Cloud Insidr 2025-01-11 Leave a Comment

Upgrading from CentOS 6 to CentOS 7 and Beyond?

Upgrading from CentOS 6 to CentOS 7 involves a manual approach, as the standard yum update and migration paths won’t work anymore.

CentOS 6 to 7 upgrades are inherently risky, especially with outdated repositories. Consider migrating directly to a modern distribution like Rocky Linux or AlmaLinux. Tools like ELevate can help with migration from CentOS 6/7 to newer distributions.

The ELevate Project by AlmaLinux offers a community-supported tool for upgrading CentOS 7 to newer RHEL-based distributions. While it doesn’t support CentOS 6 directly, you could consider upgrading from CentOS 6 to 7 first, then use ELevate for further upgrades.

[Read more…]

Cloud Insidr 2024-11-07 Leave a Comment

How To Figure Out Who is Signing In To Dovecot to Send or Retrieve Email

To see which Dovecot users sign in to retrieve or send emails, you can use the doveadm command to query the logs. Here’s a step-by-step guide:

Step 1. Enable Logging

Ensure that Dovecot is configured to log authentication attempts. You can do this by editing the dovecot.conf file:

log_path = /var/log/dovecot.log
auth_verbose = yes

Step 2. Check the Logs

You can use the grep command to filter the logs for login attempts. For example:

grep 'Login:' /var/log/dovecot.log

Alternatively, you can use the doveadm command to query user information. For example, to check user logins:

doveadm log find

If you want to monitor user log-ins to Dovecot in real-time, you can use the tail command:

tail -f /var/log/dovecot.log | grep 'Login:'

These steps will help you track which users are signing in to retrieve or send emails through Dovecot.

Cloud Insidr 2024-10-04 Leave a Comment

OpenSSH 9.9 Introduces Enhanced Quantum-Resistant Algorithms

OpenSSH 9.9 is now available for download on the official mirrors of the OpenBSD Project. This update introduces a range of significant enhancements, such as the support for post-quantum key exchange, improved security controls, and various performance enhancements.

Key Features in OpenSSH 9.9

One of the most notable advancements in OpenSSH 9.9 is the introduction of a hybrid post-quantum key exchange method. It combines the FIPS 203 Module-Lattice Key Encapsulation Mechanism (ML-KEM) with X25519 Elliptic Curve Diffie-Hellman (ECDH). This hybridization is believed to boost security against future quantum computing threats. The algorithm, known as mlkem768x25519-sha256, is enabled by default.

Post-quantum cryptographic standards could be around the corner.

[Read more…]

Cloud Insidr 2024-05-01 Leave a Comment

OpenSSL 3.3 Final Release is now live!

The latest iteration of OpenSSL, version 3.3, has been officially rolled out, marking a significant milestone as the inaugural release under OpenSSL’s biannual time-based release strategy. The OpenSSL team extends its heartfelt gratitude to all contributors whose efforts have been instrumental in bringing OpenSSL 3.3 to fruition.

Key enhancements introduced in OpenSSL 3.3 include:

Provision of QUIC qlog diagnostic logging support
Facilitation of non-blocking polling for multiple QUIC connections or stream objects
Streamlined generation of end-of-stream frames for QUIC connections
Option to disable QUIC event processing during API calls
Customizable configuration for QUIC idle timeout durations
Enhanced capability to ascertain the size and utilization of a QUIC stream’s write buffer
Incorporation of RFC 9480 and RFC 9483 extensions to CMP
Flexibility to deactivate OpenSSL usage of atexit(3) during build time
Integration of SSL_SESSION APIs compatible with the year 2038
Automated derivation of Chinese Remainder Theorem (CRT) parameters upon request
Adaptability to accommodate unknown algorithm names in TLS signature algorithm and group configuration strings
Configuration option for TLS 1.3 servers to prioritize PSK-only key exchange during session resumption
Introduction of the EVP_DigestSqueeze() API, facilitating multiple squeezes with varied output sizes for SHAKE
Inclusion of exporters for CMake on Unix and Windows platforms, alongside the pkg-config exporter

For a comprehensive overview of all modifications between OpenSSL 3.2 and OpenSSL 3.3, please refer to the CHANGES.md file.

OpenSSL 3.3 marks the commencement of a standard release cycle, initiating a one-year Full Support phase. During this period, our team diligently addresses bugs and security concerns in accordance with our Stable Release Updates Policy. Following the conclusion of the Full Support phase, the Maintenance Support phase commences, lasting another year, with a primary focus on rectifying security issues while addressing other pertinent bugs at our discretion.

OpenSSL 3.3 Download Pages for Fedora Linux

Fedora Rawhide – 3.2.1-6.fc41

Fedora 40 – 3.2.1-2.fc40

Fedora 39 3.1.1-4.fc39

Fedora 38 3.0.9-2.fc38

Looking Ahead to OpenSSL 3.4

Looking ahead, the forthcoming release, OpenSSL 3.4, is currently under the stewardship of Neil Horman (@nhorman). Detailed information regarding the release schedule can be accessed via the new OpenSSL Release Schedule board on GitHub.

For any bug reports or issues concerning OpenSSL, we encourage users to utilize our issue tracker, while queries pertaining to the utilization of OpenSSL 3.3 can be directed to GitHub Discussions.

Filipe Martins 2023-01-31 Leave a Comment

How to Activate HTTP/2 with TLS 1.3 Encryption in NGINX for Secure Connections without a Performance Penalty

Are you ready for a better security with no performance penalty? Are you ready for a performance bump that can take you places in search engine land? In other words: now that HTTP/2 reached production-grade maturity, nothing should hold you back.

The IoT revolution will make sure that only the paranoid survive.

[Read more…]