Lessons Learned:

My lessons learned page started in the previous century as a way for me to track things that I learned in my travels. The notes got a bit sparse in the 2010s but I’m trying to recreate the process.

I have a legacy directory for the original lessons learned. Some of that stuff is really old. Does anyone really play with modem commands anymore?

(Reasonably) current lessons learned:

git:

• Git: synchronizing bare repos
• Git Cheat sheet
  • Overview:
  • Commands:
  • Discussion:
    • git log:
    • Commit references:
  • Summary:
• Notes on installation, configuration, and use of gitlabhq:
  • Overview:
  • Book:
  • Things to do:
  • Lessons learned:
  • Commands:
  • Installation:
  • Configuration files:
    • ~git/gitlab-shell/config.yml:
    • ~git/gitlab-rails/etc/database.yml:
    • ~git/gitlab-rails/etc/gitlab.yml:
    • ~git/nginx/conf/nginx.conf:
  • Notes:
  • Practice:
• gitolite notes:
  • Overview:
  • Objectives:
  • Notes:
  • Original_mirroring: didn’t work:
• Gitolite administration instructions:
  • Installation:
  • Configuration:
  • Mirroring:
• Gitolite documentation:
  • Overview:
  • Personal Repos:
    • Personal repo overview:
    • Creating personal repos:
    • Enabling others to access a personal repo:
      • To allow access:
      • To remove access:
    • Deleting personal repos:

Secure Shell:

• Secure Shell & 2 Factor Authentication Presentation
• ssh users’ guide
  • Overview:
  • Using/Configuring ssh
    • Section Overview:
    • Basic ssh usage
      • ssh command syntax
      • scp command syntax
    • Public/Private key authentication process
    • Generating keys
    • Configuring the local account
    • Disseminating keys/updating authorized_keys file
      • Public key filename syntax
      • Copying public keys
      • Updating authorized_keys
      • Test access
    • Configuring ssh agents
      • ssh-agent overview
      • ssh-agent initialization
        • Eval method
        • Subshell method
      • Adding identities to the agent
      • Third way of initiating ssh-agent
  • Noninteractive ssh
  • Miscellaneous ssh items
    • ~/.ssh/config
    • ssh & clusters
• ssh_logger information
• Sudo vs ssh/pka to access root
  • Proposal:
  • Who am I?
  • Background:
  • Root access model comparisons:
  • Required/suggested modifications:
    • Log key fingerprints:
    • Allow pka but prohibit password authentication:
    • Update syslog configuration as needed:
    • Log remote command execution via forced commands:
    • Develop key management procedures:
    • Set authorized keys files in root-only writable directory:
    • Monitor log files for ssh key fingerprints:
  • ssh/pka concerns:
    • Null passphrased private keys:
    • Potential for wider damage:
    • Key/access audit:
  • Summary:

Legacy/archived lessons learned:

AIX:

• AIX: Adding Inet Services:
• AIX: dmesg
• AIX: Freeware sites
• AIX: Creating Logical Volumes and Filesystems:
• AIX: Paging space information
  • Paging related commands:
  • Deactivating paging space:
  • Modifying default paging space:
• AIX: Creating physical volumes
• AIX: Mirroring rootvg
• AIX: sendmail interaction
• AIX: System Resource Controller (SRC)
• AIX: vmstat - can’t read from device or file

HPUX:

• HP: Mounting HP CDs on foreign OSes
• HP: ia64 lanboot
• HP: Generic installation checklist
• HP: Integrity Virtual Machines:
• HP: Kernel parameters
• HP: Mirroring bootdisks
  • PA-RISC Mirroring procedures
  • Itanium mirroring procedure
• HP: Creating patch depots
• HP: HPUX Crash dump analysis
  • Crash Checklist:
  • ITRC DOCUMENT ID: OZBEKBRC00000611 (For 10.10-11.20)
• HP: SD through a firewall
• HP: SDUX Permisison denied
• MCSG: Authentication issues
• MCSG: cmsetlog reference
• MCSG: Commands
• MCSG: Creating clusters
• MCSG: When to vgimport/export
• MCSG: Troubleshooting a hung cluster reformation:
• MCSG: Running clustes w/o all nodes
• MCSG: Adding a node checklist
• MCSG: Creating packages checklist
• MCSG: Package start steps
• MCSG: Rebuilding a cluster
• MCSG: Removing clusters
• MCSG: Removing a node from a cluster
• MCSG: removing packages checklist
• MCSG: Rolling upgrade rules
• MCSG: Symptoms/Cause matrix
• MCSG: Reasons for TOC

ldap:

• ldap directory info:
• Overview:
• Creating ldap directory server:
• Legacy authentication:
• sssd authentication:
• Try #4:
• Try #3:
  • ldap auth w/o encryption:
  • ldap auth w/encryption:
• Try #2:
• Original try:
• Original slapd.conf.{bak,obsolete}:
• Notes on user/group manipulation in ldap
  • Security issues:
  • Goals:
  • Status:
  • Password restrictions:
• Notes/tips/lessons learned on use of ldapsearch
• MPI Password expiration comparison:
  • Test 1: Password reset by admin w/o user ssh key:
  • Test 2: Password reset with user ssh key:
• openldap admin guide nodes
  • Admin Guide Overview:
  • Chapter 1: intro to openldap directory services:
  • Chapter 2: Quick start guide:
  • Chapter 3: Big picture - configuration choices:
  • Chpater 4: Building and installing openldap s/w:
  • Chapter 5: Configure slapd
  • Chapter 6: same thing for the slapd.conf file:
  • Chapter 7: running slapd:
  • Chapter 8: access control:
  • Chapter 9: Limits:
  • Chapter 10: database maintenance:
  • Chapter 11: Backends:
  • Chapter 12: overlays:
  • Chapter 13: schema specifications:
  • Chapter 14: security considerations:
  • Chapter 15: Using SASL:
  • Chapter 16: TLS
  • Centos chapter 18: Directories:
• Openldap and SSL Certificate research notes
  • Overview:
  • Solution:
• Openldap goals and lessons learned:
  • Goals:
• Openldap groups: posxigroup vs groupofnames
  • Issue:
  • Options:
  • Summary:
• Notes from oreilly’s ldap SA book
  • Overview:
  • Chapter 1: what is a directory
  • Chapter 2: ldap overview
  • Chapter 3: openldap
  • Chapter 4: company white pages
  • Chapter 5: replication, referrals, and searching
  • Terms:
• Solaris, ldap config, and mkhomedir
  • Overview:
  • Home directories:
  • Commands:
  • Summary:
• ldap notes:
  • Goals:
• Centos openldap installation
  • Overview:
  • Creating ldap directory server:
  • Legacy authentication:
  • sssd authentication:
  • Summary:
  • Original slapd.conf.{bak,obsolete}:
• Steps to create a local CA and sign CSRs:
• ldap: identify accounts with expired passwords
  • Overview:
  • Configuration:
  • Sample runs:
  • Script:
• Installation, configuraiton notes and generic lessons learned on openldap
  • Overview:
  • Notes:
  • Questions to be answered:
  • Things to do:
  • Command examples:
• Openldap goals and lessons learned:
  • Lessons learned:
  • Acronyms:
• openldap wrapper script:
  • Overview:
  • Configuration:
  • Usage:
  • Summary:
  • Script:
• Openldap groups: posxigroup vs groupofnames
  • Issue:
  • Options:
  • Summary:
• Openssl commands