While CentOS 7 will reach its EOL in 2024-06-30 users will be required to migrate to CentOS Stream 8 at least. While there is no official option to upgrade to CentOS 9 Stream we will cover today only upgrading from CentOS 7 to CentOS 8 Stream. In this tutorial I will asume you are using root user like me. Need help migrating legacy infrastructure to supported Linux distributions?→ Check out our Infrastructure Support Services
In previous post I’ve discusses how to setup 2FA using Yubikey with any Ubuntu box gnome login. This time we will discuss about how to lock screen when Yubikey will be removed. This is a mandatory security requirement while using Yubikey to complete secure your box. First of all we will need to install finger and gnome-screensaver packages. The following script need to be placed into /usr/local/bin/gnome-screensaver-lock: Then add the following rule to udev: This Read more…
With YubiKey you can protects access to computers, networks, and online services. YubiKey 5 Series eliminates account takeovers by providing strong phishing defense using multi-protocol capabilities that can secure legacy and modern systems. It provides a range of authentication choices including strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. To activate 2FA in Ubuntu login interface we need to install libpam-u2f dependency: After that we need to add all our Yubikey keys configuration to Read more…
In most cases we can use official Docker images hosted on the public Hub but in some cases there are needed to build custom images. We can add some additional packages to the OS or add everything that is needed with recurence. To build custom images we will use a standard image from official Docker Hub and we will add some extra packages we need. For this step we will need a Dockerfile and .gitlab-ci.yml Read more…
Today we will learn to configure out Proxmox hypervisor on a rented server in Hetzner datacenter. Proxmox need a special setup for public IPs because they filter traffic based on MAC address of physical host and a standard bridge is not enough. Also today we will configure a second linux bridge as a Private network because not all VMs need a public IP. Configure Public IPs: Once configured our public network we will move forward Read more…
In this post I will describe steps to replace a failed mirror disk in a software RAID array. As an example we will use /dev/sda1 as good partition, and /dev/sdb1 as failing partition. Before starting it is recommended to backup the original disk. Before removing raid disk, please run the following command to write all disk caches to the disk: Set disk as failed To verify command status check /proc/mdstat: Remove disk Now disk can Read more…
Configure Strong Ciphers Configure mailbox settings Open file /opt/zimbra/conf/localconfig.xml and find the line mailboxd_java_options and set it like the following one. Configure DH parameters Set additional HTTP headers Validate settings using SSL Labs on url https://www.ssllabs.com/ssltest/analyze.html Looking to secure your email infrastructure and prevent attacks?→ Explore our Emailing Solutions
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available. K8s is a nice to have for developers, security researchers but not limited to because of it’s simplicity to deploy a test container before adding to production. The ugly part is when certificates are nearly to expire or worst when Read more…
OpenWrt Project is a Linux OS targeting many embedded devices. Instead of trying to create a single firmware it provides a fully writable filesystem with package management. This is free starting from the application selection and configuration provided by the vendor and allows you to customize your device through the use of packages to suit any application. OpenVPN is a virtual private network (VPN) that implements techniques to create secure point-to-point or site-to-site connections in Read more…
Setting up VLANs over LAGG interfaces in pfSense can increase bandwidth and redundancy while keeping your network segmented and secure. In this tutorial, you’ll learn how to configure everything properly and avoid common pitfalls. pfSense project is a free network firewall distribution based on FreeBSD with a custom kernel and including third party free software packages for additional functionality. pfSense software is able to provide at least the same functionality or more of common commercial Read more…