SMTP mail relays exposed to the internet typically use a combination of SSL and authenticated SMTP to avoid abuse by malicious actors.
This is an excellent choice from a security perspective, but makes smoke testing a bit more complex than just opening telnet.
Continue reading “Ubuntu: Testing authenticated SMTP over TLS/SSL”
When automating software and infrastructure, it is not uncommon to need to supply a user id and password for installation or other operations. While it is certainly possible to pass these plaintext credentials directly in the state, this is not best practice.
# not best practice!!!
- name: frank
- password: "test3rdb"
- host: localhost
There are several issues with this approach.
Continue reading “SaltStack: Keeping Salt Pillar data encrypted using GPG”
By default, LuCI, the web admin interface for OpenWrt is not HTTPS enabled. This may not be a critical issue for you since it is a LAN facing service, but the type of infrastructure information being exchanged combined with the fact that it is usually accessed over WiFi protocols might make you want to consider it – especially considering it is a 5 minute fix.
First connect to OpenWrt either via ssh with Dropbear, or via the USB-TTL cable and a terminal program. Install the following packages:
# opkg update
# opkg install luci-lib-px5g px5g-standalone libustream-openssl
# opkg install luci
Continue reading “OpenWrt: Enabling HTTPS for the LuCI Web Admin Interface”