Sysorchestra

For Sysadmins, DevOps and Developers

  • Home
sophos utm

Automating Pingdom Probes IP-Whitelisting with Probecollector

Introduction It was hard to find a good title for this blog post, so let me explain it a bit further. You may have API's or applications that are secured with IP-Whitelisting or

Martin Seener Martin Seener
debian

Add Two-Factor-Authentication to SSH on Debian Wheezy to Stretch

Introduction This guide shows you, how you can add 2FA to your OpenSSH on Debian Wheezy, Jessie and Stretch using Google Authenticator. We assume that your SSH already uses Pubkey-Authentication while PasswordAuthentication is

Martin Seener Martin Seener
Hetzner

Proxmox 5 on Hetzner Root-Server with Dual-Stack IPv4/IPv6 for Host and Guests

Introduction In an earlier blog post i wrote about a standard Debian installation with KVM, IPv4 and IPv6 for both the host and it's guests. This time we will setup Proxmox 5.x

Martin Seener Martin Seener
proxmox

Migrating Proxmox LVM-Thin Volumes to another Proxmox Host

Introduction In an earlier post, i've discribed how to migrate VMWare ESXi Virtual Machines (or mostly their disks) to a new Proxmox KVM machine. This time i had to move a Proxmox VM

Martin Seener Martin Seener
proxmox

Proxmox 4Gbit/s HA Networking with two Dual-Port NICs and VLAN-enabled Bonding to distinct Switches

Lately we've setup a new Proxmox 4.4 Server. For this we upgraded our former ESXi 5.5 Host with more RAM, a RAID-10 Array (from RAID-1 w. Hot-Spare) and two Dual-Port 1Gbit/

Martin Seener Martin Seener
vmware

Migrate VMWare ESXi Virtual Machines to Proxmox KVM with LVM-Thin Logical Volumes

Recently we decided to move away from VMWare ESXi because we want to scale out but don't want to buy expensive licenses just for virtualization. We evaluated different solutions and got stuck with

Martin Seener Martin Seener
security

Securing and Customizing Filecloud Server and Clients

Update 2017-06-15: The configuration parameters below still work with the latest Sync Clients in v15.x (tested on macOS and Windows). Sadly, the default is still TLSv1 and not configurable in the UI

Martin Seener Martin Seener
sophos utm

Monitoring RAID on Sophos UTM Hot-Standby Clusters with Dell PERC/LSI MegaRAID Controllers

This is a somewhat special post this time for a somewhat narrow audience but my intention was splitted into creating a reminder for myself and to show how you can even monitor things

Martin Seener Martin Seener
debian

Run a NTP server for the pool.ntp.org project with Debian

Update 2: I've changed the 5 source servers to 3 other's that are on the same continent as our NTP Server so the offset and jitter are much better. This helped this server

Martin Seener Martin Seener
travis-ci

Introduction on how to use shellcheck and bashate with Travis-CI

Introduction Some time ago i've written about test-driven development, or TDD, for shell scripts using shunit2 and Travis-CI. This time i want to show you how you can further enhance your shell script

Martin Seener Martin Seener
proxmox

Remove Proxmox 4.2 “No Valid Subscription” message

Update #2 (2017-04-03): janus57, Michael S. and Marcel G. pointed out, that there are new ways to disable the message. First by still modifying appropriate files - see in the first Link to

Martin Seener Martin Seener
sophos utm

Configuring IPv6 with Sophos UTM 9 and KabelDeutschland

With almost every private customer contract from KabelDeutschland (KD) you'll get DS-Lite with a Carrier-grade IPv4 NAT and an IPv6 Prefix routed to your very own IPv6 Gateway - in most cases this

Martin Seener Martin Seener
aes

gokeepasslib - Reading a Keepass 2 file with Go

One can certainly argue about the security of Keepass. I for one am currently using it to store my passwords, mainly because I do not necessarily trust any web service to handle my

Tobias Schoknecht Tobias Schoknecht
go

The Go Challenge - a fun way to learn and improve

There are many ways to learn a language and to improve your skills in it. Some gophers came up with the Go Challenge, a coding contest in which you have to solve an

Tobias Schoknecht Tobias Schoknecht
SSL

SSL/TLS: Certificate chain challenges

Update #1: I've updated the part "Get them into our webserver" by adding a link back to the first SSL/TLS Post where i describe how to correctly create the bundle

Martin Seener Martin Seener
SSL

SSL/TLS: FREAK vulnerability and a Nagios check for that!

TL;DR Today a new SSL/TLS vulnerability has been made public which uses the old EXPORT ciphers to drive MITM (Man-in-the-middle) Attacks. Detailed information? You can find much more detailed information about

Martin Seener Martin Seener
apache2

SSL/TLS: How do i get HTTPS for my site with a valid certificate?

For me using SSL/TLS for websites or connections between servers and clients in general - think of PostgreSQL connections or OpenLDAP - is no rocket science and my daily business. But in

Martin Seener Martin Seener
ruby

ActiveRecord database anonymization using views

When encountering problems in a production environment it is sometimes hard to recreate the issue locally or in a test system. Some issues are actually depending on very specific runtime conditions while others

Tobias Schoknecht Tobias Schoknecht
vhost

VHost specific requests for load balanced services in Go

A couple of weeks ago I wrote about how to do VHost specific requests for load balanced services using Ethon. Our code base is written in Ruby so it was only natural to

Tobias Schoknecht Tobias Schoknecht
sslv3

VHost specific requests for load balanced services using Ethon

With the POODLE SSLv3 vulnerability which was found a couple of weeks ago basically everyone turned off SSLv3. So did we. Unfortunately this caused a few other problems for us. <im folgenden

Tobias Schoknecht Tobias Schoknecht
wheezy

User Story: Migrating Debian Squeeze from a Dell PowerEdge R310 to R320

...or how to get new hardware working on the old system by only using a linux live-cd, chroot and a new kernel. Introduction Some weeks ago, i had to change a complete Debian

Martin Seener Martin Seener
debian

Hetzner Root-Server with Debian/KVM IPv4 and IPv6 Networking

Introduction Since the IPv4 address space is almost completely used up, the future protocol is IPv6 which has been around for lots of years already and it is highly recommended to at least

Martin Seener Martin Seener
Shell

Introduction on how to use shunit2 with Travis-CI

Introduction TDD or Test-Driven Development is the latest and greatest in recent software development history. And that's good for a reason. But what has been missing for a long time are unit tests

Martin Seener Martin Seener
update

Guide for upgrading VMware ESXi (5.1 to 5.5U2)

Introduction While i continiously have to deal with ESXi hypervisors in my Sysadmin job, i also have to take care of that they're up to date. And because it's a recurring task, updating

Martin Seener Martin Seener
Hetzner

Encrypted iRedmail Backups on Hetzner Backup-Space with SSHFS/EncFS

Introduction You may know that you get 100GB of free Backup-Space from Hetzner when ordering a Root- or Managed-Server. If you have other offers like Webspace or vServers you can also order the

Martin Seener Martin Seener
Sysorchestra © 2018
Latest Posts Twitter Ghost