home.social

#linuxadmin — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #linuxadmin, aggregated by home.social.

  1. I've been hosting more of my own stuff over time, but keeping up with the maintenance manually has been proving to be too much. I remember 100 years ago as a sysadmin setting up an Ubuntu management server to manage the fleet of Ubuntu servers at work in the style of the Red Hat stuff that did the same. Now I run a variety of instances, and I don't know what kind of orchestration machine I would need to spin up to keep things like OPNsense, remote *nix hosts, etc. up to date. Any recommendations?

    My goal is to use only FOSS whenever possible (leaning towards things on Starlight's NO AI list so I can avoid slopcode running in my network wherever possible.

    #selfhosting #selfhosted #selfhost #askfedi #sysadmin #linuxadmin

  2. I've been hosting more of my own stuff over time, but keeping up with the maintenance manually has been proving to be too much. I remember 100 years ago as a sysadmin setting up an Ubuntu management server to manage the fleet of Ubuntu servers at work in the style of the Red Hat stuff that did the same. Now I run a variety of instances, and I don't know what kind of orchestration machine I would need to spin up to keep things like OPNsense, remote *nix hosts, etc. up to date. Any recommendations?

    My goal is to use only FOSS whenever possible (leaning towards things on Starlight's NO AI list so I can avoid slopcode running in my network wherever possible.

    #selfhosting #selfhosted #selfhost #askfedi #sysadmin #linuxadmin

  3. I've been hosting more of my own stuff over time, but keeping up with the maintenance manually has been proving to be too much. I remember 100 years ago as a sysadmin setting up an Ubuntu management server to manage the fleet of Ubuntu servers at work in the style of the Red Hat stuff that did the same. Now I run a variety of instances, and I don't know what kind of orchestration machine I would need to spin up to keep things like OPNsense, remote *nix hosts, etc. up to date. Any recommendations?

    My goal is to use only FOSS whenever possible (leaning towards things on Starlight's NO AI list so I can avoid slopcode running in my network wherever possible.

    #selfhosting #selfhosted #selfhost #askfedi #sysadmin #linuxadmin

  4. I've been hosting more of my own stuff over time, but keeping up with the maintenance manually has been proving to be too much. I remember 100 years ago as a sysadmin setting up an Ubuntu management server to manage the fleet of Ubuntu servers at work in the style of the Red Hat stuff that did the same. Now I run a variety of instances, and I don't know what kind of orchestration machine I would need to spin up to keep things like OPNsense, remote *nix hosts, etc. up to date. Any recommendations?

    My goal is to use only FOSS whenever possible (leaning towards things on Starlight's NO AI list so I can avoid slopcode running in my network wherever possible.

    #selfhosting #selfhosted #selfhost #askfedi #sysadmin #linuxadmin

  5. I've been hosting more of my own stuff over time, but keeping up with the maintenance manually has been proving to be too much. I remember 100 years ago as a sysadmin setting up an Ubuntu management server to manage the fleet of Ubuntu servers at work in the style of the Red Hat stuff that did the same. Now I run a variety of instances, and I don't know what kind of orchestration machine I would need to spin up to keep things like OPNsense, remote *nix hosts, etc. up to date. Any recommendations?

    My goal is to use only FOSS whenever possible (leaning towards things on Starlight's NO AI list so I can avoid slopcode running in my network wherever possible.

    #selfhosting #selfhosted #selfhost #askfedi #sysadmin #linuxadmin

  6. Looking to strengthen your Linux server security? Our comprehensive guide explores 10 essential hardening techniques for 2026, from SSH keys to automated patching. #LinuxSecurity #ServerHardening #Cybersecurity #LinuxAdmin estoreab.com/linux-security-ha

    estoreab.com/linux-security-ha

  7. Looking to fortify your Linux server as we approach 2026? Our new guide covers essential security hardening techniques including SSH key authentication, firewall configuration, kernel hardening, and automated patching. A must-read for system administrators and security-conscious users! #LinuxSecurity #ServerHardening #CyberSecurity #LinuxAdmin #InfoSec estoreab.com/linux-security-ha

    estoreab.com/linux-security-ha

  8. Nope.......bloody hell....I am still not giving up ...ran it with different options....as long as it is not interfering with my other operations on the machine......I am okay with it...

    * net-libs/webkit-gtk-2.50.5-r600

    current merge time: 16 hours, 14 minutes and 26 seconds.

    ETA: any time now.

    Context: The damn things was failed to merge after ran for whopping 26 hrs!!!! Hence, again...

  9. Nope.......bloody hell....I am still not giving up ...ran it with different options....as long as it is not interfering with my other operations on the machine......I am okay with it...

    * net-libs/webkit-gtk-2.50.5-r600

    current merge time: 16 hours, 14 minutes and 26 seconds.

    ETA: any time now.

    #linuxadmin #opensource #operatingsystem

    Context: The damn things was failed to merge after ran for whopping 26 hrs!!!! Hence, again...

  10. Nope.......bloody hell....I am still not giving up ...ran it with different options....as long as it is not interfering with my other operations on the machine......I am okay with it...

    * net-libs/webkit-gtk-2.50.5-r600

    current merge time: 16 hours, 14 minutes and 26 seconds.

    ETA: any time now.

    #linuxadmin #opensource #operatingsystem

    Context: The damn things was failed to merge after ran for whopping 26 hrs!!!! Hence, again...

  11. Nope.......bloody hell....I am still not giving up ...ran it with different options....as long as it is not interfering with my other operations on the machine......I am okay with it...

