Category Archives: DIY

PCI Compliance – Continued

So after many both my own nmap and openssl and the PCI tests we are finally PCI compliant.

For MediaTemple customers however one thing kept failing the test.

This was the port 8443 which used by Plesk Virtuozo Service and is caused by having the “Offline Management” enabled.

To solve this I asked Mediatemple for help and they gladly disabled the “Offline Management”. This however did not completely solve the issue, since it still left the port open, and since Plesk was still installed it would still overwrite any customization I did to the iptables to block this port, even if I would go though the process of adding it correctly (at least what I could find).

So to solve this I did the following:

I edited the crontab:

crontab -e

and added the block line for iptables:
* * * * * /sbin/iptables -A INPUT -p tcp --dport 8443 -j REJECT

additionally to make sure I did not risk locking myself out I also added a ACCEPT line for my SSH port:
* * * * * /sbin/iptables -A INPUT -p tcp --dport MYPORTNUMBER -j ACCEPT

Cron runs this every minute so as soon as Plesk overwrites the iptables rules, the crontab runs and it’s added again.

This solved the issue which failed the PCI compliance test for me.

In theory this should also work with “Offline management” enabled which is going to be my next experiment. Additionally I am going to try adding an exception for my ip into the iptables to se if that works.

For now though we are PCI compliant and the cron will, for now, make sure it stays that way until I find a more permanent solution or Mediatemple updates the Plesk installation.

PCI Compliance, Weak SSL Ciphers, Plesk, etc

For all those struggling with the marketing stunt that is PCI compliance here are some pages I found that help to make our DV Base at Mediatemple pass the PCI test

Please check out the following links for help on this:

Weak SSL:
465 (smtps/qmail) – http://www.qmailwiki.org/index.php/Qmail-control-files#control.2Ftlsserverciphers
imap/pop – follow instructions http://www.oscommerceuniversity.com/lounge/index.php?topic=265.0

Server wide ssl2 disable and weak ciphers for all virtual domains:
create new file:
vi /etc/httpd/conf.d/zz000_psa_httpd_weak_ssl_disable.conf
press ‘i’ to insert
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:-LOW

press ‘esc’ > ‘shift+q’ > ‘wq’ > ‘enter’
/etc/init.d/httpd stop
/etc/init.d/httpd start

Also found this page very helpful: http://www.linux-advocacy.org/web-servers/making-plesk-more-pci-compliant

Question and additions welcome of course..

Easily moving your ‘Mobile Applications’ folder

Since my iPhone app folder started to become quite substantial (4.5GB +) I wanted to move these files without a lot of hassle.

It should be noted that my iTunes configuration is somewhat different due to the fact that I use Libra (http://www.sillybit.com/libra/) to manage a few different libraries on my Mac.

Since I already had all the audio and video files stored on an external drive I just needed to find an easy way of doing the same thing with my applications.

This is what I did:

- Move the ‘Mobile Applications’ folder to my external drive
- Open up iTunes to find that iTunes can’t find the files anymore and has no way batch changing all the links to the new location.
- Spend some time looking online
- Spend some more time not finding a simple solution
- Getting an idea for my own solution
- Creating an ‘alias’ folder by option-command dragging the copied Mobile Applications folder to the original location of the folder (in my case ~/Music/iTunes) and making sure the name says Mobile Applications
- restarting iTunes to find it’s having no problem finding the files and everything working like it should.

So there it is.. It was as easy as moving the folder and creating an alias in the original location, at least for me this worked…

Update: It seems the above steps led to my entire app library being copied to the iPhone (including the ones that I had previously removed but still had in the library). This could be because I restarted iTunes after copying and removing the original folder before I created the alias. So just keep in mind, that this could lead to you having to reselect which apps you want to copy to the iPhone, or like I’m doing in my case, take this opportunity to start removing the ones you don’t want to put on there anymore.

New Development Horizons – Getting into iPhone Dev

Today I enrolled into the iPhone Development Program. Since I have no objective C, C++ or C- knowledge I looked for tools beforehand in order to make the step into development simpler.

I found a couple:

Now the difference between PhoneGap, Titanium and Corona is that both PhoneGap and Titanium are tools to help you write iPhone apps based on html and javascript including many of the popular libraries (prototype, mootools, jquery, etc.) thereby essentially removing the learning curve of iPhone dev for web designers. Also both are free downloads.

Corona on the other hand is a different matter all together. It let’s you write in Lua. Therefore Corona does have a learning curve, but (keep in mind I don’t know enough about iPhone dev to say this with complete certainty ) might provide more advanced development possibilities.

As of now I will start out using PhoneGap, and when things go smoothly and I have the time to mess about with the Corona Trail Download I might even purchase the Corona Package ($99) and use that since the Lua language seems logical and easy to learn.

I’ll post regularly with updates regarding my Dev journey.