Encrypt an existing Linux installation with zero downtime (LUKS on LVM)

During the bi-yearly review of my setup, I realized I was running a Linux machine without full disk encryption. The encryption of the disk needed to be done ASAP, but I was not willing to reinstall the whole operating system to achieve that. Solution? I came up with an interesting way to encrypt my existing … Continue reading Encrypt an existing Linux installation with zero downtime (LUKS on LVM)

How a Terraform + Salt + Kubernetes GitOps infrastructure enabled a zero downtime hosting provider switch

The switch It has been a busy weekend: I switched the hosting provider of my whole cloud infrastructure from DigitalOcean to Hetzner. If you are reading this it means that the switch is completed and you are being served by the Hetzner cloud. The interesting fact about the switch is that I managed to complete … Continue reading How a Terraform + Salt + Kubernetes GitOps infrastructure enabled a zero downtime hosting provider switch

Linux: using bind mount to move a subset of root subdirectories to another partion or disk

I was in the situation dealing with a Linux box with two hard disks: /dev/sda: fast hard drive (SSD), small size (~200 GB) /dev/sdb: very big hard drive (HDD), large size (~4 TB) The operating system was installed on /dev/sda, so I had /dev/sdb empty. I knew I could create a mount point (e.g. /storage) … Continue reading Linux: using bind mount to move a subset of root subdirectories to another partion or disk

Automatically add SSH keys to SSH agent with GNOME and macOS

I am using passwordless login via SSH on every box that I administer. Of course, my private SSH key is protected with a password that must be provided when accessing the key. Modern operating systems incorporate the usage of ssh-agent to “link” the user account to the SSH key(s), in order to unlock the SSH … Continue reading Automatically add SSH keys to SSH agent with GNOME and macOS

Accessing remote libvirt on a non-standard SSH port via virt-manager

Scenario: you are using a remote host as a virtualization host with libvirt and you want to manage it via ”Virtual machine manager” (virt-manager) over SSH. But SSH is listening on a non-standard port, and virt-manager does not offer you to connect to a remote libvirt instance on a non-standard port. Fear not, the option … Continue reading Accessing remote libvirt on a non-standard SSH port via virt-manager

Secure your SSH server against brute-force attacks with Fail2ban

The problem: SSH can be brute-forced I usually leave an SSH server on a dedicated port on every server I administer and, as you may recall, I even linked two well-written guides to properly configure and harden SSH services. Now, Internet is a notoriously bad place: scanners and exploiters have always been there, but brute-forcers … Continue reading Secure your SSH server against brute-force attacks with Fail2ban

Packaging software for Debian/Ubuntu: eclipse

Eclipse is my (Java, Python, Ruby, XML, <insert any other text format here) editor of choice, and it has been for many years. One thing that bothers me is that Eclipse package is outdated in Ubuntu: so, instead of using apt, I should resort to download/unpack/copy/create links to install it. These days are finished, though. … Continue reading Packaging software for Debian/Ubuntu: eclipse

Playing with Docker: tips and tricks to write effective Dockerfiles

Recently I have been playing with Docker containers, and I am sure you already know what Docker is. In this post I will describe what I have learnt while using Docker containers and preparing Dockerfiles. What is Docker? In a few words: Docker is a software to manage and run Linux containers in which you … Continue reading Playing with Docker: tips and tricks to write effective Dockerfiles

Hardening services: let’s review our config files

It’s hardening Sunday here: I reviewed the config files of my main daemons (nginx, openvpn, tinc, sshd) with the help of two resources that I want to share with you, fellow readers. First of all, a guide dedicated exclusively to hardening ssh: from using public key authentication only (I strictly encourage it!) to the selection … Continue reading Hardening services: let’s review our config files

HP 6730b and fan at full speed after suspend (Fedora, Ubuntu, openSUSE)

It seems that with kernels 3.9 onwards there are some issues with fan speed and the 6730b model of HP notebook. I tried with Fedora 22 (my main distribution of choice), openSUSE Tumbleweed and Ubuntu 15.04. The problem occurs only when the system is woken up after a sleep/suspend: fans spin at full speed indefinitely, … Continue reading HP 6730b and fan at full speed after suspend (Fedora, Ubuntu, openSUSE)