This post is about multiple components involved in deploying FreeBSD to a VMware environment. Since there are many moving parts this may also be interesting in general to anyone doing “infrastructure as code” and cloud deployments, the process is quite similar for Linux.
Using signed-by in Debian repository configuration
On newer versions of Debian and Ubuntu, the way repos are authenticated through public keys has changed somewhat. Here’s what I’ve found.
LetsEncrypt DNS wildcard certificates with HAProxy
Wildcard certificates are really useful, especially in cases where you are using a load balancer like HAProxy that targets multiple backends serving separate subdomains.
Using curl to pass videos to VLC on Apple TV
VLC has always been a great piece of software, but one place where is really shines is on iOS/tvOS since it allows you to play pretty much any video file, and you can send that file over curl.
MAC spoofing on Wi-Fi with captive portals
Not all devices are capable of handling captive portals. Problematic devices usually include older hardware with outdated browsers, such as “smart” TVs, gaming consoles and the like.
Manual disk encryption on Ubuntu
Ubuntu makes it very easy to set up full disk encryption, but it requires you to wipe the entire disk if you want the wizard to do it for you, so this is how you can set it up manually.
Encrypted LUKS file container
While Linux Unified Key Setup — LUKS
— is mostly used to encrypt entire disks under Linux, it can also be used to easily create an encrypted file container. This can be used as an alternative to encrypting something like a .tar.gz
file directly, and will be easier to mount and read, without having to write decrypted data to disk.
Linux Sysadmin Scratchpad
This page is a collection of useful commands or one-liners collected through the years. They are sorted in general categories, but I’ve attempted to describe them as well as I can so hopefully CTRL+F will work decently if you know what you’re looking for.
fail2ban on EL8
fail2ban is commonly used to take a certain action, such as automatically blocking an IP, after repeated authentication failures or other generally bad behavior against applications, as detected by regex matching against log output.