It’s fine. RAID is not a backup. I’ve been running simple mirrors for many years and never lost data because I have multiple backups. Focus on offsite and resilient backups, not how many drives can fail in your primary storage device.
It’s fine. RAID is not a backup. I’ve been running simple mirrors for many years and never lost data because I have multiple backups. Focus on offsite and resilient backups, not how many drives can fail in your primary storage device.
Not sure how to do that in docker, I’ve run mine as a plain old PHP-FPM site for years and years. It might be something that can be tweaked using config files or environment variables, or might require building a custom image.
ClamAV is slow and doesn’t catch the nastiest of malware. Its entire approach is stuck in 2008. It’s better than nothing for screening emails, but for a private file store it won’t help much considering that you’ll already have the files on your system somewhere. And most importantly, it slows down file uploads 10x and increases CPU load substantially. The only good reason to use ClamAV for nextcloud is if you will be sued if you don’t!
It needs some tweaks to be snappy. The defaults are really bad.
This was my setup from about four years ago. Other than moving suricata elsewhere, it’s largely the same. Worth a shot if it’s something you’re into!
https://nbailey.ca/post/linux-firewall-ids/
OpenBSD is also great, I’m just more familiar with the Linux tools. All the required tools are in the base image, and they have a great official guide:
Yep. Firewall, routing, dhcp, dns, everything you’d expect from a gateway device. Plain Debian (or really any distro) can do it all. With a 1gbps bi-directional connection fully saturated it will run at about 10% cpu on my very crappy low power Celeron CPU.
Plus, there’s no web UI full of janky and insecure CGI scripts to exploit, and software updates are forever (well, until x64 is deprecated, so basically forever).
IPtables on Debian because I like my life to be boring and unchanging.
For about a year I was running a full out of band IPS on my network. My core switch was set up with port mirroring to spit out a copy of all traffic on one port so that my Suricata server could analyze it. Then, this was fed into ElasticSearch and a bunch of big data crap looked for anomalies.
It was cool. Basically useless because all it did was complain about the same IP crawler bots as my nginx logs. But fun to setup and ultimately good for my career lol.
I mean it is possible to run your own authoritative nameservers on a server you own with a static IP. It’s a pretty irresponsible thing to self host, but it is possible :)
You can use pretty much any camera with ZoneMinder as long as it supports ONVIF or RTSP and has the right connectivity and power inputs for you. I did something similar with some cheap TP-link cameras with pretty good results. With motion activated recording, I have just shy of 12 month of recordings stored on a 500G SSD.
The modern stuff uses signed bootloaders, ie secureboot. Afaik there’s no custom OS’s for C9k or Nexus gear.
deleted by creator
SPAN port on the switch, send it all into a server running Suricata which can analyze, classify, and log all the traffic. Don’t run it in IPS mode online unless you’re willing to suffer a little…
Device sync to nextcloud -> rsync data & db onto NAS -> nightly backup to rsync.net and quarterly offsite/offline HDD swaps.
I also copy Zoneminder recordings, configs, some server logs, and my main machine’s ~/ onto the NAS.
The offsite HDD is just a bog standard USB 4TB drive with one big LUKS2 volume on it.
It’s all relatively simple. It’s easy to complicate your backups to the point where you rely on Veeam checkpointing your ESXI disks and replicating incrementals to another device that puts them all back together… but it’s much better to have a system that’s simple and just works.
Best bet would be to setup postfix or opensmtpd as an open relay. Just make sure it is only accessible in trusted networks though!!
https://docbot.onetwoseven.one/services/postfix/
You’d want to set the listen address to 0.0.0.0 and use a non-loop back interface.
Heh, people from 50 years ago hearing that my job is terraforming using Hashicorp equipment would be very disappointed.
Could always whitebox it with Debian, nftables, dnsmasq, hostapd, etc. on an old mini PC if it has two NICs…
5 yrs for free is LTS, 10 for “Pro” enterprise subscription ($$$).
It’s pretty good. I understand and somewhat agree with the concerns about concentrating the web around one company, but tunnels is simply a great product. So convenient for running services behind CGNAT or dynamic IP without good port forwarding options, and it’s just set and forget. If there was an alternative that good I’d use it.
Not strictly RSTP, but the “zmninja” app works with a Zoneminder server, which can record and manage RSTP/ONVIF cameras. I would really recommend some sort of NVR (like Zoneminder) if you have cameras since there’s a low probability you’ll be able to watch them live all the time.
I wish I was the right kind of creative, greedy, and dull to come up with this kind of crap. I could scam so many bald billionaires.