MastodonTech.de

ReynardSecA grumpy ItSec guy walks through the office #2devops0: dude, we've got so many roles in this cluster my terminal buffer runs out when I try to list them all. devops1: bro, if it works, don't touch. devops0: sure, but neither I nor anyone else on the project knows who can access what...ItSec (walking by): just use rbac-tool and review this... devops1: r... rba... what? devops0: rbac-tool probably or smth--It's always a good moment to verify who can do what in your Kubernetes cluster.For basic checks, use native kubectl:1) Can "I" read secrets?kubectl auth can-i get secrets2) To check another identity's permissions (e.g., a ServiceAccount) run:kubectl auth can-i get secrets --as=system:serviceaccount:somenamespace:someserviceaccountHowever, this approach will not work for complex environments. There's a more effective way to do this with rbac-tool [2]. It gives you cluster-wide visibility with simple commands. Check this:1) Who can do a specific thing? For example: who in the entire cluster can read Secrets?rbac-tool who-can get secrets2) Run an RBAC health check - global analysis with risk hints (wildcards in RBAC, overly broad permissions, cross-namespace binds, etc)rbac-tool analysis3) Visualize the mess - produce an interactive map of roles, bindings, etc:rbac-tool visualizeThis command writes a report to rbac.html in the current directory.Alternatives to rbac-tool like rakkess [3] can offer similar "who can" insights, though it may not be actively maintained.Stay (more) safe![1] <a href="https://kubernetes.io/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_can-i/" rel="nofollow noopener" translate="no" target="_blank">https://kubernetes.io/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_can-i/</a> [2] <a href="https://github.com/alcideio/rbac-tool" rel="nofollow noopener" translate="no" target="_blank">https://github.com/alcideio/rbac-tool</a> [3] <a href="https://github.com/corneliusweig/rakkess" rel="nofollow noopener" translate="no" target="_blank">https://github.com/corneliusweig/rakkess</a><a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> <a href="https://infosec.exchange/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://infosec.exchange/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdev</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://infosec.exchange/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#kubernetes</a> <a href="https://infosec.exchange/tags/containers" class="mention hashtag" rel="nofollow noopener" target="_blank">#containers</a>

Michael T BabcockAs a guy who used to install <a href="https://floss.social/tags/squid" class="mention hashtag" rel="nofollow noopener" target="_blank">#squid</a> for <a href="https://floss.social/tags/webproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#webproxy</a> <a href="https://floss.social/tags/caching" class="mention hashtag" rel="nofollow noopener" target="_blank">#caching</a> on all his edge systems (before they were called edge systems), I'm still a little annoyed at HTTPS-everywhere for breaking caching systems. If you have half a dozen or more machines running the same OS on your network, caching means not downloading those updates repeatedly. Ditto if you have a bunch of machines (virtual or not) running the same docker images. <a href="https://floss.social/tags/rant" class="mention hashtag" rel="nofollow noopener" target="_blank">#rant</a> <a href="https://floss.social/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://floss.social/tags/bandwidth" class="mention hashtag" rel="nofollow noopener" target="_blank">#bandwidth</a>

EibrielFedibrain, Where can I host a simple static website relatively cheap? Let's say 1Gb of size<a href="https://sigmoid.social/tags/Web" class="mention hashtag" rel="nofollow noopener" target="_blank">#Web</a> <a href="https://sigmoid.social/tags/Hosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hosting</a> <a href="https://sigmoid.social/tags/Webhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Webhosting</a> <a href="https://sigmoid.social/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sysadmin</a>

Linux Professional InstituteLinux Professional Institute (LPI) is offering a 25% discount voucher for a <a href="https://fosstodon.org/tags/LinuxEssential" class="mention hashtag" rel="nofollow noopener" target="_blank">#LinuxEssential</a> exam to anyone who switches to <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a>! Tag us in a photo of your <a href="https://fosstodon.org/tags/UpgradetoLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#UpgradetoLinux</a> with the hashtags <a href="https://fosstodon.org/tags/switchtolinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#switchtolinux</a> and <a href="https://fosstodon.org/tags/LPI25" class="mention hashtag" rel="nofollow noopener" target="_blank">#LPI25</a> to join the <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> movement and claim your voucher. 💪🐧🌍For more info, visit: <a href="https://lpi.org/o6pq" rel="nofollow noopener" translate="no" target="_blank">https://lpi.org/o6pq</a> <a href="https://fosstodon.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a> <a href="https://fosstodon.org/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#freesoftware</a> <a href="https://fosstodon.org/tags/LPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#LPI</a> <a href="https://fosstodon.org/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sysadmin</a> <a href="https://fosstodon.org/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://fosstodon.org/@UpgradetoLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@UpgradetoLinux</a>

