Author: Ryan Parker
I'm a former captain of the Cyber Defense team, Current Infrastructure Security Specialist. I also have a side job helping small to medium business with anything technology doing everything imaginable. One of my hobbies is building out infrastructures for myself, friends, and clients. I current maintain a homelab with about 400GB of RAM, 100+ TB of storage, and tons of CPU cores.
Create /etc/systemd/system/step-ca.service Fill it with this, make sure your directories are correct in the ExecStart line: [Unit] Description=step-ca After=syslog.target network.target [Service] User=step Group=step ExecStart=/bin/sh -c '/bin/step-ca /home/step/.step/config/ca.json --password-file=/home/step/.step/pwd >> /var/log/step-ca/output.log 2>&1' Type=simple Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target Next, populate the pwd file with the plaintext intermediate CA password. I put mine in /home/step/.step/pwd Next, configure the
Read More »
Step-CA is a decent CA management program but it has one issue, its annoying to set the algorithm on the CA and intermediate CA. So I spent the day figuring it out. Here are the results. Choosing the Right Key Type There are 3 supported key types : EC (elliptic curve), OKP (octet for “Ed25519”
Read More »
#edit /etc/ssl/openssl.cnf Find [ ca ] and make sure this matches: #################################################################### [ ca ] default_ca = CA_default #default ca section #################################################################### [ CA_default ] dir = /etc/ssl # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database =
Read More »
This will be a guide on advanced tuning for a VFIO gaming VM. If you’re starting from scratch, read through the Arch Wiki guide on PCI passtrhough via OVMF. It is a great starting point and covers all of the basics. I’d recommend using libvirt instead of straight QEMU. Host hardware configuration Before we begin,
Read More »
As of Writing this (2/17/22), there is a bug in the latest version of pfSense with the Intel if_em.ko driver. This is causing the pf-att script to not work. Thanks to the work of neydah700 on github, the fix was found by replacing the kernel driver with a newly compiled binary that has the issue
Read More »
I have a Dell R720xd and its default fan curve is… aggressive. Here is how i found to lower the fan speeds so its not a constant vacuum cleaner in my living room. Enable SSH on iDrac. Connect then connect to it and run: racadm set system.thermalsettings.FanSpeedOffset 255 racadm set system.thermalsettings.ThirdPartyPCIFanResponse 0 racadm set system.thermalsettings.ThermalProfile
Read More »
Before we begin, know that This subnet is NOT SECURE and should only be used for certain things that absolutely require Open NAT and UPNP like game consoles, old PC games, or other insecure things. I would strongly advise setting up an Intrusion Detection system or Intrusion Prevention System like suricata. It will allow any
Read More »
Before we begin, lets see what a ELK stack is made of. ELK stacks are comprised of ElasticSearch, Logstash, and Kabina with each of these services preforming different jobs. This diagram from Logz.io explains its the best Beats are installed to each host to collect the various metrics used by these services. Logstash is responsible
Read More »
Since dell so rudely removed the updates from SUM, Here is the last iso you could build from it. Just boot into it and it should install all of the firmware updates, like idrac, lifecycle controller, raid card, etc. Just be warned… it will take awhile. Enjoy https://drive.google.com/file/d/1zMoOsYS9X63TaIlHVD0uE13M4QhPcmQZ/view?usp=sharing or (If link is broken) https://angrysysadmins.tech/wp-content/uploads/2021/04/DellR710_LatestSUU.iso
I have a client setup with multiple Edgerouter’s in an IPSec Site to Site configuration. I’ve setup a Policy based IPsec site to site configuration using this guide here. However, sometimes they just refuse to connect, with no real reason as to why. Edgerouters use StrongSwan for its VPN, so some of its troubleshooting information
Read More »