    * net-libs/webkit-gtk-2.50.5-r600

    current merge time: 16 hours, 14 minutes and 26 seconds.

    ETA: any time now.

    #linuxadmin #opensource #operatingsystem

    Context: The damn things was failed to merge after ran for whopping 26 hrs!!!! Hence, again...

  12. Nope.......bloody hell....I am still not giving up ...ran it with different options....as long as it is not interfering with my other operations on the machine......I am okay with it...

    * net-libs/webkit-gtk-2.50.5-r600

    current merge time: 16 hours, 14 minutes and 26 seconds.

    ETA: any time now.

    #linuxadmin #opensource #operatingsystem

    Context: The damn things was failed to merge after ran for whopping 26 hrs!!!! Hence, again...

  13. And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

  14. And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

  15. And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

  16. And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

  17. And here's another one:
    github.com/0xdeadbeefnetwork/C

    This one is not fixed by f4c50a40, so all current kernels are vulnerable. Looks like mitigation is possible by blocking kernel modules `esp4` + `esp6` here as well (and breaking #IPSec in doing so). Can someone confirm?

    Why is it called "Electric Boogaloo"… is this a #DonaldByrd fan? Were they inspired by this week's @thekalimerashow shows??

    #privilegeescalation #linux #vulnerability #linuxadmin #sysadmin #exploit #copyfail2 #electricboogaloo

  18. Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

  19. Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

  20. Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

  21. Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

  22. Here we go again :-/ Another deterministic #privilegeescalation bug in the #Linux kernel. Make sure you're using at least the following version of your branch to mitigate against #dirtyfrag:

    - 7.0.5
    - 6.18.28
    - 6.12.87
    - 6.6.138
    - 6.1.171
    - 5.15.205
    - 5.10.255

    6.19 is eol, so it probably won't get patched. Remove and blocklist the following modules if you have to use an unpatched kernel: esp4 esp6 rxrpc

    See github.com/V4bel/dirtyfrag/blo for more info.

    #vulnerability #linuxadmin #sysadmin #exploit

  23. I couldn't find a list of #Linux #kernel versions that include a patch for #copyfail, so I dug into the commit log and made one. Make sure you're using at least the following version of your branch to mitigate against copyfail:

    - 7.0-rc7 (any stable 7.x is safe)
    - 6.19.12
    - 6.18.22
    - 6.12.85
    - 6.6.137
    - 6.1.170
    - 5.15.204
    - 5.10.254

    See copy.fail for more info about the #exploit.

    #privilegeescalation #vulnerability #cryptography #linuxadmin #sysadmin

  24. Before troubleshooting any Linux system, I run these commands. An 8-step Linux triage checklist with exact flags and what to do when you find a problem.

    Read full guide here: ostechnix.com/linux-troublesho

    #Linuxtroubleshooting #Linuxadmin #Linuxhowto #Linuxcommands

  25. 🧑‍💻 Built your own MFA system yet?

    We just dropped a full walkthrough on how to integrate Google Authenticator into RELIANOID’s MFA portal — with secrets stored in AD or LDAP.

    🔐 Based on TOTP
    🛡️ Validates tokens post-login
    📱 Generates QR codes for new users

    It’s secure, scalable, and open-source-friendly.

    📖 Dive in:

    relianoid.com/resources/knowle

  26. Umfassender Leitfaden zur selbstgehosteten, GoBD-konformen E-Mail-Archivierung mit Docker. Installation, Anbindung von IMAP, Microsoft 365 und Google Workspace sowie revisionssicherer Betrieb und #eDiscovery

    https://admindocs.de/de/devops/open-archiver-ein-umfassender-leitfaden-fuer-installation

    #openarchiver #docker #devops #linuxadmin #linuxtutorial #systemadmin #ubuntu

  27. Umfassender Leitfaden zur selbstgehosteten, GoBD-konformen E-Mail-Archivierung mit Docker. Installation, Anbindung von IMAP, Microsoft 365 und Google Workspace sowie revisionssicherer Betrieb und #eDiscovery

    https://admindocs.de/de/devops/open-archiver-ein-umfassender-leitfaden-fuer-installation

    #openarchiver #docker #devops #linuxadmin #linuxtutorial #systemadmin #ubuntu

  28. Umfassender Leitfaden zur selbstgehosteten, GoBD-konformen E-Mail-Archivierung mit Docker. Installation, Anbindung von IMAP, Microsoft 365 und Google Workspace sowie revisionssicherer Betrieb und #eDiscovery

    https://admindocs.de/de/devops/open-archiver-ein-umfassender-leitfaden-fuer-installation

    #openarchiver #docker #devops #linuxadmin #linuxtutorial #systemadmin #ubuntu

  29. Ah, it is easy to whine without contributing. "The FEATURE" of open source software.

    ........and I am guilty of it too :(

    youtu.be/wPdrowkKhEc

  30. Setting up DNS over HTTPS (DoH) is so much more complicated than DNS over TLS (DoT) :blobcatthinking:

    Funny enough Mozilla Firefox :firefox: supports DoH and sets it up on application level, while Android :android: uses DoT on operating system level :blobcatnerd:

    #itsalwaysdns #dns #dot #doh #sysadmin #linuxadmin

  31. Ein Lifetime-Goal als #LinuxAdmin kann ich demnächst wohl von der Liste streichen: Einmal an einer Schulung im @linuxhotel teilnehmen. 🥳

    #Linux #LinuxHotel #Admin