Rsyslog – Save login to a seperate file
Create a new rsyslog config file Add the following text
Goodies
HAProxy Use Multiple Config Files from a folder
Create a folder to contain the .cfg files Change the systemd file used for the HAProxy Service Find the line that starts with Environment Edit the line so it contains the -f /etc/haproxy/haproxy.dIn this case we are using the /etc/haproxy/haproxy.d folder for the files. Example of the config file It should be noted, that with … Read more
Two-Tier CA structure ( Online Subordinate CA )
Prerequisites IIS must be installed and working from the clients that will need the RootCA or certs signed by the RootCA server. See more for a simple IIS install guide here: https://scito.dk/2023/08/15/install-iis-for-certificate-authority-crl-and-root-certificate-distribution/ RootCA must be present for signing the SubCA cert. Read more here: https://scito.dk/2023/08/15/two-tier-ca-structure-offline-rootca/ Steps Step 1 Install a Windows server. Step 2 Make … Read more
Two-Tier CA structure ( Offline RootCA )
Prerequisites IIS must be installed and working from the clients that will need the RootCA or certs signed by the RootCA server. See more for a simple IIS install guide here: https://scito.dk/2023/08/15/install-iis-for-certificate-authority-crl-and-root-certificate-distribution/ Steps Step 1 Install a Windows server. Step 2 Make sure the server is fully updated Step 3 Create the file C:\Windows\CAPolicy.inf With … Read more
Install IIS for Certificate Authority CRL and Root Certificate distribution
Open powershell and install the iis windwos feature Open the IIS manager Expand the Sites and expand the Default Web site. Right click and create new virtual directory Create the directory and name it certs. Select the path c:\inetpub\certs After this, select the new virtual directory and select the icon named Directory Browsing In the … Read more
Fortigate Best practices – CLI Examples
Management *Missing from this guide. Management users from central user database ( LDAP, SAML etc ) Configure the web management portsHostname and the Alias of the firewalls.I enable LLDP for easier debug on switches. *Remember to change the values to match your desired naming scheme Limit the management users to only login from specific ip … Read more
Fortigate Best practices – Introduction
Management Network Should be independent from production or business traffic, it does not have to compete for resources and management access can be maintained when reconfiguring the production network. Policies By utilizing a management interface, the separation of management and production traffic is facilitated, enabling distinct policies tailored for specific purposes. This approach enhances the … Read more
Add VLAN to a Lenovo switch in a MCLAG cluster
There are consistency check in the Lenovo swtiches when they are participating in a MCLAG cluster. Therefor the switche will shutdown the ports if there are an inconsistency between the MCLAG members. First disable the consistency check on all members: Add the VLAN to all members when the VLANs has been added to all the … Read more
Microsoft CA Server installation
Install the Windows feature. Open powershell as admin and execute the following command I strongly reccomend to not use the server name as the CA Common Name, since this will be an eyesore when the CA Service will be moved to another server with a different name at some point. Then the feature is installed … Read more