Storage deduplication technology has been on the market for quite some time now. Unfortunately all of the implementations have been vendor-specific proprietary software. With VDO, there is now an open-source Linux native solution available. Red hat has introduced VDO (Virtual Data Optimizer) in RHEL 7.5, a storage deduplication technology bough with Permabit in 2017. Of course it has been open-sourced since then. In contrast to ZFS which provides the same functionality on the file system level, VDO is an inline ….Read More
Category: Linux
Using MTA-STS to enhance email transport security and privacy
Overview SMTP is broken by design. It comes from a time when communication partners trusted each other and the NSA was intercepting facsimiles and phone calls instead of internet traffic. To enhance privacy, in 2002 RFC 3208 was added to the SMTP protocol. Unfortunately STARTTLS is only optional, it is not allowed to only accept encrypted connections. The RFC states: A publicly-referenced SMTP server MUST NOT require the use of the STARTTLS extension in order to deliver mail locally. That ….Read More
Centrally manage SELinux user mapping with (Free)IPA
SELinux allows to confine users with SELinux user mappings. This article covers some basics about the confinement of users and shows how to manage them in central way with the help of (Free)IPA. It will greatly enhance your systems security. SELinux is available and enabled on all Red Hat based distributions such as RHEL, CentOS and Fedora. for the basics please have a look at article. Before proceeding with the examples in this article: ensure your system is running in ….Read More
Using modern Protocols like HTTP/2 and QUIC
First there was HTTP, then HTTP/2 and now HTTP/2 over the QUIC protocol. Lets have a look at the available HTTP Clients and Servers that support HTTP/2 and the experimental QUIC protocol. Introduction The Hypertext Transfer Protocol (HTTP) was invented in 1991. Up to 2015 then there was only little to no evolution. In 2015 the HTTP/2 protocol was defined as a standard. HTTP/2 is much more efficient that its ancestors. It features multiplexing, stream prioritization, binary transmission and much ….Read More
Leveraging Network-Bound Disk Encryption at Enterprise Scale
Network-Bound Disk Encryption (NBDE) adds scaling to LUKS by automated disk unlocking on system startup. Why should I encrypt disks? If you dont want to see your corporate and private data leaked, you should do so as an additional security measure. Use cases There are basically two use cases for disk encryption. The first one is to prevent data leaks when a device gets stolen or lost (mobile computers, unsecured server rooms etc.). Theft of devices is usually not a ….Read More
Blueborne – How to disable Bluetooth in Fedora
Yesterday 2017-09-13 Redhat released infomation about the mitigation of the Blueborne vulnerability in RHEL: https://access.redhat.com/security/vulnerabilities/blueborne. For Fedora the new updates are probably still in the build queue and/or being QAed by the community. For a quick fix, you can disable Bluetooth similar than in RHEL: Stopping Bluetooth related service systemctl stop bluetooth.service systemctl disable bluetooth.service systemctl mask bluetooth.service Disable the Kernel modules echo “install bnep /bin/true” >> /etc/modprobe.d/disable-bluetooth.conf echo “install bluetooth /bin/true” >> /etc/modprobe.d/disable-bluetooth.conf echo “install btusb /bin/true” >> /etc/modprobe.d/disable-bluetooth.conf ….Read More
Improve your bash shell working experience
This article shows some hints how to improve your bash shell working experience to reach higher productivity. Just simple shortcuts that are not so well known. Using the History The bash history is underestimated when it comes to usability. Here some nice stuff to do with the history. Search the history Every command is kept in the history. The simplest way to use the history is using the cursor-up/down keys. Most users are aware or [ctrl]-r. Usually you hit [ctrl]-r ….Read More
Manually enroll SLES12 systems to Redhat IdM
RHEL and Ubuntu systems leverage the ipa-client software to easily enrolled them to a Redhat IdM system. Unfortunately SLES12 lacks the required packages. Nevertheless, SLES12 systems can be enrolled manually. This article is about how to achieve this. Why using IPA for SLES systems? Most organizations are not pure RHEL or pure SLES shops, the reality shows a heterogeneous mix of Linux distributions in corporate data centers. It makes sense to use the same authentication and authorization system to manage ….Read More