LinuxPld linuxpld

LUKS crypt

In this guide, I'm going to setup a keyfile-encrypted LUKS partition. I will be using a single, max-size partition on a single physical device. My physical device is located at /dev/sde

partition the physical device

parted /dev/sde

Manually create a Fail2Ban jail using `fail2ban-client` (pre-0.10)

N.B. any syntax / function changes made within fail2ban-client will alter the commands used. The commands used here worked with versions 0.8.6-3wheezy3 and 0.8.13-1. 0.9 may or may not work exactly using the below.

For anyone visiting this and stuck on a version pre 0.10 where you want to add a jail but do not want run reload (which pre 0.10 stops and starts all enabled jails as well as reparsing the config

Basic firewall / network router using Gentoo Linux.

After compiling the 4.19.66-gentoo kernel, udev renamed the network interfaces of my home linux Router / Firewall and my iptables setup stopped working due ip-conntrack kernel deprecations. I decided to move over to nftables, the new packet classification framework that replaces the existing {ip,ip6,arp,eb} tables infrastructure.

Even though nftables has been in the Linux kernel since 2014, the documentation is extremely sparse. As such this gist :)

Subjectively, using nftables setting up connections to my machine seems to be more responsive compared to using iptables. Connections seem to be made more quickly and ssh-ing into my machine seems more responsive. There always used to be a bit of a lag when I was using iptables, not anymore.

Preperations

Overview

Ubuntu Desktop 20.04 supports a single ZFS boot drive out of the box. I wanted a ZFS mirror, without going through an entirely manual setup of Ubuntu as described by OpenZFS

This adds a mirror to an existing Ubuntu ZFS boot drive after the fact.

ZFS requires native encryption to be added at pool / dataset creation. These instructions are not suitable for creating an encrypted ZFS boot disk, please use the full instructions linked above for that. You can, however, add an encrypted dataset after the fact: You could encrypt just the portion of your file system that holds secrets.

Note: If your use case is running docker instances, and not a full-fledged Ubuntu install, then take a look at TrueNAS SCALE, which will manage the ZFS parts for you.

	<?php

	/**
	* @license MIT License
	* @copyright maartendekeizer
	*/

	$memcached = new Memcached();
	$memcached->addServer('127.0.0.1', 11211);

	[root@server02 network-scripts]# cat ifcfg-enp14s0
	DEVICE=enp14s0
	TYPE=Ethernet
	BOOTPROTO=none
	ONBOOT=yes
	NM_CONTROLLED=no

	[root@server02 network-scripts]# cat ifcfg-enp14s0.35
	DEVICE=enp14s0.35
	TYPE=Ethernet

	<?php
	// Test default memcached server. Load, then refresh.
	if (class_exists('Memcache')) {
	$meminstance = new Memcache();
	} else {
	$meminstance = new Memcached();
	}

	$meminstance->addServer("127.0.0.1",11211);

	# Fail2Ban filter for unsuccesfull MSSQL authentication attempts

	[INCLUDES]

	# Read common prefixes. If any customizations available -- read them from
	# common.local
	before = common.conf

	[Definition]

	cobbler_api = ServerProxy("http://cobbler/cobbler_api")
	token = cobbler_api.login("USERNAME", "PASSWORD")

	asset_list = ["server01", "server02"]

	for system in asset_list:
	print "Managing system %s" % system
	print "System name is %s" % a
	try:
	handle = cobbler_api.get_system_handle(a, token)

	# One liner
	wget --recursive --page-requisites --adjust-extension --span-hosts --convert-links --restrict-file-names=windows --domains yoursite.com --no-parent yoursite.com

	# Explained
	wget \
	--recursive \ # Download the whole site.
	--page-requisites \ # Get all assets/elements (CSS/JS/images).
	--adjust-extension \ # Save files with .html on the end.
	--span-hosts \ # Include necessary assets from offsite as well.
	--convert-links \ # Update links to still work in the static version.