Additional OpenSSL tips
Self-signed certificates Display cert extensions Viewing certificate information Checking server certificate How to create a certificate chain ? ...
Post tagged: security
Deploying your CA's root certificate
Linux Windows 10 iOS 14 Authenticating clients Authenticating clients with nginx ...
Revoking Certificates
Certificate revocation lists Prepare the configuration file Create the CRL Revoke a certificate Server-side use of the CRL ...
Your own Certificate Authority
Generating root cert Preparation Creating the root key Creating the root certificate ...
Certificate Authorities
For home users there is not much use for running you own Certificate Authority (CA), and with availability of Letsencrypt and the plethora of ACME libraries setting TLS encryption is quite straight forward. ...
Using Excel files from Python
Intro XlsxWriter openpyxl xlwings pywin32 ...
Using Podman on Alpine Linux
Introduction What is Podman? Installation on Alpine Linux Rootful vs Rootless ...
Filesystem discard
Now with the prevalence of SSD's for storage, it is important to make sure that the DISCARD operation is used. This is specially true as this can increase the lifetime of your flash storage by reducing the need to re-map blocks by simply marking them as freed. ...
Python development tips 2024
Local install packages Better debugging Built-in exceptions Adding site specific customizations Constants ...
Docker in Docker
Introduction Method 1: Mounting /var/run/docker.sock docker.sock permission error ...
Telekom Cloud CI/CD demo
Pre-requisites Preparation Base infrastructure Notes ...
OpenTofu
Introduction Origins Why use OpenTofu Using OpenTofu ...
Locking down SFTP
This is a small recipe to increase the security around a SFTP interface. In the /etc/ssh/sshd_config file include the following settings: Subsystem sftp internal-sftp This configures the sftp subsystem to use the internal sftp implementation. This is because inside the chroot, we usually will not have the normal ...
Tunneling NFS over SSH
This recipe is for tunneling NFS traffic over SSH. This adds encryption and Public Key authentication to otherwise insecure NFS traffic. For this recipe to work, requires NFSv4. Earlier versions were not tested, but I expect not all the functionality to work. server configuration ...
Home Assistant Behind Reverse Proxy
To set-up a reverse proxy I took the following steps: configure DNS get Letsencrypt certificates Configure NGINX Configure Home Assistant to trust the proxy ...
nas ops cmd
This is my op script. This is stupidly simple script to elevate priviledges in order to manage NFS shares on my QNAP NAS. The idea is that NFS shares do squash-root so admin access is disallowed through NFS. This gives a convenient way to issue root level commands without using NFS but instead use ssh ...
Secure erase of disc drives
This article is about erasing disc drives securely. Specially for SSD drives, writing zeros or random data to discs is not good enough and counterproductive. One way to do secure erase (for disposal) is to begin with an encrypted disc. However, after the fact the following options are possible: ATA Secure Erase ...
3 Open Source Password Managers
Keep your data and accounts safe by using a secure open source password manager to store unique, complex passwords. Maintaining complex, unique passwords for each site and service you use is among the most common pieces of advice that security professionals provide to the public every year. Yet no matter how many times it is said, it seems like a week doesn't ...
How to encrypt linux partitions with LUKS
There are plenty of reasons why people would need to encrypt a partition. Whether they're rooted it in privacy, security, or confidentiality, setting up a basic encrypted partition on a Linux system is fairly easy. This is especially true when using LUKS, since its functionality is built directly into the kernel. Installing Cryptsetup ...
VNC desktop
IDEA: Client connects > < server sends version string (Use 3.3 only) Client replies with actual verison string > < server sends security type; NONE Client send ClientInit (shared flag) > ...
Page 1 / 2
»