The ramblings of a computer geek
Firstly, a disclaimer. Although you can store values, specifically secrets (e.g. passwords) within Environment Variables so that you are not storing them in your Terraform template code there are better ways, for example by use of a formal Secrets Management solution. However, this article will show you how you can use Environment Variables to “safely” … Read more
Following on from a previous article https://geekmungus.co.uk/?p=4510 we now investigate some more into using Ansible for configuration management and installations. As something we can use as an example, we’re going to setup a simple Bind DNS server, which we can use to explore how to manage the installation of Bind and it’s configuration within Ansible. … Read more
Although there are other ways to do it, here is a quick way to tree list directories and files:
Sometimes you have some kit that is just old and isn’t supporting the recent (and secure) key algorithms, if you need to connect (with some consideration of the security implications) you can use something like the below. The “-v” means verbose, you can see when connecting what the end point is offering, then you can … Read more
IPerf is a tool that can be used to measure the bandwidth and quality of a network link. Its a useful little tool, so I’ll introduce some of the basics of how you can use it to perform some tests. Bear in mind this is not an exhaustive guide, there are many tweaks that can … Read more
If you need to perform a Ping scan of a subnet, you can use the following command, its quick and dirty approach, although its not really that quick when it comes to actually running. The below will scan the subnet 192.168.1.0/24, from 192.168.1.1 to 192.168.1.254. If you want to speed things up a bit, you … Read more
Allow a connection from a particular remote IP address to any IP address on the local machine on a specific port (TCP & UDP). Verify with:
Setting up network bonding between two 10Gbit NICs within a physical machine; this assumes Active-Standby bonding so a link down event on one NIC will cause the other to become Active, no LACP or switch side configuration is required in this case. The documentation assumes you are running under root, stick sudo in front of … Read more
Creating a user account with a home directory and setting the default shell as BASH, can be done as follows, add “sudo” to the front as required. If you need your account to have sudo rights, you can specify the “sudo” group upon creation, as follows:
A quick example on Ubuntu Linux 22.04 LTS. I had the need for a particular user to have “passwordless” sudo ability. Its not best practice to do this, however if you are restricting the command or commands that a user can run with “passwordless sudo”, you are balancing functionality and security as well as you … Read more