Fedora 24 Wireless Working on Dell Latitude E-Series

As many who personally know me, my favorite laptop is my trusty old Dell Latitude E-6320, it’s a few years old now but still rocks an i5, SSD, and 8gb RAM and gets the job done nicely. I use this at home with a docking station which works great with wired network connections, however I’ve found wireless to be an ongoing battle with this laptop on Fedora 24. So I turned my fix into a script and posted it on my Github!

https://github.com/rstaats/Fedora24BroadComWireless

Hope this helps other poor saps who love to run Fedora on Dell Enterprise grade laptops!

CoreOS on Citrix XenServer 7 Setup Guide

This article applies to Citrix XenServer 7, for version 6.5 please ensure you are using the correct supplemental pack

Installing the Supplemental Pack

SSH into your XenServer host and run the following to download the ISO

wget http://downloadns.citrix.com.edgesuite.net/11621/XenServer-7.0.0-xscontainer.iso

Next run the following command to install it

xe-install-supplemental-pack XenServer-7.0.0-xscontainer.iso

Once this is installed you can rm the iso from dom0 to conserve space.

 

Installing CoreOS Guest

Use the new VM wizard selecting the CoreOS ISO when prompted for the install media and when you get to the final portion where it asks you to complete the cloud-config template ensure you enter a hostname in the top line, and uncomment the line for ssh-rsa and add a key, or you will not be able to SSH into the VM. Once the VM is booted you will see the ip address in the console, attempt to ssh to this using the username core@ipaddress to ensure your SSH key is working.

If your SSH key does not work at this point power off the VM and fix it before proceeding to the next step as it is the point of no return.

 

Installing CoreOS to Disk

SSH to your CoreOS VM. The command below will complete the installation of CoreOS to disk on your VM:

sudo coreos-install -d /dev/xvda -o xen -C stable

Once this completes you will need to execute the following:

sudo reboot

Once the reboot has completed you will need to set a password for the core user

sudo passwd core

Once you provide a password and confirm the password you can proceed to the next step which allows monitoring of containers by dom0

 

Enable Container Monitoring

To enable container monitoring you will first need the UUID of your CoreOS VM. Execute the following command via SSH on your XenServer host:

xe vm-list power-state=running

Copy the UUID over the VM to your clipboard then run the following command:

xscontainer-prepare-vm -v <UUID of VM> -u core

You bill be asked if you’d like to push a pool specific SSH key to the VM for monitoring, choose yes and enter the password you set for the user core in the previous step.

 

Verify Functionality

The next step will be to pull a docker repo of your choice, for my example I will use centos:latest

docker pull centos:latest

Next we will start a docker instance:

docker run -i -t -d centos:latest /bin/bash

At this point we should be to make sure our container is successfully running from the CLI:

docker ps

Now in the Citrix XenCenter console we should see a plus sign next to our CoreOS VM. Once this is expanded you should be able to see the docker container you started by name.

Securing Apache X-Frame-Options

Issue

If specific origins are not listed or set to DENY, or SAMEORIGIN, a site can be vulnerable to embedded 3rd party code on embedded frames or embedded iframes.

Remediation Options

For servers running Apache web server, this can be addressed by adding the line below to the apache2.conf/httpd.conf file or to your .htaccess file if you need different options for each site and you have multiple sites on the same server.

Header always append X-Frame-Options SAMEORIGIN

Variations Allowed

Even if you still need content from multiple sites there are multiple ways to configure X-Frame-Options. Below is a table explaining the different options and I will provide some examples as well.

Setting Description
SAMEORIGIN Allows a page to be displayed in a frame or iframe as long as it’s from the same origin
DENY Disallows page to be displayed in a frame or iframe regardless of its origin
ALLOW-FROM Allows a specific white list of origins that pages in frames and iframes are permitted from, else all others are implicitly denied
 Header always append X-Frame-Options SAMEORIGIN
 Header always append X-Frame-Options DENY
 Header always append X-FRAME-OPTIONS ALLOW-FROM http://example.com

Final Notes

If X-Frame-Options are declared in a global location such as the apache configuration file a restart of the apache service will be required for this setting to take effect. If implementing in the .htaccess file this will not require a restart of apache.