Blog

Amavis is an open-source content filter solution for electronic mail. It implement mail message transfer, decoding, processing, checking and interfacing with external content filters to provide protection against spam, viruses and other malware. It may be considered an middleware between a mailer (MTA) and one or more content filters. In some cases amavis mai block emails due to False negative checking. In this cases we will need to manually deliver emails to receivers. Let’s take Read more…

VMware vCenter Server is an server management solution which provides a centralised platform for controlling vSphere environments. Snapshots can be used for development and testing purposes. It can be considered as a quick failsafe to be able to rollback before a patch performing tests on certain applications residing on VM. The major issue is when someone create a snapshot, do the fun and then let the snapshot there. Issue is generated by the fact that that Read more…

While CentOS 7 will reach its EOL in 2024-06-30 users will be required to migrate to CentOS Stream 8 at least. While there is no official option to upgrade to CentOS 9 Stream we will cover today only upgrading from CentOS 7 to CentOS 8 Stream. In this tutorial I will asume you are using root user like me. Need help migrating legacy infrastructure to supported Linux distributions?→ Check out our Infrastructure Support Services

In previous post I’ve discusses how to setup 2FA using Yubikey with any Ubuntu box gnome login. This time we will discuss about how to lock screen when Yubikey will be removed. This is a mandatory security requirement while using Yubikey to complete secure your box. First of all we will need to install finger and gnome-screensaver packages. The following script need to be placed into /usr/local/bin/gnome-screensaver-lock: Then add the following rule to udev: This Read more…

With YubiKey you can protects access to computers, networks, and online services. YubiKey 5 Series eliminates account takeovers by providing strong phishing defense using multi-protocol capabilities that can secure legacy and modern systems. It provides a range of authentication choices including strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. To activate 2FA in Ubuntu login interface we need to install libpam-u2f dependency: After that we need to add all our Yubikey keys configuration to Read more…

In most cases we can use official Docker images hosted on the public Hub but in some cases there are needed to build custom images. We can add some additional packages to the OS or add everything that is needed with recurence. To build custom images we will use a standard image from official Docker Hub and we will add some extra packages we need. For this step we will need a Dockerfile and .gitlab-ci.yml Read more…

Today we will learn to configure out Proxmox hypervisor on a rented server in Hetzner datacenter. Proxmox need a special setup for public IPs because they filter traffic based on MAC address of physical host and a standard bridge is not enough. Also today we will configure a second linux bridge as a Private network because not all VMs need a public IP. Configure Public IPs: Once configured our public network we will move forward Read more…

In this post I will describe steps to replace a failed mirror disk in a software RAID array. As an example we will use /dev/sda1 as good partition, and /dev/sdb1 as failing partition. Before starting it is recommended to backup the original disk. Before removing raid disk, please run the following command to write all disk caches to the disk: Set disk as failed To verify command status check /proc/mdstat: Remove disk Now disk can Read more…

Configure Strong Ciphers Configure mailbox settings Open file /opt/zimbra/conf/localconfig.xml and find the line mailboxd_java_options and set it like the following one. Configure DH parameters Set additional HTTP headers Validate settings using SSL Labs on url https://www.ssllabs.com/ssltest/analyze.html Looking to secure your email infrastructure and prevent attacks?→ Explore our Emailing Solutions

Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available. K8s is a nice to have for developers, security researchers but not limited to because of it’s simplicity to deploy a test container before adding to production. The ugly part is when certificates are nearly to expire or worst when Read more…