AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Sometimes it is necessary to do some checks via other means, such as SLURM’s healthcheck program so it can be useful to have checks in script form. On my systems at home I use Icinga2 to monitor health, adding new checks as and when I identify something I think needs checking or if a failure occurs that was not detected. root) access but installing to the browser stores is per-user (and should not be done using the super-user account). There are two scripts, one for each of these tasks, as installing to the system store usually requires super-user (i.e. This post is about deploying custom certificate authority (CA) certificates onto Linux hosts, from an anonymous Windows share, then deploying them to be used by web-browsers (which seem to use their own CA stores these days). It follows with setting up a DrayTek Vigor 130 VDSL2/ADSL modem with a Linux router for Sky’s fibre-to-the-cabinet (FTTC) broadband service.ĭeploying custom CA certificates on Linux from Windows share This post begins with a rant about Virgin Media ignoring their own contract and cutting us off 17 days before they told us our services would end (just 13 days after we gave the contractual “30 days notice” to leave). Setting up DrayTek Vigor 130 for Sky FTTC (VDSL) broadband Quick-and-dirty Linux password generationĪ quick and dirty way to generate a password on a Linux box: tr -dc '' < /dev/urandom | head -c32 This is useful for other situations where there is some level of network isolation (but not necessarily a full air-gap), such as packing changes to move them via a jump host to another network, for pushing to a remote source. I wrote the last post in full knowledge there would be a more efficient way, which this post documents. While this works and is fine for small repositories, it is highly inefficient for small changes to large repositories. In a previous post I described copy changes from my air-gapped home lab back upstream by copying the entire tar of the repository back and then pushing the changes. I have decided that I will adopt a new policy of dating posts when they are published, rather than when I start writing them…Įfficiently copying git changes across isolating network boundaries Nothing more to say really, other then normal service will hopefully now resume. While browsing for some information on browsing down, I found some useful resources from the National Cyber Security Centre a whitepaper on Security Architecture Anti-Patterns, guidance on secure system administration and a blog post on protecting management interfaces (which focuses on browsing down). The intention is that, in most circumstances, any of my systems could be reinstalled headlessly (that is, without plugging in a keyboard or monitor). My overall goal is to have a fully automated install that results in a system with disk encryption setup up but can be remotely unlocked and managed. This is another of those posts that I started and some time (measured in months) later I split up due to not having completed what I set out to do. My current monitoring solution is Icinga, so I am creating a check for this. I have, on occasion, forgotten to do this (usually after a reboot for kernel update) and so I want to add checks for this situation to my monitoring. When restarted, Hasicorp Vault starts “sealed” and has to be unsealed to make the contents accessible.
0 Comments
Read More
Leave a Reply. |