Hi Red Hat!

A Red Hat introduction. Recently (this May) I’ve passed the LFCS exam with the help of my friends of Linux Academy and switched jobs at the beginning of this month to a super professional Linux company. This spices things up a lot. At my former company, the choice of poison were Debian based distributions (Debian…

Continue Reading

Fast Postfix and Dovecot setup on Ubuntu 18.04

More than a year ago I did a comprehensive multiseries walkthrough about how to setup a mailserver using Postfix and Dovecot, with antispam, database backend, etc. I’ve been running it ever since without a hiccup. For my recent LFCS certification I had to brush up on this knowledge a bit and wanted to find out…

Continue Reading

BIND primary and secondary DNS server

Last weeks BIND post cost me more time than I could’ve imagined. You can have a forwarding or caching server running in a matter of minutes, but fiddling with listening addresses and ACLs took me a bit more time. In retrospect, it was not hard, but I stumbled upon a couple of problems like the…

Continue Reading

BIND forwarding and caching DNS server

For my recent exam I had to study how to setup a BIND caching DNS server. Since this was too easy, I decided to make it a full featured primary and secondary DNS server, but that’s for the next post. I mentioned the BIND setup with a colleague of mine and he, somewhat jokingly, asked…

Continue Reading

Linux swap file and encrypted volumes

As with the last post, this seems like two pretty different subjects, a swap file and encrypted volumes, but for me it makes sense, because it’s all in preparation for the LFCS exam as mentioned here and here. First I want to make a small addendum on the creation of swap space; this time a…

Continue Reading

Setup Linux swap and quotas

Swap and quotas. Two seemingly random subjects in one post, but for me it really has a purpose: preparation for the LFCS exam as mentioned here and here. The exam might also contain questions on encrypted storage, linux RAID and automounting of samba shares, but to me this seems so random and not at all…

Continue Reading

Create and expand volumes using LVM

My coming LFCS exam as mentioned in my last post, consists of about 15% of storage specific questions. LVM has a large part in it. Since I rarely need storage tools (it’s so much easier in a virtual environment), I decided to write something about it, to hopefully make it stick in my mind. Pretty…

Continue Reading

Short update on the 2019 plan

Short update post about a lot that has been going on and has or is about to change. This will affect the posts on cloudpro.zone so that’s the reason I’m updating you. These changes will most probably affect the post frequency and will for sure affect the post quality. Frequency because after marrying, we’re moving…

Continue Reading

Grafana dashboarding using Graphite

Something completely different in contrast to the last few weeks: Grafana dashboarding, using Graphite metrics. A great while ago I’ve introduced and setup Icinga 2 and Icinga Web 2 to monitor our relatively new managed hosting platform. I’ve written a couple of posts about it, starting here. Not too long after that I’ve added Graphite…

Continue Reading

Temporary SSH access on Linux servers

A while ago it was requested that developers should be able to login, upon request, on our production servers via SSH. Normally this is restricted to SysOps and DevOps operators. Developers have their DTA(P) to do their thing, but nevertheless management decided that they need CLI access to our live systems. Needless to say, we…

Continue Reading

Fail2Ban config on Ubuntu 18.04

I can be a very happy camper when I’m configuring something new and it ‘just works’ and does its job as expected and more. See the previous post on Fail2Ban. Creating a new jail and making the most important service hacker proof is a matter if minutes. Of course finetuning it to my liking can…

Continue Reading

OSSEC active response vs Fail2Ban

Let’s have a proper look at Fail2Ban on Ubuntu 18.0.4. Last week I was rather pleased with the replacement of CSF / LFD with UFW and OSSEC active response. It seems really rock solid. While configuring and testing, I discovered one big downside of OSSEC active response though: it only works for SSH and not…

Continue Reading

Replacing CSF / LFD with UFW and OSSEC

UFW and OSSEC active response. In my quest to see if I would like to replace Debian with all of its third party tooling with more up-to-date Ubuntu servers (also with third party tooling), I’ll dedicate the next couple of posts to cross off this list. Starting at the top, today I’ll be replacing CSF…

Continue Reading