Getting a transparent proxy up and running can be troublesome especially getting it to terminate the HTTPS (TLS) connection, inspect it (if need be) and re-terminate it. Most businesses these days don’t want to actually inspect the traffic but can’t go without some-kind of internet monitoring so a minimalistic transparent
Read more
Week 1. I will update this in week 2 when i’ve spent more time troubleshooting little issues and added a few more devices. I’ve spent the past week installing, configuring, learning and experimenting with Google Home automation. For the most part it has been an easy exercise but it comes
Read more
This article is a short walk-through demonstrating the process of installing and configuring mod_security on Apache. In this tutorial, we’ll be using CentOS 7. We’re starting with a pre-configured and running web server running httpd listening on port 80 and 443. There’s no other services such as Varnishor Nginx running.
Read more
This article shows the Jason for a custom IAM policy to allow snapshots with the minimum required access. I bet it can be improved upon but this is pretty close. { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “ec2:CreateSnapshot”, “ec2:DeleteSnapshot”, “ec2:Describe*”, “ec2:CreateTags” ], “Resource”: “*” } ] }
Read more
This article shows how firewalld priorities rules and zones. The priority of zones is in alphabetical order. So the “block” zone is checked before the “dmz” done. And within a zone, the rules are applied in the order they were added. As we know, rules are in the order they
Read more
There are two issues with creating EC2 snapshots on a schedule. First the AWS recommended way doesn’t allow for custom names for snapshots which we use for identifying the source or schedule. Second the AWS IAM doesn’t have a built-in policy that allows it. So this article provides an example
Read more
This article notes the AWS EC2 Security Group that should be associated with an EC2 to permit a roaming VPN client to connect to an IPSec/L2TP hosted on a server within AWS. * TIP: The AH and ESP are entered in as just numbers, not the “AH” and “ESP”.
Read more
This article is a quick note on how to improve OpenSSH server security on Redhat Enterprise Linux and CentOS 6 and 7. This is not about Passwords-v-Keys (use keys, not passwords) but rather hashes, encryption and key exchanges. The “/etc/ssh/sshd_config” file should have the following added to it to ensure
Read more
This article focuses on installing and running RHEL8 (Red Hat Enterprise Linux 8) on VirtualBo. Specifically, this article demonstrates how to install additional driver support to ensure RHEL8 mouse movements and resolutions acre correct. You can see another good article at “https://developers.redhat.com/rhel8/install-rhel8-vbox/”. This article starts from a complete installation of
Read more
This article is the minimal configuration for a Squid transparent proxy with SSL Interception (or bump). We’re using CentoOS 7. This article is based on the good work at “https://www.sbarjatiya.com/notes_wiki/index.php/Configure_squid-3.3_in_transparent_mode_on_CentOS_7_with_SSL_bump” with a few minor changes/corrections. Disable SELinux or put it in permissive mode. Squid works on odd ports. I will
Read more