Ludovic :Firefox: :FreeBSD:A lifetime of backups : <a href="https://ludovic.hirlimann.net/2025/08/a-lifetime-of-backups.html" rel="nofollow noopener" translate="no" target="_blank">https://ludovic.hirlimann.net/2025/08/a-lifetime-of-backups.html</a><a href="https://piaille.fr/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://piaille.fr/tags/backups" class="mention hashtag" rel="nofollow noopener" target="_blank">#backups</a> <a href="https://piaille.fr/tags/downthememorylane" class="mention hashtag" rel="nofollow noopener" target="_blank">#downthememorylane</a>

Kevin Karhan :verified:<a href="https://ohai.social/@lina" class="u-url mention" rel="nofollow noopener" target="_blank">@lina</a> np. I think it's important to highlight such projects like <a href="https://cuiiliste.de" rel="nofollow noopener" translate="no" target="_blank">https://cuiiliste.de</a> and actually point people at it in the hopes that <a href="https://mastodon.social/@ooni" class="u-url mention" rel="nofollow noopener" target="_blank">@ooni</a> and <a href="https://mastodon.social/@citizenlab" class="u-url mention" rel="nofollow noopener" target="_blank">@citizenlab</a> add it to their <a href="https://github.com/citizenlab/test-lists/" rel="nofollow noopener" target="_blank">test lists...</a><ul><li>Personally I did add it to my <a href="https://github.com/greyhat-academy/lists.d/blob/cacf5b9fbd80affd34d760c50b0b7333def000bf/blocklists.list.tsv#L28" rel="nofollow noopener" target="_blank">blocklist lists</a> not as an endorsement [far from it!] but as a point of reference for <a href="https://infosec.space/tags/CUII" class="mention hashtag" rel="nofollow noopener" target="_blank">#CUII</a>... </li></ul>Maybe someday I (or someone else) can get around and make a <a href="https://infosec.space/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> - style <a href="https://infosec.space/tags/URL" class="mention hashtag" rel="nofollow noopener" target="_blank">#URL</a> / <a href="https://infosec.space/tags/Domain" class="mention hashtag" rel="nofollow noopener" target="_blank">#Domain</a> checker that provides more than a mere "is clean" / "is sus" / "is dangerous" assessment but a more nuanced answers like:<ul><li>"This domain is blocked by CUII for alleged copyright infringement" </li></ul>or<ul><li>"This domain belongs to <a href="https://infosec.space/tags/NSAbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#NSAbook</a>" </li></ul>and allow for granular, informed decisions (i.e. allow accessing it as a client, but blocking the entire <a href="https://infosec.space/tags/ASN" class="mention hashtag" rel="nofollow noopener" target="_blank">#ASN</a> from accessing one's Servers and thus block non-consensual <a href="https://infosec.space/tags/Scrapers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scrapers</a> that violate <a href="https://infosec.space/tags/RobotsTXT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RobotsTXT</a>.) <ul><li>I'm just shit at programming anything with a <a href="https://infosec.space/tags/GUI" class="mention hashtag" rel="nofollow noopener" target="_blank">#GUI</a> but hey, I'm just a <a href="https://infosec.space/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sysadmin</a> not a <a href="https://infosec.space/tags/Frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#Frontend</a> person...</li></ul>

Stefano MarinelliThe cloud is not (always) the best solution<a href="https://www.reddit.com/r/oraclecloud/s/WGoqEFgT1B" rel="nofollow noopener" translate="no" target="_blank">https://www.reddit.com/r/oraclecloud/s/WGoqEFgT1B</a><a href="https://mastodon.bsd.cafe/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://mastodon.bsd.cafe/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#SysAdmin</a>

Chopper Dave<a href="https://mastodon.whr-net.co.uk/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#introduction</a> time. I'm Chopper Dave (pseudonym obviously) and have recently setup this <a href="https://mastodon.whr-net.co.uk/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#selfhosted</a> instance.I work in the IT sector, predominantly as a <a href="https://mastodon.whr-net.co.uk/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> but dabble in <a href="https://mastodon.whr-net.co.uk/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> too.In my free time I work on model kits. Airfix, Tamiya and <a href="https://mastodon.whr-net.co.uk/tags/warhammer40k" class="mention hashtag" rel="nofollow noopener" target="_blank">#warhammer40k</a> mainly. I play a lot of retro games and whittle away the hours working on the <a href="https://mastodon.whr-net.co.uk/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#homelab</a>.I like to post my creations and nature shots from my walks or gardening attempts.Feel free to follow! Boosts appreciated but not required!

