Monthly Archives: January 2022

systemd unit hardening followup followup

Posted on 19. January 2022 by bastelfreak

I did some more research on systemd hardening and found another blogpost series that I can highly recommend: https://www.ctrl.blog/entry/systemd-service-hardening.html . The first article is quite similar to mine, but the followup articles go a bit more into details. Check them … Continue reading

Posted in General, IT-Security, Linux, Short Tips | Leave a comment

Puppet PQL Queries

Posted on 11. January 2022 by bastelfreak

PQL syntax can be a bit tricky/ugly. It took me some time to figure this out so I thought sharing it isn’t a bad idea. Get all nodes with a specific class in their last catalog This gives us a … Continue reading

Posted in General, Linux, Puppet, Short Tips | Leave a comment

PostgreSQL: Do a VACUUM FULL without exclusive locks!

Posted on 10. January 2022 by bastelfreak

So, a strange title today. What’s an exclusive lock, what’s a vacuum, why can it be full and what has all this to do with PostgreSQL you might ask yourself. How PostgreSQL deletes data In very short: If you delete … Continue reading

Posted in General, Linux | Leave a comment

systemd unit hardening followup

Posted on 9. January 2022 by bastelfreak

at https://blog.bastelfreak.de/2022/01/systemd-unit-hardening/ I blogged about systemd hardening. While doing some research for a followup post I discovered https://docs.arbitrary.ch/security/systemd.html. This covers *a lot* about systemd hardening and general linux optimization. I can highly recommend reading the whole documentation (and it kinda … Continue reading

Posted in General, IT-Security, Linux, Short Tips | 1 Comment

Migrate CentOS 8 to AlmaLinux

Posted on 8. January 2022 by bastelfreak

CentOS 8 is dead since the end of 2021 (while CentOS 7 still has support but is really really old). There are a few alternatives. You can upgrade to CentOS Stream, to AlmaLinux or Rocky Linux. CentOS Stream is an … Continue reading

Posted in Linux, Short Tips | Leave a comment

DNS Setup for own domains

Posted on 7. January 2022 by bastelfreak

There are many different options to operate your own domain. From a registrar you buy a domain name. The registrar publishes NS records to the registry. Those NS records point to nameservers (or DNS servers or authoritative DNS servers). Registrars … Continue reading

Posted in Linux | Leave a comment

Setup Gentoo on a Hetzner server

Posted on 6. January 2022 by bastelfreak

I really like Gentoo for their awesome package manager, Portage. Gentoo is a really flexible distribution that you can customize (and break) in many ways. It’s a good opportunity to learn a lot about linux. I documented the installation process. … Continue reading

Posted in General, Linux, Virtualization | Leave a comment

systemd-networkd + wireguard configuration

Posted on 5. January 2022 by bastelfreak

As mentioned in the previous post, networkd is quite nice for network configurations. It can also configure network devices, such as wireguard tunnels. The following config can go into a .netdev file (like /etc/systemd/network/as3668-1.netdev): The configuration reads the private key … Continue reading

Posted in General, Linux, Puppet | Leave a comment

systemd-networkd configuration

Posted on 4. January 2022 by bastelfreak

Systemd is used in all major Linux distributions. One of the components, systemd-networkd, provides a unified way to manage network interfaces and related settings (like routes, MTU) in a inifile-like way. This is quite awesome because it enables system administrators … Continue reading

Posted in General, Linux, Virtualization | Leave a comment

systemd unit hardening

Posted on 3. January 2022 by bastelfreak

Systemd provides many hardening options for units. systemd-analyze security provides a nice overview for all services and their exposure level: What do those levels mean and how can we improve it? Let’s take a closer look (Screenshot of my already … Continue reading

Posted in General, Linux | 1 Comment