Using the Apple Watch or Touch ID as a second factor to run sudo commands on Macbook Pros is not only convenient but also adds a second layer of physical security to your machine. In theory, it could help mitigate security risk if an attacker has an unprivileged shell on your Mac and somehow steals your password.

Recently I wrote about building ARM Docker images on an x86 machine. However, my chosen method was a bit hackey where you didn’t end up with a single Docker image tag that could be used on any architecture. So I did some more research and found the Docker Buildx plugin which helped me get much more desirable results.

Use this systemd service to have /etc/iptables.rules reloaded on each reboot:

I’m documenting this because it is a bit obscure. My original source for these commands can be found here.

EDIT: I have a much better cross-architecture build pipeline now

This article will walk through a minimal and manual installation of Ubuntu, comparable to the Arch Linux installation process.

This article will walk through using Volatility on Arch Linux. Volatility’s documentation didn’t make too much sense to me with generating profiles so I am taking it upon myself to write up how I set it up. Also, Volatility is written in Python 2 and I don’t like having that installed on my system, so I created a Docker image to fill that need.

This is a simple breakdown of setting up streams in Graylog based on HTTP status codes. This is useful for looking at web server logs to identify potential unwanted or malicious activity from a remote machine to a web server.

TL;DR: set the kernel boot parameter i915.modeset=0 in Grub and then downgrade to a Linux kernel earlier than 4.16 (preferably an LTS).

Rancher is an awesome service/operating system for managing Docker containers. In this post I will be using DigitalOcean as my infrastructure for running Rancher. This will be written shorthand mainly so I remember how to do this in the future.

The original article has been archived.

Recently, I bought a GSM module for my Raspberry Pi to tinker around with GSM and learn more about how phones work on a lower level: https://www.amazon.com/Raspberry-Bluetooth-Expansion-Compatible-DataTransfer/dp/B076CPX4NN

1. Install Certbot: https://certbot.eff.org/
2. Download LetsEncrypt Certificate for your domains: sudo certbot certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d **domain.com** -d **www.domain.com** --post-hook="/opt/bitnami/ctlscript.sh restart apache"
3. Edit /opt/bitnami/apache2/conf/bitnami/bitnami.conf: sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
   • Edit SSLCertificateFile to point to /etc/letsencrypt/live/**domain.com**/fullchain.pem
   • Edit SSLCertificateKeyFile to point to /etc/letsencrypt/live/**domain.com**/privkey.pem
4. Restart apache: /opt/bitnami/ctlscript.sh restart apache

What is OpenVAS? Why is Vulnerability Scanning Important?

OpenVAS is an open source vulnerability scanner. Vulnerability scanning is important for any internet-connected company or entity so they can identify what devices on their network may be externally vulnerable. This article will provide a tutorial on how to install OpenVAS on Ubuntu 16.04 through the repository or through Docker. It will also provide a brief primer on basic usage of OpenVAS and also a brief explanation on how to manage it from Metasploit.

Securing Kibana:

Upon installing Kibana, initially there is no password protection on the page and it’s being served via HTTP rather than HTTPS. Elastic has security plugins and features that can be used to remedy this but I found that using Nginx as a proxy to secure the page was the easiest solution for my needs.

1. Generate a self-signed OpenSSL certificate: sudo openssl req -x509 -nodes -days 365 - newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

2. Install nginx: sudo apt-get install nginx

This is a hardening guide for Ubuntu Server and Desktop. The same concepts can be applied to other distributions of Linux, although the steps would be a little different. This article will go over various tasks and examples for desktop and server users of Ubuntu to make their systems a lot more secure.

This is a simple list of ports that are commonly used and frequently attacked.

This is a quick snippet on how to install and configure Filebeat on OS X using Homebrew.

Raspberry Pi’s make super useful TV kiosks. Where I work, we prefer not to connect Smart-TVs to the network, instead we prefer managed Raspberry Pis. Typically, the staff just need the TV to display a single website. This article will walk through setting up a current version of Raspbian to run Chromium in Kiosk mode (current at the time of this writing).