Category Archives: Linux

OpenSSH CVE-2023-48795 mitigation

If you cannot upgrade your OpenSSH client and/or server to fix CVE-2023-48795, also known as the Terrapin attack, the way to mitigate it is to disable the vulnerable ciphers as Red Hat explains very well. If you have a recent … Continue reading

Posted in Computer, Linux, Networking, Security, Software | Leave a comment

Contabo: A great cloud for personal use

I’m a personal user of Contabo’s cloud services, and I’ve been delighted with them. They offer a wide range of services to choose from, including VPS, dedicated servers, and cloud storage. I’m currently using a VPS to host my personal … Continue reading

Posted in Computer, Linux, Networking, Storage, Virtualization | Leave a comment

ComfyUI: remove metadata from image files

When you generate a file using ComfyUI, metadata are added to the image automatically. Amongst the metadata, there is the full workflow including the prompt. If you want to remove those data, you can use ImageMagick convert with the –strip … Continue reading

Posted in artificial intelligence, Computer, Linux | Tagged , | Leave a comment

Run Jenkins and Jenkins agents on Docker

I have managed a Gitlab instance for a couple of years, but for some organizations, Gitlab is overkill. For some people, Gitea is enough. However, Gitea does not have production-ready CI/CD yet. Fortunately, it’s possible to link Jenkins to Gitea. … Continue reading

Posted in Docker, Linux | Tagged , , , , , , | Leave a comment

Suricata and fail2ban

In case you want to ban IP addresses based on Suricata fast.log, here is the filter you need: In the jail configuration, I suggest you change the default blocktype from REJECT to DROP. Edit 2023-03-24: you may want to use … Continue reading

Posted in Computer, Linux, Networking, Security, Ubuntu | Leave a comment

Traefik & Grafana: auto-login based on source IP

If you want to automatically (or force a specific) login requests to Grafana coming from a given source IP with Traefik, you can do it with a separate router and a middleware. This requires basic authentication to be enabled on … Continue reading

Posted in Computer, Docker, Linux | Leave a comment

CentOS 8 End of Life: upgrade to CentOS Stream

CentOS 8 End of Life has been effective since January 31 2021, official mirrors do not provide any packages anymore. Here is how to upgrade to latest release of CentOS 8 and switch to Stream. As always, prior to any … Continue reading

Posted in CentOS, Computer, Linux | Leave a comment

Elasticsearch in Docker: threat intelligence with filebeat

Goals: collect observables from supported feeds collect observables from unsupported feeds with elastic-tip

Posted in Computer, Docker, Linux, Networking, Security | Tagged , , , , , , , | Leave a comment

Elasticsearch in Docker: quick notes

Goals: single node elasticsearch single node kibana password for all accounts https between all components behind traefik future post: collect network logs (routers) future post: collect application logs (web servers, dns servers, docker) future post: collect application metrics future post: … Continue reading

Posted in Computer, Docker, Linux, Networking | Tagged , , , , , , , | Leave a comment

Traefik reverse-proxy with ModSecurity

Traefik itself does not include WAF capabilities. If you want to add this capability, you can opt to replace Traefik with Apache httpd or nginx coupled with ModSecurity, however you loose the autoconfiguration of Traefik. Fortunately, Alexis Couvreur has developed … Continue reading

Posted in Computer, Docker, Linux | Tagged , , , , , , , , | Leave a comment