Archive for October, 2015

Ubuntu preseed script to install chef client agent

October 28th, 2015 No comments

I recently embarked on a project to build an Ubuntu PXE OS deployment server that would allow for unattended installation of both physical/virtual servers. This piece of work is part of a wider 'automation' project, for which we are using Chef as our configuration management tool. As part of the unattended installation of new servers, I wanted to automate the installation and configuration of the Chef client agent.


Categories: Chef, Ubuntu Tags: , , , ,

Cisco ASA Implicit Rule “Permit all traffic to less secure networks” ACL

October 27th, 2015 No comments

When adding a new network interface to a Cisco ASA, you must specify it's security level. Based on this security level, the default Cisco ASA ACL allows you to access "less secure" networks (with a lower security level), and denies access to "more secure" networks (with a higher security level). The default rule works well, until you need to allow this security zone access to a "more secure" security zone. For example, a DMZ could have a security level of say 25, allowing access to an outside interface with a security level of 0, but it would be implicitly denied access to an inside interface with a security level of 100. When we need to add an ACL to permit certain access to the inside interface, the implicit "Permit all traffic to less secure networks" rule is automatically removed by the Cisco ASA. We can manually add a form of this ACL back in to retain security between zones.


Categories: Networking Tags: , , , ,