Debian GNU/Linux based Services Profiles
Bro Emacs Lisp Shell Python Makefile
Switch branches/tags
Nothing to show
Clone or download

README.md

Debian-GNU-Linux-Profiles

Done

DNS

Basic bind9 configuration for lan
Domain based routing on openwrt

HA

Using UPS with NUT

Harbian QA

Benchmarking PaX/Grsecurity kernel on Debian GNU/Linux
Syzkaller crash DEMO
Kernel QA with syzkaller and qemu

Hardened boot

Ways to build your own trustchain for secureboot
Debian Hardened boot
Grub for Coreboot
Grub for Secure boot
Preparation for Secure Boot on Key Management Server
Set Up Unrestricted Secure Boot On supporting machine

IDS

Deploy Bro as an IDS

IPSEC

Building IPSEC VPN via strongswan

Security Operation Center

Using Logstash/Elasticsearch/Grafana to build a small SOC(Security Operation Center) from scratch

SOC Overview

ELK with Bro-based Application Layer Packet Classifier

Storage

Manually deploy ceph cluster step by step

SSH and Cluster

Powerful ssh(1) options you don't know
Ways to authenticate yourself to a remote virtual machine host
Recommended way to use ssh(1) for cluster management

TLS

TLS Mutual Authentication in Webdav
TLS Mutual Authentication in Gitlab
OpenConnect Server For Anyconnect Compatible Service

MAC/RBAC

Grsecurity RBAC system with nginx practice
Grsecurity RBAC system with ceph
Separating the three powers with grsecurity RBAC system

Unclassified

Small-scale Enterprise KVM Deployments With Kimchi
The recommended configs of host computers and management console running Debian GNU/Linux within clusters

Todo-list

DRBD in HA
LVM Best Practice
Soft Raid in Debian
Gitlab Hardening
Exploring the Cross-platform File Sharing Service
Nginx Tuning in Debian
Apache Tuning in Debian
Puppet on the Run
Large-scale Enterprise KVM Deployments in Debian
Binary Dispatch in Automated Operations
Automated Operations in Debian
Iptables in Practice
Apparmor Best Practice