Salt is a great choice for a configuration management system. I have found that it scales well, both in terms of number of nodes, and complexity of configurations. However, I have found one aspect of Salt that remains under-developed: Salt doesn’t have great support for custom groupings of minions. Minion groups (which could also be […]
Dynamic node groups with Salt Read More »
If you operate a Netgear switch in an environment that is subject to compliance requirements such as PCI or HIPAA, you are probably doing vulnerability scans, and the HTTP management interface of your switches will generate medium vulnerabilities (at least from Nessus): SSL Self-Signed Certificate SSL Certificate Cannot Be Trusted SSL Certificate Expiry It IS
How to use SSL/TLS certificates on a Netgear M4200/4300 switch Read More »
Ubiquiti publishes detailed data sheets for all of their products, but it’s hard to find all the information you need in one place for comparison purposes. That’s the purpose of this article. First Generation Access Points It can be confusing to distinguish between the generations of UniFi access points; you have to look at the
2020 Ubiquiti Wireless Access Point (WAP) Roundup Read More »
Most business-class switches and routers support monitoring via SNMP. The main barrier to implementing SNMP monitoring is that so many parameters can be monitored, and it can be very hard to isolate the most important parameters. This example shows how to monitor the status of a specific port. Note that the term “port” includes link
Monitoring a switch or router port via SNMP Read More »
openssl is the standard open-source, command-line tool for manipulating SSL/TLS certificates on Linux, MacOS, and other UNIX-like systems. I recently ran into an interesting problem using openssl to convert a private key obtained from GoDaddy. Someone else used GoDaddy’s “wizard” interface to generate a certificate signing request (CSR) and private key, and saved the files
openssl unable to read/load/import SSL private key from GoDaddy Read More »
The latest Nginx rpm (nginx-1.16.1-1.el7) from EPEL for CentOS/Redhat is a fairly major update, from version 1.12 to 1.16, and includes some very important fixes to address multiple CVEs. There is another small but critical change in the latest RPM that isn’t mentioned in the bug report. RedHat had configured nginx to run as user “apache”
Nginx default user changed in RedHat/CentOS package nginx-1.16.1-1.el7 Read More »
How to fix “permission denied” error when attempting to mount a CIFS share on RedHat/CentOS Linux 7.
mount.cifs error 13 after update (CentOS/RedHat Linux 7.6) Read More »
You probably have at least a few business-class switches and routers silently do their job, year after year. Network devices can be so reliable that we configure them once, and then forget that they exist. However, forgetting them is a really bad idea, since they require regular OS or firmware updates to patch vulnerabilities, and
Secure, Automated Network Device Backups Read More »
Google Cloud SQL recently introduced the capability for an instance to have an IP address within the private address space of your VPC network. Previously, all Cloud SQL instances had IP addresses within the address space of the public Internet. Obviously, the public IP was a security and privacy concern, as well as a potential
Another Reason to Enable Private IP Addresses on Google Cloud SQL Read More »
I have a QNAP NAS at home which I use for file storage. It shares several folders with the family’s Mac, Linux, and Windows computers. Many of these files are are irreplaceable, especially our digital photos, so I back them up to the cloud. QNAP provides the Hybrid Backup and Sync application, which supports multiple
QNAP NAS: Backup & Sync to Google Cloud Storage Read More »