NAMING THINGS IN A HOMELAB

There’s an old joke in Programming that 90% of your time is spent naming things, and I think this extends into Homelabs and any other computer environment. Names are there give your systems identifiable places, can describe where they are and what they do, and are the easiest way to identify something, so giving some thought into a naming system is worth it. Styles of Naming Naming schemes, like the environments and systems they reflect, can vary widely.

Read more

MONITORING TRAFFIC WITH OPNSENSE AND ELASTIFLOW

One critical thing for any environment, in my opinion, is monitoring. Being able to detect problems and get an understanding of them is crucial to solving them. One thing that is important to monitor is your network. This is not just an important to get a sense of its health an performance, though. Detecting when client machines talk to potentially malicious hosts is a pretty quick way to pick up on security concerns.

Read more

I DOUBLE NAT MY NETWORK, AND I'M PROUD

I double NAT my home network. And the funny part is I designed it that way. Let me explain. Why This is Bad If you’re a network person, you’ve already groaned. If you haven’t groaned, you probably should. Network Address Translation (NAT) is a service that most consumer routers perform by default. Essentially, it’s what lets you connect your privately addressed network to a publicly addressed network and have things work.

Read more

HOW MY HOMELAB BECAME CRITICAL INFRASTRUCTURE DURING A TORNADO

I recently made a design change to my homelab that paid off in leaps and bounds, and just secured my homelab as a part of my critical infrastructure during emergencies. This change was a pretty simple idea, but recently proved itself during a recent tornado near my home. This post will largely be tooting my own horn, sharing why I think this is a good idea, but will also talk about severe weather and have some pictures.

Read more

SORT EVOLUTION MAIL FILTERS WITH PYTHON

I really like filtering my mail. I tend to only need to act on a very small set of messages coming in, so I filter everything such as Ads, FYIs, Cron Jobs, etc to folders and just leave the important stuff in my inbox. Unfortunately though, I now have a few hundred rules, as I keep things separated out to let me have multiple conditions for single senders and keep everything fairly organized.

Read more

KEEPING THINGS UPDATED WITH APT-DATER

One challenge of running servers, especially if you have more than a few, is keeping all of the software up to date on them. Patches are released constantly, and keeping software updated is a major security concern. One great tool that can help automate this is apt-dater, a text based utility that lets you interactively update packages on systems. Installing apt-dater is included in the main Debian and Ubuntu repositories, so you just have to run apt-get install apt-dater on the host you’ll use to update systems, and apt-get install apt-dater-host on your servers.

Read more

ADDRESSING THE LOG4J VULNERABILITY IN UNIFI VIDEO 3.10.13

If you’ve been on the Internet at all today, you’ve probably heard that there is a pretty nasty RCE issue with log4j, a logging package for Java applications. The CVE is CVE-2021-44228, and is a pretty scary RCE bug that is already being exploited in the wild. Update: I originally had comments in this post stating Ubiquiti should update the NVR software. I’ve since learned it’s officially deprecated and won’t be receiving any updates.

Read more

EMBY + NGINX REVERSE PROXY

After some light Google-ing, I couldn’t find a simple example for Emby running behind an Nginx reverse proxy. I built this config using some boilerplate config I have and some config snippets from other config examples. If you’re brand new or not sure exactly what you need, it can be a bit confusing to see older threads with lots of comments and suggestions, and it may be hard to tell what exactly you need to edit.

Read more

UA-PARSER-JS COMPROMISE

Obvious Disclaimer: I’m not a professional security researcher. I dabble in these things and more pursue these things out of curiosity. Let me know what I got wrong. Today I read that there was another victim of a Supply Chain attack, a NPM module author had a few of their modules compromised, one of which (the one I read about) was ua-parser.js. This module provides detection of various platform data from user agent strings.

Read more

LVM BASICS

This is a quick how-to showing my procedure for setting up new drives with LVM. What is LVM LVM stands for Logical Volume Manager and is a newer way to manage partitions and disks in Linux. If you’ve never used LVM, it makes adding partitions, resizing things, adding disks, and more easy and slick on Linux. Basically, it’s an abstraction layer between your disks and partitions. You can have partitions span multiple disks, change them around on the fly, move them around, etc without any of the fuss of before.

Read more