For anyone that ever had to setup a secure sFTP server, you’ve undoubtedly had some pains setting up vsftpd service.

This article shows a very nice alternative that may make your life much easier.

vsftpd

Vsftpd is a well known “very secure FTP daemon” application and does its job well when properly configured.

The problem I’ve always had with this application is the sheer amount of config options, the messy integration with SSH daemon, and a myriad of parameters that often contradict each other, making a secure configuration tough to fully understand, especially for a beginner.

One of my biggest problems…


written: Feb 1, 2021

This is a primer on how to setup Apache Airflow running on Centos 7 server for 2 separate environments (Prod and Simulation)

My company needed 2 separate envs, one for Production DAGs and one for Simulation/UAT DAGs.

Airflow can be a pain in the ass to setup, and the complexity grows exponentially if you are using Docker to do this. …


this tutorial shows how to

  • setup Elasticsearch stack (ELK stack) on a server,
  • install Metricbeat, Filebeat and Auditbeat agents on an endpoint
  • install Elastalert plugin that will alert you on events

As a sysadmin I have a medium-sized infra environment (less than 200 servers, both physical and AWS instances), and I need a way to keep an eye on them in case there’s any form of intrusion, system changes, permission changes, or any kind of out-of-band changes

The following shows how to set this up using Saltstack, but the concept can be applied to any config management system (ie, Puppet…


At my work, I constantly have to do firewall testing between our hosts (our production network is managed by a vendor who also manages our physical production servers inside Equinix datacenters)

There are cases where we cannot connect within our network to certain ports, or certain port ranges

I’ve been looking for a network testing tool that can open up a range of ports on one host, and then test that range from another host.

The usual network testing tools all lack some part of this basic requirement

  • netcat — great tool that can do basic telnet test and open…

Portela samba school, RJ Brasil

During network connectivity troubleshooting, one thing that always pops up is the need to test connectivity for certain ports, for example, to check if a firewall is blocking a certain port,

I usually spin up a port on a server using either Netcat or Python, ie

while true ; do nc -l -p 8300 -c 'echo -e "HTTP/1.1 200 OK\n\ $(date)"' ; done

using Python2

python -m SimpleHTTPServer 8330

But what if you need to open this port on a particluar network interface? You can do something like this:

python  -c 'import BaseHTTPServer as bhs, SimpleHTTPServer as shs;  bhs.HTTPServer(("192.168.20.10", …

recently I had the misfortune of re-setting up a decomissioned Dell Powervault SAN unit in order to get restore some data on the disks that we urgently needed for production.

Dell Powervault is a nightmare to setup and manage compared to products from Synology, everything is overly complicated, documentation is horrendous and it took me over 3 days to figure out how to wire up and configure this thing in order to access data that was stored on the disk array

If you are in process of purchasing a NAS or SAN storage, please stay away from Powervault, its a disaster.

Hopefully this guide gives a few pointers to those unlucky enough to have to do this.

Full guide here:

https://sites.google.com/site/mrxpalmeiras/linux/powervault-md3200i-setup-on-centos-7


I’m always developing internal websites in our company, for example recently I deployed a Flask-based market data connection tracker on one of our Amazon EC2 hosts

The problem is whenever I access the site via browser, its HTTPS connection is always untrusted since the browser doesnt trust my company’s Certificate Authority as a valid CA (unlike Varisign, Google, Comodo, etc)

This tutorial shows how to

  1. create an internal corporate CA
  2. deploy CA certificate to employee’s desktops and browsers
  3. generate new certificate and keys for internal websites
  4. configure a website (Apache) to use these internal certs and keys

In this example…


We use Sshuttle every day to route connectivity across our networks, its a great tool thats easy to spin up and configure, and acts as a lightweight SSH-encrypted VPN (without all the hassles and headaches of IPSEC)

If you’re unfamiliar with sshuttle, this is a good article describing its features

We use it so much that I started using it a service to make it easier to start, stop and restart my tunnels, and I am managing my tunnels via Saltstack configuration

This articles shows how to set it up as a service on Centos 7

All the following steps…


I have 2 CyberPower UPS units in my network cabinet (model #OR2200LCDRTXL2U)

CyberPower UPS device

I was looking for a way to monitor both UPS devices and send out an email in case either one loses external power.

CyberPower does provide a Remote Management card, but at $160 a piece, they’re pricey, and I would need 2 of these.


Salt is a great python-based framework on which to build out your infrastructure.

This article shows how to use Salt’s Beacons and Reactors modules to enable an automatic, self-healing infrastructure.

This example is very simple.

We have a file, for example /etc/hosts

if anyone makes an out-of-band change to this file, we want Salt to jump in and revert it back to your configured state instantly, without waiting for the next highstate run.

The process works like this,

Beacon and Reactor

A minion has a Beacon defined to send an Event to the salt master, whenever the file /etc/hosts is modified or deleted.

Mike R

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store