Category Archives: Short Tips

Debug systemd and define a loglevel

In the past days I had to debug quite old (up2date “enterprise”) software. It ships with multiple bash and sh scripts that together start a java service. All nicely wrapped into a sysv init script. Wrapped in a systemd unit. … Continue reading

Posted in General, Linux, Short Tips | Leave a comment

systemd unit hardening followup followup

I did some more research on systemd hardening and found another blogpost series that I can highly recommend: https://www.ctrl.blog/entry/systemd-service-hardening.html . The first article is quite similar to mine, but the followup articles go a bit more into details. Check them … Continue reading

Posted in General, IT-Security, Linux, Short Tips | Leave a comment

Puppet PQL Queries

PQL syntax can be a bit tricky/ugly. It took me some time to figure this out so I thought sharing it isn’t a bad idea. Get all nodes with a specific class in their last catalog This gives us a … Continue reading

Posted in General, Linux, Puppet, Short Tips | Leave a comment

systemd unit hardening followup

at https://blog.bastelfreak.de/2022/01/systemd-unit-hardening/ I blogged about systemd hardening. While doing some research for a followup post I discovered https://docs.arbitrary.ch/security/systemd.html. This covers *a lot* about systemd hardening and general linux optimization. I can highly recommend reading the whole documentation (and it kinda … Continue reading

Posted in General, IT-Security, Linux, Short Tips | 1 Comment

Migrate CentOS 8 to AlmaLinux

CentOS 8 is dead since the end of 2021 (while CentOS 7 still has support but is really really old). There are a few alternatives. You can upgrade to CentOS Stream, to AlmaLinux or Rocky Linux. CentOS Stream is an … Continue reading

Posted in Linux, Short Tips | Leave a comment

Dovecot: Apply sieve filter to existing emails

I recently restructured my email setup and updated my sieve filter (server side email filtering). I now have a sieve configuration file that’s way stricter. Many of the emails in my INBOX would now be sorted into subfolders, but Dovecot … Continue reading

Posted in General, Linux, Short Tips | 1 Comment

Thunderbird: Hide local hostname in mailheaders

By default, thunderbird uses the local hostname within the SMTP-Submission dialog with the mailserver. There might be situations where you have a hostname that exposes private data, like a company name. Sometimes this is very helpful for debugging, but sometimes … Continue reading

Posted in General, Linux, Short Tips | Tagged | Leave a comment

Short Tip: Install shellcheck on an outdated CentOS

I’ve to install shellcheck on a CentOS 7 box, this is the latest CentOS version. The tool is a great linter for bash scripts, which I want to integrate into our CI pipeline. shellcheck isn’t packaged so I will build … Continue reading

Posted in General, Linux, Short Tips | 2 Comments

Short Tip: Installing msgpack on outdated boxes (ruby1.9.1)

I’m using msgpack to serialize the data between my puppet agents and the masters. Recently I had to puppetize an old Debian Wheezy box. I’ve to install msgpack in advance: # gem install msgpack Building native extensions. This could take … Continue reading

Posted in General, Linux, Puppet, Short Tips | Leave a comment

Linux Short Tip: systemd-networkd and DNS servers

You maybe have noticed that you can configure DNS servers in your systemd-networkd settings, but these addresses don’t appear in /etc/resolv.conf. You need to enable/start systemd-resolved, this daemon checks global DNS settings in /etc/systemd/resolved.conf, DNS settings for each link from … Continue reading

Posted in 30in30, General, Linux, Short Tips | 2 Comments