Temporary SSH access on Linux servers

A while ago it was requested that developers should be able to login, upon request, on our production servers via SSH. Normally this is restricted to SysOps and DevOps operators. Developers have their DTA(P) to do their thing, but nevertheless management decided that they need CLI access to our live systems. Needless to say, we…

Continue Reading

Fail2Ban config on Ubuntu 18.04

I can be a very happy camper when I’m configuring something new and it ‘just works’ and does its job as expected and more. See the previous post on Fail2Ban. Creating a new jail and making the most important service hacker proof is a matter if minutes. Of course finetuning it to my liking can…

Continue Reading

OSSEC active response vs Fail2Ban

Let’s have a proper look at Fail2Ban on Ubuntu 18.0.4. Last week I was rather pleased with the replacement of CSF / LFD with UFW and OSSEC active response. It seems really rock solid. While configuring and testing, I discovered one big downside of OSSEC active response though: it only works for SSH and not…

Continue Reading

Replacing CSF / LFD with UFW and OSSEC

UFW and OSSEC active response. In my quest to see if I would like to replace Debian with all of its third party tooling with more up-to-date Ubuntu servers (also with third party tooling), I’ll dedicate the next couple of posts to cross off this list. Starting at the top, today I’ll be replacing CSF…

Continue Reading

More Debian vs Ubuntu stuff

Last week I’ve explained a bit why I’m considering jumping from Debian to Ubuntu to get our managed hosting a bit more up-to-date by default, instead of using 10 third party repos. This week I would like to specify more about our managed hosting tooling, what we’re using for Debian, what we might like to…

Continue Reading

From Debian to Ubuntu?

Ubuntu. Oh my. This is awkward. When I started out experimenting with Linux, I opted for CentOS since it is one of the most stable versions out there. You’ll soon find out though, that the software in the repos is too old for many situations in the web application industry. Right before I started working…

Continue Reading

Install Mozilla Firefox / Thunderbird on Linux

A lot of Linux distributions come with a non-Mozilla version of Firefox and Thunderbird. Firefox ESR and Iceweasel are examples of this. These versions bothers me for a couple of reasons but the main reason is updates. For a couple of extensions and what not I want / need to be up-to-date. This is a…

Continue Reading

Some Linux / Tech / Security 101 stuff

So what’s the deal with this blog… Documentation is essential in IT. I’m positive that I’m not arrogant when I’m saying that I’m better in documenting than the average IT-er. But, there are still a lot of things that are only in my head and not on a piece of paper or better yet: digitally,…

Continue Reading