Microsoft Defender for Endpoint (mdatp) on Debian Sid

Posted on Wed 07 July 2021 in Tech • Tagged with Tech, Linux

Linux doesn't have many great antivirus options available.

Don't get me wrong, there are actually a few options nowadays. We've got the ever-present ClamAV; BitDefender has a good reputation, but I haven't played with it yet; Sophos AV for Linux seems to be in limbo. ESET for Linux exists, as does Symantec Endpoint Protection for Linux. That's a pretty decent range - but they each have some real drawback. Assuming the price is right, you still see compatibility, usability, licensing dramas, or resource drain challenges.

Most recently, the Linux version of …


Continue reading

Configuring a custom SSL certificate in Zentyal

Posted on Sun 25 April 2021 in Tech • Tagged with Tech, Security, Linux

Zuper-quick post for when this bites me again in the future!

Tonight I upgraded from Zentyal 6.2 to Zentyal 7.0. Smooth as butter, everything went great.

Until I logged in, and my shiny Actual Paid Money SSL certificate had vanished, replaced by a self-signed commoner's certificate. Piffle.

Instructions for installing a custom SSL certificate in Zentyal are actually kinda shaky, so here you go:

cd /var/lib/zentyal/conf/ssl/
mkdir old
mv * old
nano ssl.key
nano ssl.cert
cat ssl.cert ssl.key > ssl.pem
chmod …

Continue reading

Blocking bad extensions and extortion with iRedMail

Posted on Mon 12 April 2021 in Tech • Tagged with Tech, Security, Linux, Mail

Turns out this is my third Amavis article. I guess it's just one of those systems.

Heads up, if you're trying to do this, make sure you also read my other article about the "banned_files_lover" thing.

Today I'm on a mission to: 1. Drop all incoming Office '97 files (they're predominantly malicious these days) 1. Drop all incoming Macro-enabled Office 2007+ files (there aren't legitimate reasons to receive these in my scenario) 1. Drop any emails containing a .onion address 1. Drop any emails containing a bitcoin wallet

Dropping Attachments …


Continue reading

Using Caddy to enable MTA-STS

Posted on Tue 19 January 2021 in Tech • Tagged with Tech, Security, Linux

About 7 months ago, I left Nginx and moved to Caddy. I've found it super easy, and have now experienced using it as a reverse proxy, a static site server (this one!), as well as a hosting a handy place for me to copy my favourite Kaomoji.

Update 2021-01-20: I had a bug! By default, Caddy serves this without a Content-Type header. However, the RFC specifies that the response should be explicitly Content-Type "text/plain". Thanks to klausenbusk for letting me know!

Note: the Caddyfile fragment to generate https://shrug …


Continue reading

Getting TrueNAS (FreeNAS 12) to work with an APC NMC2 UPS (AP9631)

Posted on Thu 14 January 2021 in Tech • Tagged with Tech, Linux

TrueNAS, and FreeNAS before it, has supported UPS via the NUT software package since forever. But most people using it seem to be using USB-connected UPS devices. I don't have one of these. I'm dealing with an IPv4-based APC ups, specifically the Smart-UPS X 1500 (SMX1500RMI2UNC), with an AP9631 NMC2 card.

You're probably here because you're in the same boat: trying to set up a non-USB or Ethernet-based UPS under FreeNAS/TrueNAS, and you can't. You've noticed the TrueNAS console will not shut up about errors which read something like …


Continue reading

Logging DNS queries, for both pfSense and Zentyal server

Posted on Sun 06 December 2020 in Tech • Tagged with Tech, Security, Linux

Logs of your client DNS queries can be a really good tool for incident response. I've finally got this implemented but it was much more of a struggle than I expected it to be, so here's my story!

We've got a pfSense firewall running as a DNS fowarder, and a Zentyal server running BIND9 as the authoritative local server. The firewall rules block all UDP/53, so all DNS queries go either directly to the firewall, or (more commonly) to the Zentyal server for resolution. This means we have two …


Continue reading

iRedMail, SpamAssassin, and Lynis

Posted on Mon 02 November 2020 in Tech • Tagged with Tech, Linux, Mail, Security

I really like iRedMail, and I also really like Lynis.

However, they don't exactly like each other... or, more accurately, some of Lynis' recommendations can cause a couple iRedMail components to fail. Today we're talking about SpamAsassin.

One of the suggestions from Lynis is to turn off the 'execute' bit on compilers for users who aren't either the owner or in the owner group (the 'other' execute bit). For example:

root@server:/# chmod o-x /usr/bin/as
root@server:/# chmod o-x /usr/bin/gcc

Easy peasy! But once you do …


Continue reading

iRedMail: Daily user unknown entries from backup_sogo.sh

Posted on Sun 01 November 2020 in Tech • Tagged with Tech, Linux, Mail

If you've been running iRedMail for a while, eventually you'll probably start seeing 'user unknown' events in your daily logs:

* Backup all users' data under /var/vmail/backup/sogo/2020/11/01
<0x0x5574a64c36b0[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
<0x0x5574a64c36b0[SOGoCache]> Using host(s) '127.0.0.1' as server(s)
2020-11-01 09:29:12.784 sogo-tool[29749:29749] user 'abdulm' unknown
2020-11-01 09:29:12.786 sogo-tool[29749:29749] user 'bent' unknown
2020-11-01 09:29:12.786 sogo-tool[29749:29749] user 'brettr' unknown
2020-11-01 09:29 …

Continue reading

ZFS zpool vanishing after upgrading ProxmoxVE 5.4 to 6.2

Posted on Sat 23 May 2020 in Tech • Tagged with Tech, Linux

Performing a major version upgrade is never pleasant. I've been using ProxmoxVE for about ten years now though, and it's consistently done a fantastic job. Since it's based on Debian, all the upgrades are done with a simple apt update && apt upgrade, with a variety of steps in the middle to point to new repositories, etc. Nothing out of the ordinary, nothing scary.

So I've got two servers - one is an old one, with only a couple testing VM's residing on it. I go ahead and work through the 5 …


Continue reading

Using Fail2Ban to insta-block malicious hits

Posted on Tue 07 April 2020 in Tech • Tagged with Tech, Security, Linux

Okay so a few days ago I posted about adopting Caddy.

Of course, anyone who hosts anything knows that accessible services on the internet will start getting hit by scanners within literal moments of being accessible. On the very first night of having my site live on the new VPS, Logwatch informed me of a bunch of attempts to access wp-admin.php. Sigh.

Well, this entire site is built with my favourite static site generator Pelican. That means I don't have any PHP on my site whatsoever. Why not just …


Continue reading