Drown security vulnerability

Protect yourself from drown attack by updating your openssl package.
Redhat patched openssl 1.0.1e

# rpm -q --changelog openssl-1.0.1e-51.el7_2.4.x86_64 | head
* Wed Feb 24 2016 Tomáš Mráz <> 1.0.1e-51.4
- fix CVE-2016-0702 - side channel attack on modular exponentiation
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn

* Tue Feb 16 2016 Tomáš Mráz <> 1.0.1e-51.3
- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method

goto for more info

Cluster ssh with nice fonts !

Cluster ssh is super nice, but out of the box it got ugly and small fonts.
Here’s my Cluster ssh config, which I respectfully ripped from the net:

# $HOME/.clusterssh/config
terminal_args=-fa  'DejaVu Sans Mono:style=Book' -fs 11
# note these are not consistent with the TTF font selection, so have to 'adjust' accordingly
# for terminal_args=-fa  'DejaVu Sans Mono:style=Book' -fs 12:
# for terminal_args=-fa  'DejaVu Sans Mono:style=Book' -fs 11

Thank you

puppet 2.7.x complaining about “err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse YAML data for node”

You’ll probably find numerous links that tell you to delete


in puppetmaster, node or both.

None of those solved my problem.

Upgradeing to puppet-2.7.25 didn’t help either .

On my puppet client, in /var/lib/puppet deleting

rm -fr state/ lib/ facts/ client*

at least let me run puppet again, but next run gives that 400 error again …

note to self: get back to this post when I get time to further debugging this really annoying issue

tcpdump tip

As I was debugging an issue at work related to http headers being forwarded by haproxy I used a couple tcpdump commands that was great, storing here for future reference .

tcpdump -s 1024 -l -A | grep X-Forwarded-For

tcpdump -s 1024 -l -A src or dst

First one will print lines containing X-Forwarded-For, second one let you filter on src and/or destination .
Note that tcpdump by default does not include or ::1 ( lo ) .

CentOS 7 dhcp + custom ‘search domain’

I’m running CentOS 7 on my workstation these days, like it a lot.
At work our dhcp setup dns search for the domain containing our windows hosts but the Unix and Linux hosts I work with are in an other domain.
In the network manager gui in gnome3 I can’t seem to figure out where to add this second search domain, so I’ve been adding it manually to resolv.conf after each boot …

Got tired of that so i added:


in /etc/sysconfig/network-scripts/ifcfg-eno1 and did a

systemctl restart network.service

problem solved.


UPDATE 30th october 2015:
This does not work at all at my workstation at my new job.
I’m not using NetworkManager any more, not sure if that’s the reason though.

By setting SEARCH in /etc/sysconfig/network instead things got a lot better:

# /etc/sysconfig/network