- Linkdump Week 42 / 2020
- Linkdump Week 41 / 2020
- Elasticsearch index creation problem
- Linkdump Week 40 / 2020
- Selfhost Shaarli
- Touchpoint in HCL Connections 6.5CR1
- Some updates (some delayed) on Engage 2020, Connections, my job and documentation as code
- Asciidoctor open links in new window
- DNUG Connections Day 2020
- Walkthrough: Vulnhub - DC: 3
And the second linkdump with contents I read that week. I don’t like the idea, sounds very 1984: Wi-Fiber is creating safer cities by combining wireless tech, smart streetlights Never tried multi-stage Dockerfiles, but sounds interesting to get red of libraries and installer files: Fun with Multi-stage Dockerfiles Most interesting for me was the part about the available docker images carpedm20/awesome-hacking I use Shaarli to store links (on mobile and my computers), which are not saved to my Readlater stuff in Wallabag, but I will give the console tool Buku a chance next week.
. I screwed up that post today when I tried to edit on my mobile. Sorry for that. I added some details to get a better overview on that topic. With IBM Connections 6.0 CR1, one of the main security concepts was changed. Former versions use blacklisting to manage most of the security topics, now the complete opposite is used – white-listing. So up to IBM Connections 6.0 everything was allowed until it was not excluded in one of the blacklist files. This files are stored within the Deployment Manager profile/config/cells/<cellname>/LotusConnections-config/extern. Now with Connections 6.0CR1 everything is forbidden, until it is enabled in the white-list.
Since years i think that the Internet Lockout Feature of IBM Domino is not enough. The function is documented here: IBM Domino Administrator Help Cite of this document: There are some usage restrictions for Internet password lockout: You can only use Internet password lockout with Web access. Other Internet protocols and services, such as LDAP, POP, IMAP, DIIOP, IBM® Lotus® Quickr®, and IBM Sametime® are not currently supported. However, Internet password lockout can be used for Web access if the password that is used for authentication is stored on an LDAP server So documentation tells us, that only HTTP can be secured through inetlockout.
I started a new project on OpenNTF for the collection of scripts we created to speed up and simplify WebSphere and Connections Administration. Link to this project: Administration Scripts for WebSphere In the moment most of documentation is only as comment in these scripts. Descriptions can be found in Github and Slideshare. Highlights J2EE Security Role Backup and Restore Set initial Security Roles for Connections Applications (Author: Klaus Bild) Documentation When you want to start with this collection, copy the jython script to your Deployment Manager bin-folder ($WAS_HOME/profiles/Dmgr01/bin) and call the scripts with wsadmin.
Preamble Before i begin with my securing article, i want to say something on security on IBM Connections. Mainly i don’t like the thing, that IBM only support very special versions of software. So we must use WebSphere 22.214.171.124, DB2 126.96.36.199, IHS 188.8.131.52 and so on. Each product had updates the last months and i think we won’t get support when we use other versions. So i have to chances. On the first side i can update my software to limit vulnerabilities and get perhaps no support, or i will have vulerable software with support. Just my 2 cent and i hope i will get answer, if i will get support with higher program versions.