Not all compliance guidance is technically correct. A DISA STIG remediation for Ubuntu 22.04 LTS recommends applying permission mode 2640 to systemd-journal directories — a setting that removes execute permissions and can disrupt core logging functionality. This post examines the issue in detail, explains why the recommendation is flawed, and outlines a safer, technically sound approach for administrators who need to balance compliance with system integrity.
Keeping your origin server properly locked down is an important step when running behind Cloudflare. This post explains how to automatically maintain Cloudflare’s constantly changing IP ranges using `ipset`, and how to integrate them with UFW so that only Cloudflare’s proxy network can reach your web ports. With boot-time restoration and scheduled updates, you can prevent direct-to-origin access, strengthen your firewall setup, and ensure all traffic continues to benefit from Cloudflare’s protection layer.
Wazuh decoders for the Uncomplicated Firewall (ufw) from Ubuntu 24.04 do not work because they expect a different format of log entries. This article explains how to fix this with custom decoders and custom rules.
Login Failure Daemon (lfd) is a process that monitors the authentication log and matches all its lines against the set of regular expressions to detect login attempts that continually fail within a short period of time. It is often used to detect login failures of SSH connections. However, the regular expressions lfd uses to detect brute force attacks contain severe errors, and an attacker can exploit those bugs to cause a denial of service attack.
To delete all old ReplicaSets in Kubernetes, you can use the following one-liner:
kubectl get rs -A -o wide | tail -n +2 | awk '{if ($3 + $4 + $5 == 0) print "kubectl delete rs -n "$1, $2 }' | sh
It is not always convenient to manage the cluster from the console; a web dashboard is sometimes much more convenient. In this post we will learn how to set up automatic certificate renewal with cert-manager, expose the Kubernetes Dashboard to a public Ingress over a secure connection, and configure simple basic authentication as an addition security layer.
In Alpine Linux 3.11, there is an issue with Varnish Cache: reload operation always fails. In this post, I try to analyze why this happens, and provide a patch that solves the issue.
When experimenting with Docker Swarm, I decided to set up five more nodes on my local computer. I used Alpine images in the LXC, and tried to use Docker in them. Although docker stared successfully, it was impossible to deploy any services to Alpine nodes, deployment failed with “cgroups: cannot find cgroup mount destination: unknown” error message.
Because I dislike when something that should work, does not work the way I expect it to work, I decided to dig deeper and try to fix the problem.
I needed a small container for experiments to run on my systemd-based machine. LXC and LXD were out of the question. However, systemd has systemd-nspawn tool, which I used to build a container.
The size of the resulting rootfs is around 8.7 MB
Looks like some people on Twitter have just discovered `update-motd` and, in particular, /etc/update-motd.d/50-motd-news.
TL;DR: just run this if you want to disable motd-news:
sudo sed -i 's/^ENABLED=.*/ENABLED=0/' /etc/default/motd-news