Domino SSL v3漏洞

How is IBM Domino impacted by the POODLE attack?
Technote (FAQ)

Question
How is IBM Domino impacted by the POODLE attack and what is the solution?
Answer
SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, which is a man-in-the-middle attack affecting Web browsers. Browsers connecting via SSLv3 to Domino servers running HTTP are exposed to the POODLE attack. As browsers turn off SSLv3 and disable downgrading from TLS, they will be unable to connect to Domino over HTTP as Domino servers currently support only SSLv3.

IBM has released Domino server Interim Fixes that implement TLS 1.0 with TLS_FALLBACK_SCSV for HTTP to protect against the POODLE attack. Implementing TLS 1.0 for Domino will protect against the POODLE attack and will allow browsers to still connect to Domino after they have been changed to address the POODLE attack.

IBM has provided Interim Fixes for the following Domino releases:
9.0.1 Fix Pack 2 – http://www.ibm.com/support/docview.wss?uid=swg21657963
9.0 – http://www.ibm.com/support/docview.wss?uid=swg21653364
8.5.3 Fix Pack 6 – http://www.ibm.com/support/docview.wss?uid=swg21663874
8.5.2 Fix Pack 4 – http://www.ibm.com/support/docview.wss?uid=swg21589583
8.5.1 Fix Pack 5 – http://www.ibm.com/support/docview.wss?uid=swg21595265

Refer to the following wiki article for more information on protocols: IBM Domino Interim Fixes to support TLS 1.0 which can be used to prevent the POODLE attack:

In addition, IBM intends to provide hotfixes for other 8.5.x or 9.x releases on demand. Contact IBM to open a PMR via the IBM Support Portal if you require a hotfix for these other releases.

Note: For any Domino release, a proxy server in front of Domino to handle TLS communication will also address this issue. Select a proxy server that disables SSLv3 or prevents downgrading a TLS communication down to SSLv3. Domino 9.0x for Windows has a proxy solution by including the IBM HTTP Server (IHS) that supports TLS. For more information on this topic, refer to technote 1612316 – “Is it possible to run IBM HTTP Server (IHS) on the same computer as a Domino server?”

centos网卡绑定

DEVICE=bond0
IPADDR=192.168.1.1
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
NM_CONTROLLED=no
BONDING_OPTS="bonding parameters separated by spaces"
DEVICE=ethX
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
NM_CONTROLLED=no

错误解决:

bringing up interface bond0 connection activation failed master connection not found or invalid
解决方案:关闭NetworkManager
步骤1:chkconfig NetworkManager –level 2345 off
步骤2:service NetworkManager stop

链接:Redhat官方操作手册

网络服务NetworkManager对于bond0和bridge的影响

centos 6.3 vlan配置

系统、软件临时目录修改

系统临时路径

修改变量:TEMP和TMP

IE临时路径

IE选项, 在 “常规” 选项卡的浏览历史记录右方找到 “设定” 按钮

按下 “移动资料夹” 来调临时文件夹的存放位置。

Firefox

about:config中 “新增” → “字串”  browser.cache.disk.parent_directory

Chrome

程序启动参数中添加 –disk-cache-dir=”T:\temp\” –disk-cache-size=262144000

iNotes日程(会议)功能

日历配置 Sched, CalConn, RnrMgr
resource.nsf (resrc8.ntf) 添加管理员角色[Create Resource]
tell RnRMgr show Room
[1E1C:0002-1510] 2014/04/30 14:37:50 RnRMgr: Room not found in schedule database
Best Practices to prevent the accidental deletion of meetings and other calendar related documents http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Best_Practices_to_prevent_the_accidental_deletion_of_meetings_and_other_calendar_related_documents
Example: Running an agent on selected documents in the iNotes inbox http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Example_Running_an_agent_on_selected_documents_in_the_iNotes_inbox