Category Archives: Unix
Using apache rewrite to automatically add iptables drop rules
In these days of firewalld not many people still use native iptables rules, but they certainly still have their place. I still use them on my main webserver simply because of the ease with which new drop rules can be … Continue reading
Docker and issues with using minimal Fedora base images
It is recomended when creating docker images that minimal images be used. In the case of Fedora it is recomended that for smallest images the minimal image should be used and “microdnf” be used instead of the full blown “dnf” … Continue reading
Installing a F30 network install and recovery server
In these days of cloud images being launched at the push of a button, and customised via heat patterns or user configuration scripts, network install via pxe boot seems to have dropped out of the news. As most home users … Continue reading
Docker container network isolation can be a pain.
I have been embarking on an exercise to migrate some of the smaller applications I use into Docker containers. This is the reverse of my prior more secure approach where I wanted 3rd part apps that may be insecure but … Continue reading
Docker Isolation, and non-Isolation
Docker is not KVM, there are major security trade-offs with a container, The key ones are shown below. Processes are not isolated The processes that are run by containers run for all intents and purposes as processes on the Docker … Continue reading
Using Bacula to backup your Fedora/CentOS Linux servers
This post was written to acknowledge bacula has saved my ass again. My main desktop machine failed, a new replacement was purchased and swapped in, new OS installed with same hostname and ip-address. Then installed puppet and let the puppet … Continue reading
Installing the OpenStack Stein release from the RDO repositories
As you are I am sure all aware the OpenStack Stein release is available and documented on the RDO site now. While the “stein” release has been available for a while this post took a long time to prepare as … Continue reading
Logcheck on Fedora, for my use
Logcheck on fedora, by default when installed, runs every hour. For my use this generates so much email traffic (as it runs on all my servers) that it becomes garbage, and I ended up just deleting all the emails rather … Continue reading
Suppressing audit messages to /var/log/messages on Fedora 29 and 30
One of my machines has started rebooting for no reason that I can find, possibly power surges as my UPS seems have now have a dead battery. One difficulty in finding the issue is that the messages file if full … Continue reading
Using the certbot package on Fedora 30 to get LetsEncrypt certificates
There was a post on the fedora forums stating that the certbot apache plugin does not work on fedora, so I had a look. The post was correct, the apache plugin for certbot wants to use the “apachectl -v” command … Continue reading