Pre Christmas Tips and Tricks for Sysadmins
25 December 2017
Thank you for visiting our SysAdvent Blog!
We hope you have enjoyed the articles in our third SysAdvent season! This is the last post in this years sysadvent. If you want to read more, we have other blog entries at our main site, our techblog, our employees have personal blogs that are aggregated at Planet Redpill Linpro, ...
24 December 2017
Using Ansible for system updates
As mentioned in the previous ansible post, we use ansible quite a lot for day to day operations. While we prefer Puppet for configuration management, ansible is excellent for automation of maintenance procedures. One such procedure is gracefully applying package upgrades, including any required reboot, of application servers. In this ...
23 December 2017
Vagrant for the lazies
Personally, I consider the script parameter in a Vagrantfile to be a feature that is not abused enough. It’s got a lot of potential - every script can have a parameter (or several). Modifying your Vagrant use to include this gives you a more flexible and reliable way ...
22 December 2017
Tiny virtual firewalls with IncludeOS
IncludeOS is a Unikernel written in C++. It's a tiny operating system that allows you to build fast, small and secure virtual machines. Here we take a look at using it as a firewall.
21 December 2017
Making it right all the time - or that time I disagreed with a distro package about file permissions
Distro packages are a blessing that most of us take for granted (thank you and sorry package maintainers everywhere!). They make installation, maintenance and even removal of both simple and complex software a breeze. Sometimes you disagree But sometimes you disagree with a decision made in the distro package. Or ...
20 December 2017
S2I, Source-To-Image, is a toolkit for building Docker images with minimum effort. The S2I project description describes itself like this: Source-to-Image (S2I) is a toolkit and workflow for building reproducible Docker images from source code. S2I produces ready-to-run images by injecting source code into a Docker container and letting the ...
19 December 2017
12 days of Varnish
While Varnish is most famous for its speedy caching capabilities, it is also a general swiss army knife of web serving. In the spirit of Christmas, here’s Twelve Days of Varnish Cache, or at least, twelve use cases. ...
18 December 2017
Investigating performance problems through snapshot logging
So, the database is slow - why? There can be several reasons for this. Perhaps a few very heavy queries are bogging down the database. In this case, you’d typically set up slow query logging and find them in the slow.log. However, sometimes the reason is simply lots of ...
17 December 2017
Threat intelligence: Sharing is caring
In today’s threat landscape, with botnets, ransomware, and unpatched and unprotected IoT toasters and garbage bins in every home, the ability to quickly and easily identify suspicious activities and artifacts is probably more important than ever before. If your company’s web server is being probed from a particularly malicious IP ...
16 December 2017
A different approach to log rotation
Logrotation is a key for running a stable server, but removing log files is often an anathema to security, traceability, and server history. In reality, you want a perfect rotation setup in order to maximise the retention of logs. Instead of trying to continuously trying to balance the number of ...
15 December 2017
Using Let's Encrypt with OpenShift
When installing OpenShift, the default certificates that are being installed are self-certified. Although this gives you functional encryption, this is in no way best practice and is especially annoying for the route being exposed for the Hawkular metrics, which is integrated within the Web console. Luckily there is a relatively ...
14 December 2017
Using ssh_config(5) and FoxyProxy for fun and profit
The other day, as I just had updated my workstation to Fedora 27, I realized maybe the Include statement in ssh_config(5) had been implemented. And indeed it had. So it’s time to reorganize my ssh-config-generate script, FoxyProxy browser plugin for tunneling web traffic through ssh, and maybe even setting up ...
13 December 2017
iPXE and automated provisioning
Provisioning of new servers can be a daunting experience. Back in days it meant booting the machine with a CD or a DVD and doing manual choices. Automation of the installation process makes the process faster and less prone to human errors. Network installation helps the process, but you still ...
12 December 2017
Care and feeding of SMTP honeypots
In parallel with an SSH/telnet honeypot, I’m also running an SMTP honeypot using INetSim. The SMTP honeypot is only one of many functions of INetSim; this article will cover the SMTP component only. The SMTP part of INetSim has been configured with the following settings in inetsim.conf: start_service smtp smtp_bind_port ...
11 December 2017
Allow backup sysadmins to gain access through a "Break the Glass"-solution
I want backup sysadmins to have login access to some systems, with said access rarely (if ever) used. To prevent abuse I’d like strong audit logging, logging that stands out from the rest of all the logging, logging that cannot be tampered with, and that can easily be followed up ...