Author Archives: blogger

Run Jenkins and Jenkins agents on Docker

I have managed a Gitlab instance for a couple of years, but for some organizations, Gitlab is overkill. For some people, Gitea is enough. However, Gitea does not have production-ready CI/CD yet. Fortunately, it’s possible to link Jenkins to Gitea. … Continue reading

Posted in Docker, Linux | Tagged , , , , , , | Leave a comment

Suricata and fail2ban

In case you want to ban IP addresses based on Suricata fast.log, here is the filter you need: In the jail configuration, I suggest you change the default blocktype from REJECT to DROP. Edit 2023-03-24: you may want to use … Continue reading

Posted in Computer, Linux, Networking, Security, Ubuntu | Leave a comment

ChatGPT: standard prompt

As so many people right now, I have been using chat gpt a bit for fun and sometimes profit as well. Experts out there seem to agree on the following starting prompt for best results: Ignore all previous instructions before … Continue reading

Posted in artificial intelligence, Computer | Leave a comment

Traefik & Grafana: auto-login based on source IP

If you want to automatically (or force a specific) login requests to Grafana coming from a given source IP with Traefik, you can do it with a separate router and a middleware. This requires basic authentication to be enabled on … Continue reading

Posted in Computer, Docker, Linux | Leave a comment

Fortigate: SAML authentication in firewall policy with Keycloak

First, create a new Single Sign-On authentication under User & Authentication. As of version 7.0.6, the GUI does not specify ports and does not let you change them either. To work around this, use the CLI. Default ports used by … Continue reading

Posted in Networking, Security, Uncategorized | Leave a comment

CentOS 8 End of Life: upgrade to CentOS Stream

CentOS 8 End of Life has been effective since January 31 2021, official mirrors do not provide any packages anymore. Here is how to upgrade to latest release of CentOS 8 and switch to Stream. As always, prior to any … Continue reading

Posted in CentOS, Computer, Linux | Leave a comment

Elasticsearch in Docker: threat intelligence with filebeat

Goals: collect observables from supported feeds collect observables from unsupported feeds with elastic-tip

Posted in Computer, Docker, Linux, Networking, Security | Tagged , , , , , , , | Leave a comment

Elasticsearch in Docker: quick notes

Goals: single node elasticsearch single node kibana password for all accounts https between all components behind traefik future post: collect network logs (routers) future post: collect application logs (web servers, dns servers, docker) future post: collect application metrics future post: … Continue reading

Posted in Computer, Docker, Linux, Networking | Tagged , , , , , , , | Leave a comment

Traefik reverse-proxy with ModSecurity

Traefik itself does not include WAF capabilities. If you want to add this capability, you can opt to replace Traefik with Apache httpd or nginx coupled with ModSecurity, however you loose the autoconfiguration of Traefik. Fortunately, Alexis Couvreur has developed … Continue reading

Posted in Computer, Docker, Linux | Tagged , , , , , , , , | Leave a comment

Backup gitea container

Gitea is great when you want a fast, light and yet user-friendly git repositories. Alternatives would be Gogs, Gitlab or even Github. Gitea documentation tells you to use docker exec to perform a backup. However, this prevents you from using … Continue reading

Posted in Computer, Linux | Tagged , , , , , | Leave a comment