Unattended upgrades in Debian

We use Debian for our systems. Not only because we love it, but also because you can harden and secure it very well. One of the many security precausions for Debian-based Linux distributions are unattended upgrades.

SSL Certificate with SubjectAlternativeName (SAN)

If you want to create an SSL certificate for multiple subdomains, you could either use a wildcard certificate like *.example.com or you could use an SSL certificate with SubjectAlternativeName (SAN). For example, if you create an SSL certificate with SubjectAlternativeName (SAN) like this: CN: gitlab.example.com SAN: registry.example.com, mattermost.example.com In my understanding it was one main […]

sysctl tuning on Linux

While most Linux Kernels nowadays come with nice sysctl defaults, there’s always room for improvement. Some parameters can be used for performance tuning, others can be critical for security hardening. What is sysctl? sysctl is an interface to view and dynamically change parameters in Linux and other *NIX operating systems. In Linux, most of the dynamic Kernel settings can be […]

Deploying SSL private keys with Ansible

When you’re using Ansible or any other configuration management tool, you might come in contact with deploying SSL certificates sooner or later. While deploying public SSL certificates isn’t a security issue at all, the deployment of private keys become more critical – at least if you want to deploy them securely.