Stefano MarinelliMy home desktop - 1 March 2000 - a Pentium 233 MMX. The OS was Debian Linux - you can see a printed Tux near the keyboard. No broadband connection, just a 56k modem. Iomega Zip drive - so I could download stuff at Uni and bring it back home. One year later, this became my first 24/7 server.<a href="https://mastodon.bsd.cafe/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://mastodon.bsd.cafe/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#SysAdmin</a> <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.bsd.cafe/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a> <a href="https://mastodon.bsd.cafe/tags/Throwback" class="mention hashtag" rel="nofollow noopener" target="_blank">#Throwback</a> <a href="https://mastodon.bsd.cafe/tags/Memories" class="mention hashtag" rel="nofollow noopener" target="_blank">#Memories</a> <a href="https://mastodon.bsd.cafe/tags/Vintage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vintage</a> <a href="https://mastodon.bsd.cafe/tags/OldPhotos" class="mention hashtag" rel="nofollow noopener" target="_blank">#OldPhotos</a> <a href="https://mastodon.bsd.cafe/tags/OldTimes" class="mention hashtag" rel="nofollow noopener" target="_blank">#OldTimes</a> <a href="https://mastodon.bsd.cafe/tags/OldNerd" class="mention hashtag" rel="nofollow noopener" target="_blank">#OldNerd</a> <a href="https://mastodon.bsd.cafe/tags/OldMe" class="mention hashtag" rel="nofollow noopener" target="_blank">#OldMe</a> <a href="https://mastodon.bsd.cafe/tags/VintageSetup" class="mention hashtag" rel="nofollow noopener" target="_blank">#VintageSetup</a>

Stefano MarinelliWhen I open a project's web page and find a guide to deploy it with Docker and also without it, I'm already liking that project.<a href="https://mastodon.bsd.cafe/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://mastodon.bsd.cafe/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#SysAdmin</a>

ADMIN magazineADMIN 88 is available now! This month, we explore 5 network admin distros. On the DVD: <a href="https://fosstodon.org/@opensuse" class="u-url mention" rel="nofollow noopener" target="_blank">@opensuse</a> Leap 15.6. Order your copy in print or digital format today! <a href="https://shop.linuxnewmedia.com/shop/category/admin-network-security-16" rel="nofollow noopener" translate="no" target="_blank">https://shop.linuxnewmedia.com/shop/category/admin-network-security-16</a> <a href="https://hachyderm.io/tags/network" class="mention hashtag" rel="nofollow noopener" target="_blank">#network</a> <a href="https://hachyderm.io/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://hachyderm.io/tags/stackStorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#stackStorm</a> <a href="https://hachyderm.io/tags/Azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#Azure</a> <a href="https://hachyderm.io/tags/Checkmk" class="mention hashtag" rel="nofollow noopener" target="_blank">#Checkmk</a> <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

OKD :fedora: :kde: 🚴 📷So, der Kollege und ich haben diese Woche reihenweise uralte Server abgeschaltet, andere Server gepatcht, Schutzmechanismen hochgezogen etc.OpenVAS scannt über das Wochenende nach Sicherheitslücken und wir erwarten, dass das Ergebnis am Montag eeetwas weniger rot ist 🙄 Automatisches Installieren von Updates, Konfiguration von SELinux, lokalen Firewalls etc. habe ich per Ansible auf dem Schirm.<a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSicherheit</a> <a href="https://social.tchncs.de/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://social.tchncs.de/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://social.tchncs.de/tags/SysadminAlltag" class="mention hashtag" rel="nofollow noopener" target="_blank">#SysadminAlltag</a> <a href="https://social.tchncs.de/tags/ansible" class="mention hashtag" rel="nofollow noopener" target="_blank">#ansible</a>

Thom ZaneHow do we get Crawl-delay into the RFC 9309 robots.txt standard? Big tech hides behind RFC 9309 as an excuse to ignore Crawl-delay because they want to crawl as fast as they want.<a href="https://daedal.io/tags/robotstxt" class="mention hashtag" rel="nofollow noopener" target="_blank">#robotstxt</a> <a href="https://daedal.io/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a>

