise Linux

November 4, 2017 Leave a comment

A while back, I had set up the Jamf Infrastructure Manager (JIM) in a VM running Red Hat Enterprise Linux (RHEL) to provide a way for a Jamf Pro server hosted outside a company’s network to be able to talk to an otherwise inaccessible Active Directory domain. The JIM software has been running fine since I configured it, but I recently needed to take a look at the JIM logs as part of diagnosing another issue.

For those not familiar with the JIM software, it has several log files and those logs are available in the following location on RHEL:

/var/log/jamf-im-launcher.log
/var/log/jamf-im.log
/var/log/jamf-im-pre-enroll.log

Screen shot 2017 04 29 at 5 32 52 pm

When I checked the logs, I noticed that /var/log/jamf-im.log had grown to almost 500 MBs in size.

Considering this log is a plaintext file, that’s a big log file and it seemingly had been not been rotated or otherwise changed since I first installed the JIM software. To help make sure that the host VM would not eventually run out of space because of this growing log file, I needed to implement log rotation for the JIM logs. For more details, see below the jump.

Read more…

Managing AWS-hosted VMs using EC2 Systems Manager

May 30, 2017 Leave a comment

I’ve been doing a lot of work recently with Linux VMs that are hosted on Amazon Web ServicesEC2 service. As part of this work, I’ve been working on two problems in parallel:

  • Enabling automation of certain management commands for the VMs
  • Securing SSH

Part of the issue was that I thought I needed to have SSH available to enable remote administration. If that was true, I also needed to secure SSH access so that I could use it and malicious third parties couldn’t. However, whatever method I chose also needed to be easily accessible to my team so that they could access the AWS-hosted VMs in case of an emergency where I wasn’t available.

I went through a few iterations of SSH solutions, including investigating multi-factor authentication and setting up SSH bastions. In the end though, I discovered a surprising solution that fixed both of my problems: AWS’s EC2 Systems Manager

Systems Manager allowed me to do the following:

  1. Manage my Linux VMs on EC2 without using SSH
  2. Block SSH access on my Linux VMs
  3. Run commands on multiple VMs at once
  4. Create a library of frequently used tasks and run those commands without needing to re-enter the scripts used to run those tasks.
  5. Not spend extra money on a management solution because AWS makes Systems Manager available at no cost to AWS customers.

For more details, please see below the jump.

Read more…

%d bloggers like this: