The Linux kernel key retention service (keyrings) lets you store secrets in kernel memory — never on disk, automatically discarded when your session ends. This makes it a solid backing store for the encryption key used to protect a dotfile like .app.conf.
The kernel exposes a hierarchy of keyrings tied to different lifetimes:
| Keyring | Lifetime | Typical use |
|---|
This guide walks through creating a System V init script on Debian stable that launches a set of shell scripts in individual named tmux sessions, running as a non-privileged local user.
Configuration — including which user to run as — lives in /etc/default/tmux-sessions, the standard Debian location for externalizing init script settings. The init script itself contains no hardcoded usernames or paths.
| import os | |
| import sqlite3 | |
| from datetime import datetime, date | |
| from typing import Tuple, Dict, List | |
| import getpass | |
| from mattermostdriver import Driver | |
| import pathlib | |
| import json |
nagios4 instead of building from source, thus requires a few tweaks to enable nginx as the webserver.apt install nginx nagios4 php-fpm fcgiwrap -y
usermod -a -G nagios www-data
# Make a folder and symlink the native apache cgi into nginx
###################################
# Prerequisites
# Update the list of packages
Auto-Update for Ubuntu/Debian using Unattended-Upgrades package
Unattended-upgrades is installed by:
sudo apt install unattended-upgrades
sudo systemctl enable --now unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
The default config is reasonable, but should be inspected.
The default instructions on the PivKey documentation site: https://pivkey.zendesk.com/hc/en-us do not provide any examples for configuring a self-signed certificate in any of the 25 slots. These instructions were tested with the PivKey C910 version, but likely most Taglio variants will work the same way.
There is support in powershell 5.1+ on currently supported Windows OS (Server 2012+/Windows 10+) configurations for generating self-signed certificates with a wide variety of configuration parameters, including support for the Microsoft Smart Card Key Storage Provider to generate keys on a smartcard.
Application Policies OID configuration in in the initi
| # Place this file in our $profile location and restart powershell. | |
| # e.g.: copy Downloads\example.ps1 $profile | |
| # $profile defaults to $HOME\Documents\PowerShell\Microsoft.PowerShell_profile.ps1 | |
| # aka: c:\Users\username\Documents\PowerShell\Microsoft.PowerShell_profile.ps1 | |
| # If you want to sign it see function `user-sign-psscript` below for signing | |
| # This enables the use of: | |
| # set-executionPolicy -ExecutionPolicy AllSigned -Scope CurrentUser | |
| # Or if you don't care about security on Powershell locally, you can ignore local signing, and just use: | |
| # set-executionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser |
In certain environments, it is useful to have a router and firewall between two private vlans. When the WAN interface of PfSense is not able to access the internet (e.g. DNS Resolution, Update Checks, etc.) it can become sluggish to boot and configure. This guide attempts to capture configuration knobs that can improve the usability in these environments, and was written with PfSense CE 2.7.2 configuration as a baseline.
tcpdump -nn -i XXX pfsense at steady state air-gapped {for em0 (WAN), em1 (LAN), lo0 (loopback)} Loopback will show you all of the items that would have being queried via root.hints or other pfsense internals. Start with udp port 53 capture filter to look for DNS traffic.Installation from the PfSense CE ISO file can easily be done in these environments. Download the ISO from mirror (to avoid creatin