Secure way to allow any user to run programs in specific network namespace
I have a cell modem connected to my server that I want to use as a means to get notification emails out when the landline dies.
To nicely separate normal network access and this exceptional cell m...
Running local services in network namespaces with systemd
Given systemd is ubiquitous with modern day GNU/Linux it only makes sense that it be able to do just about everything under the sun; which strictly adheres to the UNIX philosophy 😂.
While the move to systemd has not always been a popular one, I too once hated it, it
Port Knocking with knockd and Linux - Server Hardening
Port knocking is like a secret handshake or magic word between client and server. It can be used in various ways, but most commonly as a security feature to deny all contact to a specific service - li
The use of ligatures while typing code has been a game-changer. How can we get the styling of cursive fonts and the functionality of ligatures in VS Code
Effective Traffic Management with Kubernetes Gateway API Policies
The Kubernetes Gateway API simplifies configuration by abstracting away complexities and providing a user-friendly, declarative approach to define routing and traffic policies.
3 Best Universal Package Managers for Linux in 2023
We will explore the best open-source universal or cross-distribution package management systems for Linux, often referred to as "Universal Package Managers".
OSSEC - World's Most Widely Used Host Intrusion Detection System - HIDS
OSSEC is a multiplatform, open source and free Host Intrusion Detection System (HIDS). You can tailor OSSEC for your security needs through its extensive configuration options, adding custom alert rules and writing scripts.
NixOS Reproducible Builds: minimal installation ISO successfully independently rebuilt
We have successfully created an independent, bit-by-bit-identical rebuild of the nixos-minimal ISO published by Hydra 🎉 Why is this useful? While there are a number of ‘side-benefits’, the main point of Reproducible Builds is that it gives us a reliable way to verify the binaries we ship are faithful to their sources, and have not been tampered with anywhere in the build pipeline (e.g. on Hydra). For general information on Reproducible Builds see: What exactly was reproduced? This me...
MicroK8s - Zero-ops Kubernetes for developers, edge and IoT | MicroK8s
MicroK8s is the simplest production-grade conformant K8s. Lightweight and focused. Single command install on Linux, Windows and macOS. Made for devOps, great for edge, appliances and IoT. Full high availability Kubernetes with autonomous clusters and distributed storage.
A guide on building a simple Linux distribution from scratch. Detailed guide on building the kernel and the init process. Finally, a little distribution is built with u-root that is capable of connecting to the Internet.
OpenSSH allows you to set up a per-user configuration file where you can store different SSH options for each remote machine you connect to. This article covers the basics of the SSH client configuration file and explains some of the most common configuration options.
Automating NetBox with Ansible: How to Create Devices with Primary IPs
NetBox is a hugely popular open-source IP address management (IPAM) and data centre infrastructure management (DCIM) tool. NetBox provides a range of automation features, one of which is the ability to update NetBox with Ansible using the Ansible NetBox collection. In this short post, we'll walk through the process of