PSQL Connections

Overview Reference While PostgreSQL’s pg_hba.conf is the file responsible for restricting connections, when listen_addresses is set to * (wildcard), it is possible to discover the open port on 5432 using nmap and learn the database exists, thereby possibly opening the server up for an exploit. Setting it to the an IP address prevents PostgreSQL from listening on an unintended interface, preventing this potential exploit. Monitoring and Continuous Optimization Use tools like pg_stat_activity and pg_stat_database to monitor connection usage and adjust the values as needed:...

2024-1215-12 · Alberto

VIM - Movements

Split windows C-w w switches between 2 open windows. C-w s opens a new split window. C-w w switches between open windows. C-w o keeps the current window and closes the rest. C-w c closes the current window.

2024-1214-12 · Alberto

Pods Disruption Budget

Pod disruption budget A PodDisruptionBudget (PDB) is a Kubernetes object that specifies the number of pods that can be unavailable in deployment, maintenance, or at any given time. This helps to ensure that your applications remain available even if some of their pods are terminated or evicted. Let’s take an example where my application has three pods (instances); I always want to have at least two running pods all the time; I can apply a PDB object which will guarantee that I will always have at least two running pods!...

2024-1124-12 · Alberto

Security Concepts

Concepts An Intrusion Prevention System (IPS) is a type of engine that identifies malicious traffic by checking the signatures. The signatures contain known traffic patterns or instruction sequences used by malware. This type of signature-based engine can only detect anomalies based on known malicious traffic patterns. An Intrusion Detection System (IDS) is a network security technology originally built for detecting vulnerability exploits against a target application or computer. IDS only listens for issues and alerts you and does not take preventative action....

2024-1117-12 · Alberto

VPN IPSec

VPN site-to-site - IPSec A VPN connection that allows you to connect two local area networks (LANs) is called a site-to-site VPN. Internet Key Exchange version 2 (IKEv2) The Internet Protocol Security (IPSec) set of protocols is used to set up a secure tunnel for the VPN traffic, and the information in the TCP/IP packet is secured (and encrypted if the tunnel type is ESP). The IP packet (header and payload) is embedded in another IP payload, and a new header is applied and then sent through the IPSec tunnel....

2024-1117-12 · Alberto

Git Undo Changes

Git Undo Changes

2024-1116-12 · Alberto

Certificates

PEM Generating a TLS/SSL Certificate 1 openssl genrsa -out my_private_key.key 2048 Now that you have a private key, create a public key with it: 1 openssl rsa -in my_private_key.key -pubout > my_public_key.pub Using OpenSSL to View the Status of a Website’s Certificate 1 openssl s_client -connect linuxhandbook.com:443 2>/dev/null | openssl x509 -noout -dates Verifying Information within a Certificate 1 openssl x509 -in certificate.crt -text -noout Checking a .csr (Certificate Signing Request) type file 1 openssl req -text -noout -verify -in server....

2024-1019-12 · Alberto

Docker

Docker Configuration Overview

2024-1019-12 · Alberto

Docker Images

Docker Images

2024-1019-12 · Alberto

Git Submodules

Git Submodules

2024-1019-12 · Alberto