Blog

BGP Hijacking - What is it and how to prevent it?

Wed, 09/30/2020 - 17:04

BGP stands for Border Gateway Protocol, more commonly known as the system that keeps the internet (and by definition, routing) working correctly. Sometimes misconfigurations (Like accidentally announcing a wrong prefix) can break the internet. In this blog post, I will explain BGP Hijacking and how to prevent it. Primarily for people without network experience.

Generating IPv6 PTR records from a Bind9 Zonefile using Bash

Sun, 08/02/2020 - 15:05

The following script takes a Bind9 zonefile, gets all AAAA records from it and generated PTR records based on them.

What you need to do:

  1. Edit the Zone header in the script.
  2. Run the script with ./generate_v6_ptr.sh /path/to/zonefile.zone

This will output the zones on STDOUT. If you want to save this to a zonefile, you can use this example: ./generate_v6_ptr.sh /path/to/zonefile.zone > /etc/bind/ip6.arpa.zone

HTTP Basic Authentication with LDAP and Apache2

Sun, 06/21/2020 - 01:29

When you run an LDAP server you want to use it to authenticate as much as possible using this system, either to comply with security policies or make it easier for users to login using one authentication method. If you use the Apache2 webserver you can setup HTTP Basic authentication with LDAP. In this tutorial I will show how I accomplished this.

DigitalOcean Kubernetes with Static IPv4

Sun, 05/03/2020 - 16:57

Thanks to the new VPC functionality in DigitalOcean can be used to provide Kubernetes with a static external IPv4. This can be handy in cases where you need to deal with IP whitelists, for example, if you use your Kubernetes cluster as a CI building tool. However, this requires some config setup and a privileged pod running on each node to automatically update the routes. This article will help guide you through the setup.

SSH Authentication via LDAP

Fri, 05/01/2020 - 23:12

So you got an OpenLDAP server running? Great! Now you want to connect it to as many systems as possible to ease the burden of managing users and authorization. However, you also want to allow SSH key authorisation managed via a central place. Can LDAP be used for this? This article will help you get started to set this up in your organisation.