Security patch management is a critical aspect of maintaining the security and resilience of an organization's digital infrastructure. It involves the timely identification, testing, and application of software updates to address vulnerabilities in operating systems, applications, and other software components. This proactive approach is essential to prevent security breaches, data breaches, and unauthorized access, safeguarding sensitive information and ensuring smooth system operation. The how-to guide focuses on integrating QualvoSec (you can find more information here ) into an organization's infrastructure to streamline and enhance security patch management processes. QualvoSec is a comprehensive security solution designed to automate and simplify the patch management lifecycle. By following the guide, users can achieve benefits such as automated vulnerability assessment, centralized patch deployment, prioritization of critical patches, real-time monitoring and reporting, customizable policies and scheduling, and seamless integration with existing systems. The integration with QualvoSec provides centralized control over patch deployment, allowing users to .... [read more]
QualvoSec is a robust open-source (based on GPLv3) security patch management tool designed for unattended upgrades on a variety of systems, encompassing mainstream Linux distributions (like Debian, Ubuntu, Garden Linux, RedHat, CentOS, RockyLinux etc.) and BSD-based systems like FreeBSD. This tool empowers operators to exercise control over client systems' patch integration, offering flexibility in managing updates, particularly for crucial components like kernels or glibc. They key features of QualvoSec consists of: * Not running as root * Only specific commands allowed by sudo * Clients pulling information from server * Server provides only a static manifest * Holding the patch windows of clients * No remote code executions * A potential compromised server could not be able to execute code on clients * Health monitoring endpoint on clients * Minimalistic design * Admin tool for creating, deleting and looking up of client patch windows * Fully written in Python3 * .... [read more]
In the ever-evolving landscape of virtualization and server management, one name has consistently stood out for its reliability, versatility, and innovation – Proxmox. Especially now, just after Broadcom dropped the free ESXi solution, Proxmox might be the real gamechanger. Traditionally associated with x86 architectures, Proxmox has been a stalwart companion for enterprises and enthusiasts alike, providing a robust platform for virtualization and container orchestration. However, as technology progresses and the demand for diversity in hardware options surges, the spotlight is now turning towards alternative architectures, with ARM64 emerging as a formidable contender. This blog post aims to unravel the untapped potential of running Proxmox on non-traditional hardware architectures, with a special focus on the ARM64 architecture. As we delve into the benefits, challenges, and the transformative impact of this choice, we invite you on a journey that explores the boundaries of what Proxmox can achieve beyond its familiar x86 habitat. .... [read more]
One of the standout features is the automatic utilization of modern virtualization functionalities supported by KVM, such as Advanced Programmable Interrupt Controller virtualization (APICv). This integration ensures that users benefit from cutting-edge virtualization capabilities, potentially enhancing the performance and responsiveness of their VMs. A noteworthy advantage lies in the fact that KVM is an integral part of the Linux kernel. This implies that users can access KVM directly with every kernel update, ensuring compatibility and optimal performance without the need for additional configurations or driver installations. The streamlined integration with the Linux kernel positions VirtualBox KVM as a robust and reliable choice for virtualization enthusiasts within the Linux ecosystem. It's essential to acknowledge that, due to the shift in the underlying hypervisor from VirtualBox to KVM, there may be variations in guest performance. The extent of these differences is contingent upon the specific workload of the guest VM. Virtualization enthusiasts .... [read more]
This HowTo guides you through the setup process of snac2 on a minimalistic FreeBSD (FreeBSD 14) system to run and serve your own ActivityPub instance within the Fediverse. snac2 is also compatible with Mastodon instances for further interactions. snac2 is a simple, minimalistic ActivityPub instance written in portable C and can run on all Linux and BSD systems. Within this HowTo snac2 will be installed behind a nginx reverse proxy for SSL/TLS offloading. First, we start installing the required package dependencies: pkg install git curl py39-certbot-nginx py39-certbot nginx Afterwards, the snac2 project repository can be cloned and snac2 compiled from the C code source: git clone https://codeberg.org/grunfink/snac2.git cd snac2 make make install Thanks to Stefano (from the BSD Cafe project) for the FreeBSD rc service file to start the snac2 instance. Within the next steps we just copy the rc service file to the right location and prepare everything to .... [read more]
This HowTo guides you through the setup process of snac2 on a minimalistic FreeBSD (FreeBSD 14) system to run and serve your own ActivityPub instance within the Fediverse. snac2 is also compatible with Mastodon instances for further interactions. snac2 is a simple, minimalistic ActivityPub instance written in portable C and can run on all Linux and BSD systems. Within this HowTo snac2 will be installed behind a nginx reverse proxy for SSL/TLS offloading. First, we start installing the required package dependencies: pkg install git curl py39-certbot-nginx-2.6.0 py39-certbot-2.6.0,1 nginx Afterwards, the snac2 project repository can be cloned and snac2 compiled from the C code source: git clone https://codeberg.org/grunfink/snac2.git cd snac2 make make install Thanks to Stefano (from the BSD Cafe project) for the FreeBSD rc service file to start the snac2 instance. Within the next steps we just copy the rc service file to the right location and prepare everything to .... [read more]
In homebrew and macPorts, still an older version is included when it comes to csshx . Unfortunately, this version does not work out of the box anymore with newer macOS installations like macOS 14.5 (Ventura) or macOS 14.6 (Sonoma) and needs some adjustments. csshX (Cluster SSH for macOS) is a command-line utility designed to facilitate managing multiple SSH sessions simultaneously. It allows users to open and control multiple terminal windows or tabs at once, sending the same command inputs to all of them in parallel. This is particularly useful for system administrators who need to perform tasks across multiple servers or machines simultaneously. csshX is a fork of the original Cluster SSH (cssh) tool and is specifically tailored for macOS environments, integrating well with macOS's native terminal applications. Running this tool after the installation might result into the following (and more issues): Unimplemented: POSIX::tmpnam(): use File::Temp instead at /System/Library/Perl/5.34/darwin-thread-multi-2level/POSIX.pm .... [read more]
Operating your own IPv6-capable container registry ( Distribution Registry ) for Docker and Podman offers several advantages. By hosting container images on a dedicated registry, you gain greater control over image distribution, access, and security. With cnt-reg.gyptazy.ch a new IPv6 capable container registry got launched. The use of IPv6 ensures scalability and future-proofing in the increasingly IPv6-dominated networking landscape. This setup provides autonomy in managing container images, reducing reliance on external services. It enhances security by allowing you to implement customized access controls, monitor image integrity, and efficiently manage permissions for Docker and Podman deployments. Moreover, having your own container registry contributes to improved performance, as image retrieval and deployment can be optimized within your network infrastructure. This localized control also reduces dependency on external network conditions, resulting in faster image pulls and more reliable deployments. This container registry hosts multiple open-source and community driven projects like manpageblog and Plutono .... [read more]
BoxyBSD is an innovative service hosted and developed by gyptazy that provides a unique opportunity for enthusiasts, developers, and curious minds to explore the powerful FreeBSD operating system in a risk-free and hassle-free environment. BoxyBSD offers free FreeBSD virtual machines (VMs) served as jails, allowing users to immerse themselves in the FreeBSD experience without the need for complex setups or installations. Embrace the freedom to explore, innovate, and debug with BoxyBSD – your gateway to a temporary yet enriching FreeBSD experience! Each jail has its own public IPv6 address, located in Switzerland. With BoxyBSD, users can enjoy a limited lifetime of 12 hours to play around with FreeBSD, experiment with configurations, and engage in debugging activities. This time window provides ample opportunity for users to delve into the world of FreeBSD, understanding its robust features and optimizing their skills. Whether you're a seasoned developer seeking a quick testing ground or .... [read more]
The BSD Cafe is a thriving community that goes beyond being just a gathering of BSD enthusiasts; it serves as a comprehensive repository of knowledge and experiences shared by its members. The platform features in-depth reviews of BSD-related software and hardware, providing valuable insights into real-world experiences and hardware compatibility. The community aims to assist individuals in making informed decisions when building or optimizing systems for BSD but Linux users are of course also welcome. The founder and guiding spirit of BSD Cafe, Stefano Marinelli , is introduced as our "Barista" and had the idea to create a modern place for BSD enthusiasts which does not only target experienced users. It is also a place for beginners to start and learn using BSD based systems. Beginners will be guided and taugth in systems like FreeBSD , NetBSD , OpenBSD , DragonFlyBSD , helloSystem and all other BSD based systems. Linux .... [read more]
[previous] [next]