Debian Day 2024 Party Events by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 4 points 14 hours ago

Such a beautiful distribution. Very happy that it keeps going!

Read: An Analysis of "Resistance Money, The Philosophical Case for Bitcoin" - Libereco's latest blogo by Findmysec in c/monero@monero.town
[-] Findmysec@infosec.pub 4 points 1 day ago

Anybody who thinks Bitcoin has any semblance of privacy is a fool

SSH Remote Access NO Port-Forwarding NO Cloudflare | 4rkal by Findmysec in c/selfhosted@lemmy.world
[-] Findmysec@infosec.pub 1 points 1 day ago

Why not port knocking over TOR?

To Linux admins: What certifications/degrees do you guys have? by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 1 points 1 day ago

Hmm, not bad. I care more about WLB than money so this is fine.

Niche Distro Users: Why? by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 2 points 1 day ago

Thanks for the tips

Soon to be 4 months exclusively on Linux by Findmysec in c/linux@lemmy.ml
Popular Shadow Library 'LibGen' Breaks Down Amidst Legal Troubles. by Findmysec in c/piracy@lemmy.dbzer0.com
[-] Findmysec@infosec.pub 23 points 1 day ago

We really need to push IPFS and TOR/I2P to keep these websites alive. Fuck the low barrier to entry if it means the website can just be subpoenaed

To Linux admins: What certifications/degrees do you guys have? by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 2 points 1 day ago

What's the pay like for system admins in Europe on an average? Asking for mid-level (5-7 years of experience)

Niche Distro Users: Why? by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 2 points 1 day ago

I have definitely read this answer before. I think we've probably already spoken on the matter. Indeed, Lemmy has a serious dearth of users interested and using secure distros over the averages. Thanks for your efforts; I do not know how to follow users on Lemmy but if I did I'd follow you. Do you have a blog/any other forum you're more active on?

Personally, I find it difficult to justify the time to learn Secureblue (especially the immutable part) or NixOS on Qubes because custom DispVMs with curated salt states work so well already. I'm interested in use-cases that will improve my security but I haven't found any dialogue on this yet. If you do have opinions on this and know where I can look, I would greatly appreciate it!

Niche Distro Users: Why? by Findmysec in c/linux@lemmy.ml
[-] Findmysec@infosec.pub 4 points 2 days ago

I would be really interested in a comparison of Kicksecure and secureblue. I'm interested in running one of them myself

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' by Findmysec in c/selfhosted@lemmy.world
[-] Findmysec@infosec.pub 4 points 4 days ago

Well the Star64 from Pine is pretty good, just doesn't have enough processing power and IO for my liking.

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' by Findmysec in c/selfhosted@lemmy.world
[-] Findmysec@infosec.pub 11 points 4 days ago

Framework has a laptop in progress if you're interested

89
I find no motivation in working for myself (infosec.pub)
submitted 1 week ago by Findmysec@infosec.pub to c/asklemmy@lemmy.ml
67 comments fedilink

The title is really vague, so I'll try to clarify my intentions here:

I am an ardent supporter of FOSS. It will be greatly beneficial for my life and especially my privacy to self-host such software. Yet, I cannot find much motivation to do so.

However, when it comes to hosting software for public use, I can usually give my utmost concentration and dedication.

This is not how I want my life to be. I want to be motivated for myself as well as for the community. And if that's not possible, I need to trick my brain into bringing me into that kind of zone for myself.

What do I do? What would you do in this situation?

160
Why do so many people use NGINX? (infosec.pub)
submitted 3 weeks ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world
101 comments fedilink

I see so many posts and people who run NGINX as their reverse proxy. Why though? There's HAProxy and Apache, with Caddy being a simpler option.

If you're starting from scratch, why did you pick/are you picking NGINX over the others?

0
[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)
submitted 3 weeks ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world
4 comments fedilink

cross-posted from: https://infosec.pub/post/15386345

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

2
[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)
submitted 3 weeks ago by Findmysec@infosec.pub to c/linux@lemmy.world
2 comments fedilink

cross-posted from: https://infosec.pub/post/15386345

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

14
[HELP NEEDED] Unable to figure out directory permissions (infosec.pub)
submitted 3 weeks ago by Findmysec@infosec.pub to c/linux@lemmy.ml
8 comments fedilink

Hi everyone,

This is my CONTAINERFILE for Bind9:

FROM debian

ENV LC_ALL C.UTF-8

# Update and upgrade system
RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y

# Install BIND 9 and sudo (for debugging if needed)
RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo

# Configure permissions for BIND directories
RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind
RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind
RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind

# Create and configure log files
RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log
RUN chown -R bind:bind /var/log/bind
RUN chmod 644 /var/log/bind/*.log

# Define volumes
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"]

# Set the entrypoint to the named executable
ENTRYPOINT ["/usr/sbin/named"]

# Set the default command arguments for the named executable
CMD ["-g"]

I keep getting this error when I run it with podman:

26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf'
26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable
26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied

As you can see from the CONTAINERFILE, the bind user should be able to read and write to /var/cache/bind but for some reason it doesn't.

I have been at this for a while and I'm at my wits end. Your help is appreciated!

4
Somebody please explain PROXYv2 to me and the myriad of ways to do DoH? (infosec.pub)
submitted 1 month ago by Findmysec@infosec.pub to c/networking@sh.itjust.works
0 comments fedilink

I've been looking to implement DoH

  1. The first idea was to simply follow this - I do not understand the configuration fully but it looked fine.
  2. Then, I decided to use a proxy/Load balancer in front of BIND to deal with HTTPS.

However, I came across PROXYv2 (which is not even mentioned in the docs, just in a blog post) and the likes of DNSdist.

My questions:

  1. I can't find a detailed explanation of what I need to do about PROXYv2 - does my Reverse-proxy absolutely need to have it to be able to communicate with my DNS server?
  2. Why can't I just have any reverse-proxy that can handle HTTPS and put it in front of my DNS resolver? Does my proxy need to have a specific protocol to be able to talk DNS queries?

I am still confused, would really appreciate some help :)

100
Is Backblaze a reliable provider? (infosec.pub)
submitted 1 month ago by Findmysec@infosec.pub to c/selfhosted@lemmy.world
67 comments fedilink

Hi everyone,

I've started pushing backups of media important to me (family pictures, video etc) to backblaze with client-side encryption.

However, are they a reliable storage provider? I can't help but compare them to something like Amazon who likely has a better chance of maintaining my files but they are so expensive that I don't even bother.

What do you think? Yes, I've heard of 3-2-1, however for now I only have backblaze and a local backup. I'm trying not to spend too much on this.

Thanks!

view more: next ›

Findmysec

joined 1 month ago