Jun 14, 2022 - security kubernetes

# The Problem I recently set up Loki and Promtail in my Kubernetes cluster, which does a great job and finding any logs pushed to `stdout` just by using the default service discovery from the helm chart. However I'm also running an opnsense router, and I wanted to be able...

Apr 23, 2017 - linux security

Last time I wrote about using the [`--reference` flag](/cloning-linux-perms.html) for quickly replicating various aspects of permissions in Linux. Today's post is how to copy files and retain various attributes, like permissions, ownership, and SELinux context. First, a little background on how permissions are set when copying. ## How Permissions are...

Apr 15, 2017 - linux security

Ever have that moment where you're working on your SELinux enabled webserver and you've put in a fancy new file into `/var/www/html` and the darn thing just won't show up properly, even though everything else is working? Then that sinking realization that you have to deal with three different aspects...

Apr 30, 2016 - security education

Perodically I'll get asked for recommendations for good resources to get started learning about information security. I've written reviews on a number of books, and on a handful of other sources, so I thought I'd collect together some of those, as well as make some new recommendations. Most of these...

Feb 16, 2016 - web programming security tomcat

Apache Tomcat crops up a lot, and frequently having been configured by someone without a lot of security background. I'll spend a little bit of time looking at some of what you can do to improve security at a high level - I won't be giving step by step instructions,...

Dec 8, 2015 - paloalto firewall javascript security administration

Background ---------- Recently I enabled Safe Search Enforcement on a Palo Alto firewall. This blocks search results from Google, Bing, Yahoo, YouTube, and Yandex if their respective versions of safe search aren't enabled. By using the JavaScript code that Palo Alto provides (you can see it in the [Administrator's Guide...