Wednesday, October 20, 2021

5g dev boards

Still looking for a good mmwave antenna to add.

Terraform can now deploy ZT networks

Multicloud and Hybrid just got easier...

Tuesday, August 31, 2021

Mesh VPN's to explore

 While I am a huge fan of the product from ZeroTier, I am also interested in exploring another similar product that I discovered called Tailscale.

Frigate Hassio AI NVR

I am interested to test out this docker container for monitoring a video feed via your personal NVR on HomeAssistant.

Tuesday, June 22, 2021

Ubuntu reset APT sources


Command to reset apt sources in Ubuntu:
printf 'deb %s main multiverse universe restricted\n' "$(lsb_release -sc)"{,-security} > /etc/apt/sources.list

Friday, June 18, 2021

Using the FortiOS API

 I found this great article on on how to setup API's in Fortigate devices. This was difficult to find documentation about so I figured I would call out the good job that they did in publishing this guide.

Monday, May 10, 2021

Nested Esxi article

Great article on using nested esxi.

Monday, May 3, 2021

Wednesday, April 14, 2021

Tuesday, March 30, 2021

Linux Server Default Hardening

### Ubuntu update packages ###

sudo bash
apt-get update
apt-get upgrade -y
apt dist-upgrade -y

### Ubuntu install unattended-upgrades ###

sudo bash
apt install unattended-upgrades -y
dpkg-reconfigure --priority=low unattended-upgrades

### Ubuntu create user ###

sudo bash
adduser <myuser>

### Ubuntu sudo group ###
usermod -aG sudo <myuser>

### Create KeyPairs instead of Passwords on your workstation ###

mkdir ~/.ssh && chmod 700 ~/.ssh #####On your workstation not server####
ssh-keygen -b 4096

### Copy public key to server ###
ssh-copy-id <myuser>@myserver

### /etc/ssh/sshd_config settings to consider changing ###

Port 22
AddressFamily inet
PermitRootLogin no
PasswordAuthentication no

### Restart sshd ###

sudo systemctl restart sshd

I was working this and I found this great video by NetworkChuck's! Please visit his site and like/subscribe to his pages. I am a big fan of his.

STEP 1 - Enable Automatic Updates

Manual Updates:

apt update
apt dist-upgrade

Automatic Updates:

apt install unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades

STEP 2 - Create a Limited User Account

Create a User:

adduser {username}

Add user to the sudo group:

usermod -aG sudo {username}

STEP 3 - Passwords are for SUCKERS!

Create the Public Key Directory on your Linux Server

mkdir ~/.ssh && chmod 700 ~/.ssh

Create Public/Private keys on your computer

ssh-keygen -b 4096

Upload your Public key to the your Linux Server (Windows)

scp $env:USERPROFILE/.ssh/ {username}@{server ip}:~/.ssh/authorized_keys

Upload your Public key to the your Linux Server (MAC)

scp ~/.ssh/ {username}@{server ip}:~/.ssh/authorized_keys

Upload your Public key to the your Linux Server (LINUX)

ssh-copy-id {username}@{server ip}

STEP 4 - Lockdown Logins

Edit the SSH config file

sudo nano /etc/ssh/sshd_config


See open ports

sudo ss -tupln

Install UFW

apt install ufw

See UFW status

sudo ufw status

Allow port through firewall

sudo ufw allow {port number}

Enable Firewall

sudo ufw enable

Reload Firewall

sudo ufw reload

Drop pings

Edit the UFW config file

sudo nano /etc/ufw/before.rules

Add this line of config:

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

Wednesday, February 10, 2021

ZeroTier as a management network

Zerotier is a great open source project that enables a Global Layer 2 network.

ZeroTier, OPNSense and FRRouting

Well written Blog on this topic:

I am a huge fan of the work the guys over a ZeroTier have done in simplifying virtual networks on a Global scale with their Virtual Layer 1 and Virtual Layer 2 networks.

This has made some of my projects much more simple and makes the internet work the way it was supposed to when it was designed as a peer to peer network. It is a good bridge to enable some of the benefits of IPV6 all while still running an IPV4 private network. I will continue to follow this team as they grow this product's features. I just hope that they stay open source so that everyone can use this technology.  

Knolling - The Art of Organizing

I found this article very interesting and soothing to look at how some find organizing relaxing. I don't find the process relaxing myself, but the end product is very artistic to me. Take a look at this article. Thanks Jason for introducing me to this: