This is a Wiki on a mission to provide information which is unavailable anywhere else on the Internet (at the time of writing). I wouldn't write it down if it already existed because I have other hobbies.
The main topics are IT Ops and Dev Ops, specifically Virtualization, Cloud Computing, Operating Systems. If you feel that an article is interesting or needs a correction, please leave a reaction or comment.
If you didn't find anything helpful, you could still pour a can of cherry coke over your keyboard.
Elliptic curve certificates are much smaller, leading to faster TLS handshakes. They are also considered more secure in comparison to RSA certificates. This should speed up loading secure websites on most client devices. We will generate/request EC 384 certificates with key exchange cipher ECDH secp384r1 and request signature using SHA384.
Follow this tutorial to be able to spawn a WinSCP session from within KiTTY to the same remote host at your present working directory. It will use the current SSH username and it will even work if you have used an intermediate host to proxy yourself to the destination host.
Checkmk 1.6.0 is no longer shipped with the classic Nagios UI, which includes the cgi-bin files. The authors have decided to remove it for security reasons and they don't intend to bring it back. This decision results in all third-party smartphone apps (such as aNag) to effectively stop working. This document explains how to get back Nagios cgi support.
This howto explains how to check for linux updates on CentOS, Redhat, Fedora, Debian, Ubuntu and OpenSUSE systems using Checkmk 1.6.0 / 2.0.0 Raw Edition. You will also learn how to set a custom check interval for update checks so that you are not hammering update servers (the WATO way doesn't work). This will make update checks asynchronous and massively decrease resource usage. Download my patched linux-updates plugin for RHEL/CentOS/Fedora which now also works with Checkmk 2.0.0.
I am getting a lot of hits on this article, so obviously people love exploring my collection of helpful Proxmox commands. You might find out about some interesting stuff that you didn't know yet. Feel free to leave a comment with other day to day commands you regularly use.
Using the Disk Cleanup Tool regularly is a nice thing to strip down the WinSXS folder, however for sysprepping machines this is not sufficient as it will skip the updates from the past 30 days. Use this tutorial to create really small images of a Windows installation by squeezing the last unnecessary bits out of your WinSxS folder.
Hurricane Electric offers free accounts for using their DNS servers. Primary DNS zones also offer dynamic DNS records. Once you generate a DDNS key for these hostnames, you can configure your Fritz!Box to update your hostname with both IPv4 and IPv6 addresses (A and AAAA records) at the same time or update your tunnelbroker client IPv4 address.
If you are using pfBlocker NG, you might eventually end up receiving no more e-mails from Google's Gmail service, depending on which RBL lists you use. For example, spamcop is known to repeatedly block networks that host Gmail SMTP servers. This may be a problem for you, because everyone and their grandmother is using Gmail.
Never again you will need to worry about HTTPS-enabling your NAS, your local webserver, your fileshare, your mediacenter and whatever else. Caddy will do that for you. Automatically. And Caddy will also make sure the certificates get re-issued automatically. This tutorial explains how to set up a Caddy v1 reverse proxy.
If you intend to reinstall your operating system, your Keybase device configuration must be backed up otherwise you will lose the device. The impact of this may be so harmful that it can lead up to an account reset, which makes you lose all kbfs files, teams, devices and more. Even worse, stuff like teams, device names are permanent and as such cannot be reused. This tutorial helps.
To my surprise this is the most visited document within my wiki. This tutorial explains how to list and delete banned hosts when using Fail2Ban. There are multiple approaches depending on the Fail2Ban version in use, which are all covered in this article.
This document features most things you will need when working with SELinux, how to debug issues and what to do when stuff gets blocked. You will even learn how to compile selinux modules.
One requirement for testing a DHCP server is that the DHCP client is using a different MAC address than the DHCP server (or in other scenarios, a different mac address than the existing client network interface if that interface is already receiving a lease from the same DHCP server). One could grab a notebook to test DHCP or set up a virtual machine, but the easiest way to accomplish this is to use a virtual interface which provides a unique mac address.
Another program I hacked together the other day. Multi-threaded (parallel) tar.bz2 archiving of a directory with lowest priority CPU and I/O scheduling. Utilizes all cpu cores and detaches into background, will syslog when it's done. Will install missing dependancies on RHEL based operating systems. Packages available for many distros.
By default, on Windows 10 and Windows Server 2019 all features and roles are copied to disk even if they are not installed. This allows for fast role and feature installations and consistent patching. To reduce the footprint of your Windows installation, all unused features can be removed.
You may be experiencing a critical issue on a remote machine running Windows 10 Pro 1903 when disconnecting from an RDP session. One CPU core may end up using 100% CPU. If logging in from the console, the CPU load would go back to normal. However, in some cases, a reconnect via RDP might eventually freeze the entire operating system. Here is the fix!
If you are running Windows 10 on an isolated VM or retro PC with less than 500MB of memory, you may realize that most of the memory is actually used by Defender and Windows Firewall compononents. There is a way to entirely disable these components and prevent them from loading into memory on boot. This is a terrible thing to do, but the following will save you a few hundred megs in RAM usage.
Windows Server 2019: Server Core Cheat Sheet (Work in progress)
This is a collection of commands to make your life easier when installing Windows Server 2019 (Standard/Datacenter) Core. This is especially helpful if you can't or don't want to use Remote Server Administration Tools or Windows Admin Center.
I hacked this together the other day. Follow this tutorial to get a good looking pfSense login page. You will need SSH access to your pfSense installation and replace a .css file on the webserver. Use at your own risk.
These are the documents that are available to your access level. To propose changes, leave a comment on a page or chat Chotaire.