Docker in Docker
Introduction Method 1: Mounting /var/run/docker.sock docker.sock permission error ...
Post tagged: security
Telekom Cloud CI/CD demo
Pre-requisites Preparation Base infrastructure Notes ...
OpenTofu
Introduction Origins Why use OpenTofu Using OpenTofu ...
Locking down SFTP
This is a small recipe to increase the security around a SFTP interface. In the /etc/ssh/sshd_config file include the following settings: Subsystem sftp internal-sftp This configures the sftp subsystem to use the internal sftp implementation. This is because inside the chroot, we usually will not have the normal ...
Tunneling NFS over SSH
This recipe is for tunneling NFS traffic over SSH. This adds encryption and Public Key authentication to otherwise insecure NFS traffic. For this recipe to work, requires NFSv4. Earlier versions were not tested, but I expect not all the functionality to work. server configuration ...
Home Assistant Behind Reverse Proxy
To set-up a reverse proxy I took the following steps: configure DNS get Letsencrypt certificates Configure NGINX Configure Home Assistant to trust the proxy ...
nas ops cmd
This is my op script. This is stupidly simple script to elevate priviledges in order to manage NFS shares on my QNAP NAS. The idea is that NFS shares do squash-root so admin access is disallowed through NFS. This gives a convenient way to issue root level commands without using NFS but instead use ssh ...
Secure erase of disc drives
This article is about erasing disc drives securely. Specially for SSD drives, writing zeros or random data to discs is not good enough and counterproductive. One way to do secure erase (for disposal) is to begin with an encrypted disc. However, after the fact the following options are possible: ATA Secure Erase ...
3 Open Source Password Managers
Keep your data and accounts safe by using a secure open source password manager to store unique, complex passwords. Maintaining complex, unique passwords for each site and service you use is among the most common pieces of advice that security professionals provide to the public every year. Yet no matter how many times it is said, it seems like a week doesn't ...
How to encrypt linux partitions with LUKS
There are plenty of reasons why people would need to encrypt a partition. Whether they're rooted it in privacy, security, or confidentiality, setting up a basic encrypted partition on a Linux system is fairly easy. This is especially true when using LUKS, since its functionality is built directly into the kernel. Installing Cryptsetup ...
VNC desktop
IDEA: Client connects > < server sends version string (Use 3.3 only) Client replies with actual verison string > < server sends security type; NONE Client send ClientInit (shared flag) > ...
Rollback with YUM History Command
From 2daygeek.com Server patching is one of the important task of Linux system administrator to make the system more stable and better performance. All the vendors used to release security/vulnerabilities patches very often, the affected package must be updated in order to limit any potential security risks. Yum (Yellowdog Update Modified) is RPM Package Management utility for CentOS and Red Hat systems, Yum history command allows administrator to rollback the system to a previous state but due to some limitations, rollbacks do not work in all situations, or The yum command may simply do nothing, or it may remove packages you do not expect. I advise you to take a full system backup prior to performing any update/upgrade is always recommended, and yum history is NOT meant to replace systems backups. This will help you to restore the system to previous state at any point of time. n some cases, the hosted applications might not work properly or through some error due to recent patch updates (It could be some library incompatibility or package upgrade), what will be the solution in this case? Get in touch with App Dev team and figure it out an issue creating library' and packages then do the rollback with help of yum history command. ...
Securing rsync on ssh
Reference: positon.org You have 2 systems and you want to set up a secure backup with rsync + SSH of one system to the other. Very simply, you can use: backup.example.com# rsync -avz --numeric-ids --delete [email protected]:/path/ /backup/myserver/ To do the backup, you have to be root on the remote server, because some files are only root readable. Problem: you will allow backup.example.com to do anything on myserver.example.com, where just read only access on the directory is sufficient. ...
Writing Safe Shell scripts
Writing shell scripts leaves a lot of room to make mistakes, in ways that will cause your scripts to break on certain input, or (if some input is untrusted) open up security vulnerabilities. Here are some tips on how to make your shell scripts safer. Don't The simplest step is to avoid using shell at all. Many higher-level languages are both easier to write the code in in the first place, and avoid some of the issues that shell ...
Windows administration from the command line
Windows system administration is very mouse driven and to reach all tools you need to browse through Windows explorer. If you are like me and prefer to log on a limited privilege account and use Runas to perform admin tasks, you can open these consoles with the .msc file names. Here is a list of admin tools with their .msc file names. domain.msc: AD Domains and Trusts ...
Web Links
Here a few web-links to interesting web apps. It covers stuff about password security and checking if web sites are down, etc etc. Down For Everyone or Just Me: If you're getting an error when visiting a certain site, it could be down or something could be wrong on your end. To see which ...
Using CloudFlare
So I have signed up 0ink.net to use the CloudFlare service. CloudFlare is a reverse proxy service that is supposed to speed up and improve web server security. This is done by: globally distributed reverse proxy cache network ...
Automatically adding systems to an AD domain
When using virtualisation it is very common to create template VMs that can be cloned from. This makes deployment much easier than having to install a new VM from scratch. Unfortunately, the cloned VMs lack any Active Directory memberships and the VMs have to be manually added to the AD domain. For automated deployment scenarios this is less than desirable. This recipe intends to solve that issue in a ...
Page 1 / 1