Jan Wildeboer 😷:krulorange:It's Friday. So all 5 RHEL (Red Hat Enterprise Linux) servers get their `dnf update`, a reboot and are checked for running smoothly. On 3 servers I also updated the forgejo runner to the current version 9.0.3. Weekend can start!(Yes, I update my private servers on a Friday so I have the weekend to fix stuff in case something goes wrong, thanks for asking ;)UPDATE: All updates installed, all servers back online, no problems found.<a href="https://social.wildeboer.net/tags/SelfHost" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHost</a> <a href="https://social.wildeboer.net/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#SysAdmin</a> <a href="https://social.wildeboer.net/tags/RHEL10" class="mention hashtag" rel="nofollow noopener" target="_blank">#RHEL10</a>

matclabMa boîte recrute un⋅e responsable des systèmes d'information. On utilise beaucoup de linux, et on développe de temps en temps des petites applications internes. On bosse sur une conformité 27001. Il y a de quoi s'amuser et innover. L'équipe actuelle comporte deux personnes. <a href="https://www.systerel.fr/actualites/offre-emploi/responsable-systemes-dinformation-h-f-dt_rsi/" rel="nofollow noopener" translate="no" target="_blank">https://www.systerel.fr/actualites/offre-emploi/responsable-systemes-dinformation-h-f-dt_rsi/</a> <a href="https://mamot.fr/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mamot.fr/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://mamot.fr/tags/jerecrute" class="mention hashtag" rel="nofollow noopener" target="_blank">#jerecrute</a>

BastilleBSD :freebsd:Stay true to read-only Friday.Avoid production changes before the weekend.<a href="https://fosstodon.org/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#FreeBSD</a> <a href="https://fosstodon.org/tags/BastilleBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#BastilleBSD</a> <a href="https://fosstodon.org/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a>

The Linux LighthouseWhy openSUSE Kalpa Is the Best KDE Immutable OS<a href="https://www.youtube.com/watch?v=K9tmBdaBLnA" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=K9tmBdaBLnA</a><a href="https://mastodon.social/tags/opensuseleap" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensuseleap</a> <a href="https://mastodon.social/tags/opensusetumbleweed" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensusetumbleweed</a> <a href="https://mastodon.social/tags/leap" class="mention hashtag" rel="nofollow noopener" target="_blank">#leap</a> <a href="https://mastodon.social/tags/leapmicro" class="mention hashtag" rel="nofollow noopener" target="_blank">#leapmicro</a> <a href="https://mastodon.social/tags/suse" class="mention hashtag" rel="nofollow noopener" target="_blank">#suse</a> <a href="https://mastodon.social/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mastodon.social/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://mastodon.social/tags/Kalpa" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kalpa</a> <a href="https://mastodon.social/tags/LinuxDesktop" class="mention hashtag" rel="nofollow noopener" target="_blank">#LinuxDesktop</a> <a href="https://mastodon.social/tags/KDEPlasma" class="mention hashtag" rel="nofollow noopener" target="_blank">#KDEPlasma</a> <a href="https://mastodon.social/tags/ImmutableOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ImmutableOS</a> <a href="https://mastodon.social/tags/MicroOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicroOS</a> <a href="https://mastodon.social/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tumbleweed</a> <a href="https://mastodon.social/tags/LinuxTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#LinuxTips</a> <a href="https://mastodon.social/tags/KaalpaDesktop" class="mention hashtag" rel="nofollow noopener" target="_blank">#KaalpaDesktop</a>

Take Off, Eh? 🇨🇦 <a class="u-url mention" href="https://masto.deoan.org/@neurovagrant" rel="nofollow noopener" target="_blank">@neurovagrant</a> <a class="u-url mention" href="https://toot.risottobias.org/@risottobias" rel="nofollow noopener" target="_blank">@risottobias</a> Same thing with <a href="https://farticle.cloud/tags/SysAdmin" rel="nofollow noopener" class="hashtag" target="_blank">#SysAdmin</a> in general.

Take Off, Eh? 🇨🇦 I remembered just now how upset certain people were at my last employer (in the finance industry) when we explicitly blocked Grammerly. Just use the built in stuff in Word and copy-paste the result into the customer support ticket or whatever. Or learn gud englysh. Even back then it was so obvious you shouldn’t be sending confidential info to random third parties. Or hiring people without basic literacy. <a href="https://farticle.cloud/tags/sysadmin" rel="nofollow noopener" class="hashtag" target="_blank">#sysadmin</a>

2.5 Admins2.5 Admins 259: New Web?The Web is a mess of tracking and AI scraping so do we need a new one, would it even be possible, or is this the wrong question? Plus setting up servers in a garage where dusty woodworking is happening.<a href="https://2.5admins.com/2-5-admins-259/" rel="nofollow noopener" translate="no" target="_blank">https://2.5admins.com/2-5-admins-259/</a><a href="https://mastodon.social/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#podcast</a> <a href="https://mastodon.social/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#sysadmin

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

sysAdmin

#sysadmin