mikrotik L2L IPSec with mikrotik Quick and simple lan-to-lan IPSec setup between two mikrotik routers
mining Monero mining with Nvidia on LMDE2 It was quite a hassle to find something that will compile and work under LMDE2 as its still based on Debian 8.10 with an old version of cmake and
mikrotik Ipv6 address propagation on Mikrotik Time to another part of the ipv6 story. We already have ipv6 subnet sharing linux-6to4-mikrotik configured so lets propagate some prefixes across the internal network. Like in the previous blog
ipv6 ipv6 subnet sharing linux-6to4-mikrotik Some ISP gives native ipv6 by default but unfortunately my ISP is not offering v6 protocol. Let's try to delegate a small subnet from my dedicated linux server to my home Mikrotik router.
postfix drop TLS on relay with postfix In some cases people do SSL termination on Load Balancers for HTTPS connection to save CPU. I was wondering if that also possible for SMTP but I've quite quicky find out that its not that easy. General concept +----------------+ +----------------------> POSTFIX | | | relay | | | +-------------&
android Remove built-in analytics from OxygenOS For couple of years I'm a big fan of OnePlus. Watching their moves from the first device I bought. I was a happy user of OnePlus One (that is not
puppet hiera EYAML and GPG problems I'm commonly using hiera-eyaml-gpg inside hiera in puppet and came across quite interesting problem. ASSUMPTIONS Lets assume we have everyting ready to do the encryption around secrets in YAML: hiera-eyaml-gpg installed either gpgme or ruby_gpg gems installed ruby-dev package installed gpg agent working
debian Multiple IPv6 tunnels on single machine Recently my friend asked me to help him to set up multiple ipv6 tunnels on a single linux box. After some reading and initial config decided to drop it as
gpg Make yourself a perfect GPG keypair Create yourself a perfect gpg keypair! Step by step guide to make your gpg working.
ssh Perfect ssh config Recently I've installed latest openssh (7.5p1) to mess around with the config. As i'm having lots of hosts decided to use Include to make things more clear. Here is a basic file structure: ~/.ssh/ ├── config └── config.d ├── crp │ ├── prod │ ├── puppet │ ├── qa │ └── test └── priv
aws Elastic Beanstalk and Invalid Dockerrun.aws.json version I was trying to deploy a multi-container environment on Elastic beanstalk (infrastructure bit was created long time ago using terraform) and during the deployment I've did get a following error:
linux page allocation failure Recently found a problem with my rasbian running on rpi3. I'm using it quite heavily running couple services that are consuming(some of them caching) almost all memory. Here is some dmesg snipet: swapper/0: page allocation failure: order:0, mode:0x2080020(GFP_ATOMIC)
gpg GnuPG basics GnuPG (also known as GPG) is a complete and free implementation of the OpenPGP (RFC4880) standard and allows you to secure your data and communication flows. Its having a command
linux Supermicro IPMIView on linux Graphical IPMI tools make life easier as you don't have to remember commands or syntax and as most GUI tools are provided by the IPMI device vendors, they may offer vendor specific functionality that isn't available in the generic command line tools. Of course,
bash random mac address Fiev "one line" examples to generate a mac address: 1. VMware MAC root@linux ~ # dd if=/dev/urandom bs=1 count=3 2>/dev/null | od -tx1 | head -1 | cut -d' ' -f2- | awk '{ print "00:0c:29:"
linux Openswan IPsec VPN tunnel with McAfee firewall This time I want to gather some info about IPsec VPN and show how to build a "Pre Shered Key" IPsec tunnel between McAfee firewall and linux CentOS
tftp PXE + tftp + dhcp + nfs DHCP Server config: /etc/dhcp/dhcpd.conf: allow booting; allow bootp; option space PXE; option PXE.mtftp-ip code 1 = ip-address; option PXE.mtftp-cport code 2 = unsigned integer 16; option PXE.mtftp-sport code 3 = unsigned integer 16; option PXE.mtftp-tmout code 4 = unsigned integer 8;
mirroring CentOS repo for kickstart Simple and quick way to setup a local CentOS mirror for kickstart. (list of centos mirrors you can find here: http://centos.org/download/mirrors/) I will place it in /repo/centos and I need only the newest version so i skip previous. root@
centos Centos kickstart made quickly First download a netinstall iso as we will be installing everyting from scratch. Lets go with CentOS-6.5-x86_64-netinstall.iso Mount the ISO and copy all files as we will be creating our own image natur@x240 ~ $ sudo mount -t iso9660 -o loop CentOS-6.
linux RAID array on gpt partitions Prepare discs for new array with parted. root@host:~# parted -a optimal /dev/sde GNU Parted 2.3 Using /dev/sde Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) mklabel gpt Warning: The existing disk label on /dev/sde
hostname setting hostname with dhclient This is a very simple and quick way, to set unique linux hostname, when getting address from DHCP.It's based on the dhclient-exit-hooks, so all you need to do is to create a bash script in /etc/dhcp/dhclient-exit-hooks.d In this case, hostname
kickstart Centos 6 kickstart natur@x240 ~/Downloads $ wget http://mirror.for.me.uk/centos/6.5/isos/x86_64/CentOS-6.5-x86_64-netinstall.iso natur@x240 ~/Downloads $ sudo mount -t iso9660 -o loop CentOS-6.5-x86_
linux Checking VGA under linux Let's assume, that you have several graphic cards on your desktop, and you want to see more details about them, because you dont remember exact model number and other stuff. My first look is always lspci but it wont give you the full view.
generate random password There are many "random" password generators available on the internet, generating randomness can be tricky and many programs do not generate random characters in a way that ensures strong security. A common recommendation is to use open source security tools where possible,