Once you start to use fail2ban on more than one machine you’ll get to the point where you’d like to apply the IP blocking to machines other than the local one. While there are other (partially commercial) solutions to do that, I still decided to go with fail2ban. Please consider the following description as a […]
Category: Linux
As usual the first step is to find the right tools to start the debugging. For systemd systems (like my Ubuntu LTS 24.04) on helper is resolvectl: Hint: older systems may use systemd-resolve –status instead. Some words about my environment: Some of the settings listed above can be modified here: Quite naively I was expecting […]
Categories
fail2ban in depth
Skipping through my log files I found some concerning entries that were not covered by the existing fail2ban config. While trying to figure the correct regular expressions (regexp) to match these entries I had to take a close look at the things fail2ban provides to make things easier. Basic configuration As usual my test are […]
While trying to get my Nextcloud instance to talk to an OpenCloud Test instance I had to dig a little deeper into the unterlying protocol: Open Cloud Mesh (or short OCM, details s. RFC-draft). TL;DR: For everyone keen to get things up and running: I didn’t succeed (yet). And though I really like the idea […]
Categories
Preparing AMD APUs for LLM usage
While investigating whether my AMD is somewhat usable for running LLMs I this is what I found. Preparations Installation of amdgpu driver and ROCm is explained here. Hardware/device information During reboot the amdgpu driver logs some information about the available amount of graphics memory: the reserved VRAM memory and the GTT (graphics translation table) memory […]
I recently tried to clone an existing SSO-protected application to use a new IdP. The older instance was protected using SAML (keycloak based) and worked fine. Now the IdP changed to (a much larger) SimpleSAMLphp and while the login itself worked the application refused to work. Suspected culprit: attributes (missing, unmapped or mapped the wrong […]
I’ve been running my nextcloud instance for quite some years now, and I finally decided to change its authentication from LDAP to SAML for a better single sign on experience. By using keycloak as IdP there’ll also be an option to enable multi factor authentication (MFA) for all connected applications at once. Where I come […]
I recently encountered a system crash that required power cycling one of my machines. At that point I decided to have a look at hardware watchdogs (which should trigger an automatic reboot in case the watchdog does no longer respond). Fortunately the system involved had such a hardware watchdog in place: However there was no […]
Usually I’m using a web based mail tool, however for some tasks a full-featured mail client comes in handy. So after quite some idle time I started up my thunderbird today just to find that the GSSAPI/Kerberos authentication fails. Since the last time I used it I re-installed the mail server, so it is not […]
The main challenge to do so, is to make this change permanent (as the OPNsense web frontend does not support that kind of config modification). So here’s a short wrap up of the things required: Now edit custom.users: Rebuild the template files and restart freeradius: And the tests results look like this: In my case […]