The time has come for me to consider another application for my TOTP data (think 6-digit codes produced by Google Authenticator or an RSA device. I’ve been using an app called 2STP – I have long liked it. Support for it ended about 7 years ago, yet it continued to slug along on my phone […]
Self-hosting Bitwarden / VaultWarden on FreeBSD Read More »
The type of abuse recently seen on FreshPorts isn’t a big deal. I would ignore it if it was on my own server. However, I’m using a “paid” service and the credits go faster when pillocks do pillocky stuff. While I hope I’ve covered what I’ve done, I’ve been sick with a cold for a
fail2ban – adding to my website to deter abuse Read More »
For 3 days now, I’ve been seeing these messages. If you search online, it’s usually the result of port scanning. Aug 7 14:05:15 zuul kernel: Limiting closed port RST response from 212 to 195 packets/sec Aug 7 14:05:16 zuul kernel: Limiting closed port RST response from 219 to 215 packets/sec Aug 7 14:05:17 zuul kernel:
kernel: Limiting closed port RST response from x to y packets/sec Read More »
I was checking email this (Friday Jul 19, 2024) morning, over coffee, while many IT folks dealt with Cloudstrike fallout, when I noticed this message from the logs: Jul 19 09:12:18 zuul kernel: [zone: pf states] PF states limit reached I’ve seen that message before. It’s not of high concern. That server contains many services
What’s this gap in the graphs? Read More »
Nagios was telling me: FILE_AGE WARNING: /usr/home/rsyncer/backups/aws-1/postgresql/freshports.org.dump is 117636 seconds old and 3608113799 bytes That means the FreshPorts backup is more than a day old, and it should have been refreshed by now. OK, let’s go look. I log into the host known as aws-1 and check the files. They look fresh to me: [rsyncer@aws-1
Where’s my backup? Read More »
Yesterday, I mentioned (in more than one place) that I planned to move a 2017 Digital Ocean droplet over to Azure. As I sit here, with coffee, on the balcony, overlooking lot of green trees, at 7:45 AM, I’m trying to put into words the plan I came up with about 30 minutes ago. In
Transferring a VM from one provider to another Read More »
I’ve updated all my hosts to FreeBSD 14.1 – but not all the jails. I’m going to do some of that today. In this post: FreeBSD 14.0 FreeBSD 14.1 mkjail-0.0.4 What’s on r730-03 to update? Full disclosure: mkjail was originally written by Mark Felder, and I joined him in maintaining it. I use it for:
Updating some jails from FreeBSD 14.0 to FreeBSD 14.1 via mkjail Read More »
When feasible, I prefer to run things as non-root. A recent commit to net-snmp has made this possible. By its nature, being a new change, it took me some time and help to figure out what needed to be changed. Before doing this yourself, I recommend waiting until the two code reviews mentioned below are
Notes on running net-snmp as non-root Read More »
bind916 will be EOL in a few months (April 2024). In this post, I’m going to copy an existing jail (running bind916) and configure it to run the new bind. If all goes well, the new jail will replace the old jail. This has an added benefit of effectively renaming the old jail (toiler) to
Copying an existing jail to try bind918 Read More »
One of the configuration aspects of FreeBSD I have long liked is the concept of default values which are overridden by the user. For example, /etc/defaults/rc.conf (see The /etc directory). The default values in this file can be overridden by the user with their preferred values in /etc/rc.conf (or /etc/rc.conf.local, and other locations if you
Moving local settings for pg_hba.conf and postgresql.conf out of PGDATA Read More »