Category Archives: General

Debug systemd and define a loglevel

In the past days I had to debug quite old (up2date “enterprise”) software. It ships with multiple bash and sh scripts that together start a java service. All nicely wrapped into a sysv init script. Wrapped in a systemd unit. … Continue reading

Posted in General, Linux, Short Tips | Leave a comment

systemd unit hardening followup followup

I did some more research on systemd hardening and found another blogpost series that I can highly recommend: https://www.ctrl.blog/entry/systemd-service-hardening.html . The first article is quite similar to mine, but the followup articles go a bit more into details. Check them … Continue reading

Posted in General, IT-Security, Linux, Short Tips | Leave a comment

Puppet PQL Queries

PQL syntax can be a bit tricky/ugly. It took me some time to figure this out so I thought sharing it isn’t a bad idea. Get all nodes with a specific class in their last catalog This gives us a … Continue reading

Posted in General, Linux, Puppet, Short Tips | Leave a comment

PostgreSQL: Do a VACUUM FULL without exclusive locks!

So, a strange title today. What’s an exclusive lock, what’s a vacuum, why can it be full and what has all this to do with PostgreSQL you might ask yourself. How PostgreSQL deletes data In very short: If you delete … Continue reading

Posted in General, Linux | Leave a comment

systemd unit hardening followup

at https://blog.bastelfreak.de/2022/01/systemd-unit-hardening/ I blogged about systemd hardening. While doing some research for a followup post I discovered https://docs.arbitrary.ch/security/systemd.html. This covers *a lot* about systemd hardening and general linux optimization. I can highly recommend reading the whole documentation (and it kinda … Continue reading

Posted in General, IT-Security, Linux, Short Tips | 1 Comment

Setup Gentoo on a Hetzner server

I really like Gentoo for their awesome package manager, Portage. Gentoo is a really flexible distribution that you can customize (and break) in many ways. It’s a good opportunity to learn a lot about linux. I documented the installation process. … Continue reading

Posted in General, Linux, Virtualization | Leave a comment

systemd-networkd + wireguard configuration

As mentioned in the previous post, networkd is quite nice for network configurations. It can also configure network devices, such as wireguard tunnels. The following config can go into a .netdev file (like /etc/systemd/network/as3668-1.netdev): The configuration reads the private key … Continue reading

Posted in General, Linux, Puppet | Leave a comment

systemd-networkd configuration

Systemd is used in all major Linux distributions. One of the components, systemd-networkd, provides a unified way to manage network interfaces and related settings (like routes, MTU) in a inifile-like way. This is quite awesome because it enables system administrators … Continue reading

Posted in General, Linux, Virtualization | Leave a comment

systemd unit hardening

Systemd provides many hardening options for units. systemd-analyze security provides a nice overview for all services and their exposure level: What do those levels mean and how can we improve it? Let’s take a closer look (Screenshot of my already … Continue reading

Posted in General, Linux | 1 Comment

Puppet control repo layout for puppet apply and agent/server Setup

The control repository in a Puppet context is usually a git repository that contains your Puppetfile. The Puppetfile has links to all modules in your environment and their version that shall be deployed. Besides the Puppetfile, Hiera data is often … Continue reading

Posted in General, Linux, Puppet | Tagged , | Leave a comment