• Thank you for visiting our SysAdvent Blog!

    We hope you have enjoyed the articles in our second SysAdvent season! This is the last post in this years sysadvent. If you want to read more, we have other blog entries at our main site, our techblog, our employees have personal blogs that are aggregated at Planet Redpill Linpro, ...


  • Running wallscreens using a Raspberry Pi

    For the wallscreens within the operations department, we currently use Raspberry Pies and provision those using Ansible. We found that the USB sockets on a typical LCD TV do not provide enough power for a Raspberry Pi model 3, so we went for the cheaper – although a little less ...


  • Encrypted cloud backups with Duplicity

    Duplicity is a piece of software that can perform encrypted backups to remote storage over the network. It uses the rsync algorithm to implement incremental backups, thus minimising the amount of data that needs to be transferred over the network and stored remotely. The GNU Privacy Guard is used to ...


  • Systemd at 3am

    A few of systemd features that helps you and your fellow sysadmins. At 3am, I want to sleep. I do not want SMS with “Service X is down”, and I do not want my systems to wake the on-call personnel, so they can scratch their heads and call me about ...


  • Feeding the Elastic Stack

    This is the last of three posts about Elastic Stack. By now, we should have a reasonably secure Elastic Stack. It is sadly empty, so we should feed it some logs. Logstash is a log processor. It can be configured with inputs, filters, and outputs. Inputs are commonly log files, ...


  • Enabling HTTP/2 for a site

    When we installed the new frontend nodes for our main site, we wanted make use of some technologies that aren’t yet in broad use by our customers. The intention was both to gain more experience with said technologies, and to show that they are ready for production use. HTTP/2 was ...


  • Small-scale honeynet with Raspberry Pi

    The Raspberry Pi units are small and don’t use much power. If you have one or two to spare, why not use them to explore the sweet smell of honeypots? Ye who enter here First of all, a warning: Even though honeypot software is usually isolated from the underlying operating ...


  • Deduplication of old filesystems

    Modern filesystems, and even storage systems, might have built-in deduplication, but common filesystems still do not. So checking for redundant data and do deduplication when possible might save disk space. ...


  • JMole monitoring framework

    Monitoring Java applications can be a painful operation that often require lots of onfiguration, with technologies like byte code instrumentation and JMX, you can literally have thousands of Metrics to choose from just from a single Java application. This ...


  • Fun with firewall activity plotting

    A firewall activity plot for showing port access. The temptation was just a bit too great to ignore, so I chose to see it as a canvas for artwork. All I should need to do is to convert a PNG image to series of nmap commands, easy right? Plot size ...


  • Pros and cons of visualizing firewall activity

    For some time now, I’ve been graphing all unsolicited network traffic destined for my network. For instance, it’s quite useful for detecting slow scans, which will show up as the diagonally aligned green scatter points in this plot (click to zoom): Slow portscan, from high ports to low ports. Other ...


  • Securing the Elastic Stack

    This is the second of three posts about Elastic Stack. The Elastic Stack service is available to anyone who can reach it by default. This allows you to choose your security level and tools to provide it. A simple search on Shodan for kibana or elasticsearch will quickly reveal that ...


  • Use virt-manager to build disk-images

    For cattle purposes, it makes sense to follow a build-once-run-many principle. This is what we prefer for the machines powering our infrastructure. The current build method for deployments uses the toolchain from the virt-manager project to achieve this. Build targets The combination of virt-install(1) and virt-builder(1) provides a layered approach ...


  • Bash: Random numbers for fun and profit

    bash has many things that just works automagically. Did you know it has a built-in pseudorandom number generator? Let’s play games! ...


  • Serving a static website from bucket storage

    As mentioned in a previous blog entry, this site is deployed to an S3 website bucket when the git master branch receives a push. I will here explain how we created and configured the website bucket in question, as well as explain the varnish configuration in front of it. The ...