Today I will show you a short but powerful script which will renew all Zimbra SSL certificates. Required for this script to work is certbot package installed on email server and sudo rights to add script in crontab. You can add script in crontab at a weekly run like this: 0 0 * * 0 root /path_to_script. The following script will help you to auto-renew SSL certificates for your email server:
Today we will talk about FreeIPA authentication and how it can be used to authenticate users in Ansible Tower. FreeIPA is an integrated Identity and Authentication solution for *NIX environments. It can also work with any other solution which can authenticate users from LDAP. A FreeIPA server provides centralized authentication, authorization and account information to manage the security aspects of a network of computers. Ansible Tower is designed to be your hub for all automation Read more…
Veeam Backup software is one of the most powerful solution for VMware and Hyper-V. It is capable to replicate VMs cross datacenters while with it’s stronger proxies he can gain more power and backup capacity increase. It operates at the virtualization layer and uses an image-based approach for VM backup. Veeam copies VM data from the source volume at a block level, compresses and deduplicates it, and stores in backup files in the backup repository in Veeam Read more…
Today we will have some fun with ELK Stack and CentOS. Seems with latest Kibana from opendistro package update (1.12.0-1) it is not able to bind to port 80 or 443 when is running under non-root account. That is normal behavior because first 1024 ports are reserved and only root users can bound there. You will see in in log file /var/log/messages something similar with: To be able to bind port 80 or 443 we Read more…
In most cases for students or for different training courses you need to grant admin role with read only rights. Splunk does not offer this role built-in so we will need to create our custom role. We will create it with the following rights: Inherit rights from user role Inherit rights from power role In capabilities tab assing the following rights: accelerate_datamodel admin_all_objects change_authentication list_deployment_client list_deployment_server list_search_head_clustering edit_search_head_clustering get_diag license_tab list_forwarders list_httpauths rest_apps_management restart_splunkd run_debug_commands Read more…
Prerequisites: Dell Perc Flashing Tools (FreeDOS and Debian live images already prepared) – Download it from here RAID Controoler H710 Mini B0 or D1 SR-IOV Global Enable and I/OAT DMA Engine disabled from BIOS Lets begin with the following steps: Boot with FreeDOS imageand run command info. Output should be something like the following: Run following command to wipe flash on the card and also get rid of all Dell firmware. Now follow all prompts requested. When all Read more…
In order to setup our FastVue for Fortigate and our Fortigate appliance we need to proceed next steps: 1 Install FastVue Download FastVue from https://www.fastvue.co/fortinet/download and install it. It does not require special steps, basically it’s a Next, Next, Finish setup. 2 Setup Fastvue Server as a Syslog Server in FortiGate After successfully install we need to add Fortigate devices to our FastVue server. In order to accomplish this we need execute some commands in Fortigate Read more…
Install Docker To install Docker run the following commands on your server: Configure ZFS Storage Driver For Docker to run properly on a ZFS server we need to enable ZFS storage driver for Docker. First run commands: This will put all docker data into a new ZFS volume. Now we need to create the following config file /etc/systemd/system/docker.service.d/storage-driver.conf and add populate it with: Finally, reboot docker service by running commands:
Proxmox VE is a Type 1 Hypervisor and it uses KVM for VMs and LXC for containers. It is fully open source, but it requires a license to access the enterprise repositories. For this tutorial we will enable non-subscription repositories for use without a license. Downside of this is that package updates are slower to arrive to this repository. Prerequisites: Ideally a server with two or more similar drives to configure ZFS or other raid Read more…
In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). A certificate authority (CA) can issue multiple certificates in the form of a tree structure. A root certificate is the head certificate of the tree and the private key of which is used to “sign” other certificates. All certificates signed by the root certificate, with the CA field set to true, inherit the trustworthiness of the root certificate Read more…