openSUSE Leap 16 Initial Server Setup and Hardening
A fresh openSUSE Leap 16 server is reachable over SSH the moment it boots, and straight out of…
A fresh openSUSE Leap 16 server is reachable over SSH the moment it boots, and straight out of…
Telnet sends your username and enable password across the wire in cleartext. SSH does not, and on a…
A factory-fresh Cisco router or switch trusts whoever reaches the console, answers to the generic name Router or…
An SSH tunnel moves a network port from one machine to another inside an encrypted SSH session. No…
Enable FreeIPA 4.12 ACMEv2, issue 90-day RSA certs with certbot and acme.sh, auto-renew via systemd timer and cron.…
Verify, decode, and ship the 128-bit random serial that became default in FreeIPA 4.12. Five proof methods, the…
10 production-tested FreeIPA sudo rules: Defaults, NOPASSWD, RunAs, deny patterns, break-glass, auth-indicator gated, time-bound, AD-trusted, GSSAPI passwordless. Built…
A small FreeIPA lab on Rocky Linux 10 buys you the same identity stack Red Hat ships under…
Rocky Linux 10 dropped openldap-servers from BaseOS. The slapd daemon now lives in EPEL, which means a working…
Two laptops, three home-lab servers, and a VPS in Frankfurt. Old me wired that together with WireGuard, an…
FreeBSD ships without sudo or doas by default, which surprises Linux admins on day one. The base system…
MetalLB fills the one gap that bare-metal Kubernetes has no native answer for: Services of type LoadBalancer. On…