This recipe is for tunneling NFS traffic over SSH. This adds encryption and Public Key authentication to otherwise insecure NFS traffic. For this recipe to work, requires NFSv4. Earlier versions were not tested, but I expect not all the functionality to work. server configuration ...
To set-up a reverse proxy I took the following steps: configure DNS get Letsencrypt certificates Configure NGINX Configure Home Assistant to trust the proxy ...
This is my op script. This is stupidly simple script to elevate priviledges in order to manage NFS shares on my QNAP NAS. The idea is that NFS shares do squash-root so admin access is disallowed through NFS. This gives a convenient way to issue root level commands without using NFS but instead use ssh ...
This article is about erasing disc drives securely. Specially for SSD drives, writing zeros or random data to discs is not good enough and counterproductive. One way to do secure erase (for disposal) is to begin with an encrypted disc. However, after the fact the following options are possible: ATA Secure Erase ...
Keep your data and accounts safe by using a secure open source password manager to store unique, complex passwords. Maintaining complex, unique passwords for each site and service you use is among the most common pieces of advice that security professionals provide to the public every year. Yet no matter how many times it is said, it seems like a week doesn't ...
There are plenty of reasons why people would need to encrypt a partition. Whether they're rooted it in privacy, security, or confidentiality, setting up a basic encrypted partition on a Linux system is fairly easy. This is especially true when using LUKS, since its functionality is built directly into the kernel. Installing Cryptsetup ...
IDEA: Client connects > < server sends version string (Use 3.3 only) Client replies with actual verison string > < server sends security type; NONE Client send ClientInit (shared flag) > ...
From 2daygeek.com Server patching is one of the important task of Linux system administrator to make the system more stable and better performance. All the vendors used to release security/vulnerabilities patches very often, the affected package must be updated in order to limit any potential security risks. Yum (Yellowdog Update Modified) is RPM Package Management utility for CentOS and Red Hat systems, Yum history command allows administrator to rollback the system to a previous state but due to some limitations, rollbacks do not work in all situations, or The yum command may simply do nothing, or it may remove packages you do not expect. I advise you to take a full system backup prior to performing any update/upgrade is always recommended, and yum history is NOT meant to replace systems backups. This will help you to restore the system to previous state at any point of time. n some cases, the hosted applications might not work properly or through some error due to recent patch updates (It could be some library incompatibility or package upgrade), what will be the solution in this case? Get in touch with App Dev team and figure it out an issue creating library' and packages then do the rollback with help of yum history command. ...
Reference: positon.org You have 2 systems and you want to set up a secure backup with rsync + SSH of one system to the other. Very simply, you can use: backup.example.com# rsync -avz --numeric-ids --delete [email protected]:/path/ /backup/myserver/ To do the backup, you have to be root on the remote server, because some files are only root readable. Problem: you will allow backup.example.com to do anything on myserver.example.com, where just read only access on the directory is sufficient. ...
Writing shell scripts leaves a lot of room to make mistakes, in ways that will cause your scripts to break on certain input, or (if some input is untrusted) open up security vulnerabilities. Here are some tips on how to make your shell scripts safer. Don't The simplest step is to avoid using shell at all. Many higher-level languages are both easier to write the code in in the first place, and avoid some of the issues that shell ...
Windows system administration is very mouse driven and to reach all tools you need to browse through Windows explorer. If you are like me and prefer to log on a limited privilege account and use Runas to perform admin tasks, you can open these consoles with the .msc file names. Here is a list of admin tools with their .msc file names. domain.msc: AD Domains and Trusts ...
Here a few web-links to interesting web apps. It covers stuff about password security and checking if web sites are down, etc etc. Down For Everyone or Just Me: If you're getting an error when visiting a certain site, it could be down or something could be wrong on your end. To see which ...
So I have signed up 0ink.net to use the CloudFlare service. CloudFlare is a reverse proxy service that is supposed to speed up and improve web server security. This is done by: globally distributed reverse proxy cache network ...
When using virtualisation it is very common to create template VMs that can be cloned from. This makes deployment much easier than having to install a new VM from scratch. Unfortunately, the cloned VMs lack any Active Directory memberships and the VMs have to be manually added to the AD domain. For automated deployment scenarios this is less than desirable. This recipe intends to solve that issue in a ...