cron Cronlocker - Distributing Cronjobs Across Hosts One of the goals in operating any IT system is to make it available 100% of the time. Having the best of the best of the best hardware to ensure reliability is not
debian Site-to-Site IPSec VPN between Sophos UTM and Debian using StrongSwan with RSA-Pubkeys Introduction This guide will show you, how you can establish a Site-to-Site IPSec VPN between a Sophos UTM Firewall and a Debian 9 "Stretch" based Server using StrongSwan with RSA Public-Key
debian Hetzner Root-Server with dual Hardware RAID-1 and encrypted LVM on Debian 9 Introduction This guide will explain the steps it takes to install a secure headless Hetzner Root-Server with some special pitfalls like LUKS on Hardware-RAIDs and SSH-based remote decryption at boot time for more
sophos utm Automating Pingdom Probes IP-Whitelisting with Probecollector Introduction It was hard to find a good title for this blog post, so let me explain it a bit further. You may have API's or applications that are secured with IP-Whitelisting or
debian Add Two-Factor-Authentication to SSH on Debian Wheezy to Stretch Introduction This guide shows you, how you can add 2FA to your OpenSSH on Debian Wheezy, Jessie and Stretch using Google Authenticator. We assume that your SSH already uses Pubkey-Authentication while PasswordAuthentication is
Hetzner Proxmox 5 on Hetzner Root-Server with Dual-Stack IPv4/IPv6 for Host and Guests Introduction In an earlier blog post i wrote about a standard Debian installation with KVM, IPv4 and IPv6 for both the host and it's guests. This time we will setup Proxmox 5.x
proxmox Migrating Proxmox LVM-Thin Volumes to another Proxmox Host Introduction In an earlier post, i've discribed how to migrate VMWare ESXi Virtual Machines (or mostly their disks) to a new Proxmox KVM machine. This time i had to move a Proxmox VM
proxmox Proxmox 4Gbit/s HA Networking with two Dual-Port NICs and VLAN-enabled Bonding to distinct Switches Lately we've setup a new Proxmox 4.4 Server. For this we upgraded our former ESXi 5.5 Host with more RAM, a RAID-10 Array (from RAID-1 w. Hot-Spare) and two Dual-Port 1Gbit/
vmware Migrate VMWare ESXi Virtual Machines to Proxmox KVM with LVM-Thin Logical Volumes Recently we decided to move away from VMWare ESXi because we want to scale out but don't want to buy expensive licenses just for virtualization. We evaluated different solutions and got stuck with
security Securing and Customizing Filecloud Server and Clients Update 2017-06-15: The configuration parameters below still work with the latest Sync Clients in v15.x (tested on macOS and Windows). Sadly, the default is still TLSv1 and not configurable in the UI
sophos utm Monitoring RAID on Sophos UTM Hot-Standby Clusters with Dell PERC/LSI MegaRAID Controllers This is a somewhat special post this time for a somewhat narrow audience but my intention was splitted into creating a reminder for myself and to show how you can even monitor things
debian Run a NTP server for the pool.ntp.org project with Debian Update 2: I've changed the 5 source servers to 3 other's that are on the same continent as our NTP Server so the offset and jitter are much better. This helped this server
travis-ci Introduction on how to use shellcheck and bashate with Travis-CI Introduction Some time ago i've written about test-driven development, or TDD, for shell scripts using shunit2 and Travis-CI. This time i want to show you how you can further enhance your shell script
proxmox Remove Proxmox 4.2 “No Valid Subscription” message Update #2 (2017-04-03): janus57, Michael S. and Marcel G. pointed out, that there are new ways to disable the message. First by still modifying appropriate files - see in the first Link to
sophos utm Configuring IPv6 with Sophos UTM 9 and KabelDeutschland With almost every private customer contract from KabelDeutschland (KD) you'll get DS-Lite with a Carrier-grade IPv4 NAT and an IPv6 Prefix routed to your very own IPv6 Gateway - in most cases this
aes gokeepasslib - Reading a Keepass 2 file with Go One can certainly argue about the security of Keepass. I for one am currently using it to store my passwords, mainly because I do not necessarily trust any web service to handle my
go The Go Challenge - a fun way to learn and improve There are many ways to learn a language and to improve your skills in it. Some gophers came up with the Go Challenge, a coding contest in which you have to solve an
SSL SSL/TLS: Certificate chain challenges Update #1: I've updated the part "Get them into our webserver" by adding a link back to the first SSL/TLS Post where i describe how to correctly create the bundle
SSL SSL/TLS: FREAK vulnerability and a Nagios check for that! TL;DR Today a new SSL/TLS vulnerability has been made public which uses the old EXPORT ciphers to drive MITM (Man-in-the-middle) Attacks. Detailed information? You can find much more detailed information about
apache2 SSL/TLS: How do i get HTTPS for my site with a valid certificate? For me using SSL/TLS for websites or connections between servers and clients in general - think of PostgreSQL connections or OpenLDAP - is no rocket science and my daily business. But in
ruby ActiveRecord database anonymization using views When encountering problems in a production environment it is sometimes hard to recreate the issue locally or in a test system. Some issues are actually depending on very specific runtime conditions while others
vhost VHost specific requests for load balanced services in Go A couple of weeks ago I wrote about how to do VHost specific requests for load balanced services using Ethon. Our code base is written in Ruby so it was only natural to
sslv3 VHost specific requests for load balanced services using Ethon With the POODLE SSLv3 vulnerability which was found a couple of weeks ago basically everyone turned off SSLv3. So did we. Unfortunately this caused a few other problems for us. We are running
wheezy User Story: Migrating Debian Squeeze from a Dell PowerEdge R310 to R320 ...or how to get new hardware working on the old system by only using a linux live-cd, chroot and a new kernel. Introduction Some weeks ago, i had to change a complete Debian
debian Hetzner Root-Server with Debian/KVM IPv4 and IPv6 Networking Introduction Since the IPv4 address space is almost completely used up, the future protocol is IPv6 which has been around for lots of years already and it is highly recommended to at least