Ubuntu: Testing authenticated SMTP over TLS/SSL

SMTP mail relays exposed to the internet typically use a combination of SSL and authenticated SMTP to avoid abuse by malicious actors.

This is an excellent choice from a security perspective, but makes smoke testing a bit more complex than just opening telnet.

Continue reading “Ubuntu: Testing authenticated SMTP over TLS/SSL”

SaltStack: Keeping Salt Pillar data encrypted using GPG

saltstack_logo-thumbnailWhen automating software and infrastructure, it is not uncommon to need to supply a user id and password for installation or other operations.  While it is certainly possible to pass these plaintext credentials directly in the state, this is not best practice.

# not best practice!!!

testdb_user:
  mysql_user.present:
    - name: frank
    - password: "test3rdb"
    - host: localhost

There are several issues with this approach.

Continue reading “SaltStack: Keeping Salt Pillar data encrypted using GPG”

OpenWrt: Enabling HTTPS for the LuCI Web Admin Interface

openwrt_logoBy default, LuCI, the web admin interface for OpenWrt is not HTTPS enabled.  This may not be a critical issue for you since it is a LAN facing service, but the type of infrastructure information being exchanged combined with the fact that it is usually accessed over WiFi protocols might make you want to consider it – especially considering it is a 5 minute fix.

First connect to OpenWrt either via ssh with Dropbear, or via the USB-TTL cable and a terminal program.  Install the following packages:

# opkg update
# opkg install luci-lib-px5g px5g-standalone libustream-openssl
# opkg install luci

Continue reading “OpenWrt: Enabling HTTPS for the LuCI Web Admin Interface”