Linux: using bind mount to move a subset of root subdirectories to another partion or disk

I was in the situation dealing with a Linux box with two hard disks: /dev/sda: fast hard drive (SSD), small size (~200 GB) /dev/sdb: very big hard drive (HDD), large size (~4 TB) The operating system was installed on /dev/sda, so I had /dev/sdb empty. I knew I could create a mountpoint (e.g. /storage) and … Continue reading Linux: using bind mount to move a subset of root subdirectories to another partion or disk

Automatically add SSH keys to SSH agent with GNOME and macOS

I am using passwordless login via SSH on every box that I administer. Of course, my private SSH key is protected with a password that must be provided when accessing the key. Modern operating systems incorporate the usage of ssh-agent to “link” the user account to the SSH key(s), in order to unlock the SSH … Continue reading Automatically add SSH keys to SSH agent with GNOME and macOS

Accessing remote libvirt on a non-standard SSH port via virt-manager

Scenario: you are using a remote host as a virtualization host with libvirt and you want to manage it via ”Virtual machine manager” (virt-manager) over SSH. But SSH is listening on a non-standard port, and virt-manager does not offer you to connect to a remote libvirt instance on a non-standard port. Fear not, the option … Continue reading Accessing remote libvirt on a non-standard SSH port via virt-manager

Secure your SSH server against brute-force attacks with Fail2ban

The problem: SSH can be brute-forced I usually leave an SSH server on a dedicated port on every server I administer and, as you may recall, I even linked two well-written guides to properly configure and harden SSH services. Now, Internet is a notoriously bad place: scanners and exploiters have always been there, but brute-forcers … Continue reading Secure your SSH server against brute-force attacks with Fail2ban

Packaging software for Debian/Ubuntu: eclipse

Eclipse is my (Java, Python, Ruby, XML, <insert any other text format here) editor of choice, and it has been for many years. One thing that bothers me is that Eclipse package is outdated in Ubuntu: so, instead of using apt, I should resort to download/unpack/copy/create links to install it. These days are finished, though. … Continue reading Packaging software for Debian/Ubuntu: eclipse

Playing with Docker: tips and tricks to write effective Dockerfiles

Recently I have been playing with Docker containers, and I am sure you already know what Docker is. In this post I will describe what I have learnt while using Docker containers and preparing Dockerfiles. What is Docker? In a few words: Docker is a software to manage and run Linux containers in which you … Continue reading Playing with Docker: tips and tricks to write effective Dockerfiles

Hardening services: let’s review our config files

It’s hardening Sunday here: I reviewed the config files of my main daemons (nginx, openvpn, tinc, sshd) with the help of two resources that I want to share with you, fellow readers. First of all, a guide dedicated exclusively to hardening ssh: from using public key authentication only (I strictly encourage it!) to the selection … Continue reading Hardening services: let’s review our config files

HP 6730b and fan at full speed after suspend (Fedora, Ubuntu, openSUSE)

It seems that with kernels 3.9 onwards there are some issues with fan speed and the 6730b model of HP notebook. I tried with Fedora 22 (my main distribution of choice), openSUSE Tumbleweed and Ubuntu 15.04. The problem occurs only when the system is woken up after a sleep/suspend: fans spin at full speed indefinitely, … Continue reading HP 6730b and fan at full speed after suspend (Fedora, Ubuntu, openSUSE)

Xubuntu/XFCE: come avviare una sessione in VNC

Di recente ho dovuto avviare una sessione VNC su una macchina remota; la mia preferenza per un desktop environment “light” ma al tempo stesso completo è andata su XFCE (installato di default su Xubuntu). Per avviare una sessione VNC è necessario modificare il file posto nella vostra home, e più precisamente in ~/.vnc/xstartup. Il file deve essere strutturato … Continue reading Xubuntu/XFCE: come avviare una sessione in VNC

Installazione e configurazione di Logwatch su Ubuntu

Nei server Linux che amministro ho recentemente installato un programma di monitoring dei logs: logwatch. Una questione importante ma abbastanza noiosa e per cui non si ha mai molto tempo è – appunto – quella dell’analisi dei log, una sorta di “diario” dell’attività svolta dal sistema. Spesso si ricerca nei logs solo quando insorge un … Continue reading Installazione e configurazione di Logwatch su Ubuntu