Blog

December 8, 2024
13 min read

KVM (Kernel-based Virtual Machine)

KVM is a type 1 hypervisor technology built into the Linux kernel, using components like QEMU, libvirt, and virt-manager to orchestrate virtual machines. This reference aims to cover everything you'd need to have a basic understanding of KVM and QEMU, how to use virt-manager, networking configuration options, and the various components such as SPICE.

What is KVM?

virt-manager acts as one possible GUI / CLI frontend to managing VM's.
qemu is the virtualization / emulation technology that technologies like virt-manager call to run VM's.
QEMU can be used via the CLI on its own.

KVM relates to QEMU when you run VM's with hardware acceleration rather than pure software emulation, KVM provides the hardware translation and acceleration component. This is the difference when starting VM's with kvm instead of qemu-system-x86_64.

kvm is the equivalent of running qemu-system-x86_64 -machine accel=kvm:tcg (see man kvm).

libvirt is an API, daemon, and management tool that ties all of the components you want to use together, and is used by KVM, Xen, VMware ESXi, and QEMU when performing virtualization tasks.

December 1, 2024
14 min read

nzyme x [Raspberry Pi, Proxmox, Tailscale]

This guide walks through deploying nzyme on a Raspberry Pi (4B or 5) leveraging autoconfiguration tools available on each system. For Raspberry Pi OS this includes writing additional files into the bootfs and rootfs partitions. For Ubuntu server images cloud-init or Ansible could be used.

The result is nzyme running as either a stand-alone system, or as a distributed node + tap where the nzyme-node lives on a server like Proxmox with the nzyme-tap sending data back to it from the external Raspberry Pi. Tailscale is also brought into focus for secure remote access.

This guide doesn't offer anything new in terms of nzyme usage that the official documentation doesn't already answer, but more of what you might run into and steps on how to achieve certain deployments if your goal is anything like what's described below.

August 13, 2024
13 min read

Proxmox

Get started with Proxmox. Installation considerations, networking, disk encryption options, and migrating existing virtual machines.

Everything's presented in a useful order to follow if you're used to Hyper-V, VMware Workstation, or VirtualBox and want to jump in by moving to a Proxmox server.

What's most interesting about Proxmox is the Web UI gives you full console and GUI (yes, GUI desktop) access to your VM's through either noVNC or SPICE, even via a smart phone.

August 13, 2024
36 min read

Wazuh all your things with Tailscale

This guide shows you how to get a Wazuh instance running over Tailscale on both Windows and Linux, using Sysmon(+forLinux), auditd, and all the tweaks you'll want to get started. This is ideal for a low resource, low budget, or lab scenario. You could eventually migrate this Wazuh data to a distributed cluster (proxmox), or real hardware if you grow with it.

July 19, 2024
20 min read

BIND9 DNS

How to install, maintain, and run a BIND9 DNS server (named). Covers building from source, configuring, hardening, and DNS over TLS as well as DNSSEC.

Updated on 2024/07/23.

July 19, 2024
8 min read

Get Started with PowerSTIG

Use PowerSTIG to automate STIG compliance across a number of items like WindowsServer, IIS, Adobe, Chrome, RHEL, Ubuntu, Vsphere, SqlServer, and more, while maintaining documentation of the state as a PowerShell configuration file. This is similar to my approach of using Ansible tags to maintain and combine machine states.

Updated on 2024/07/15.

July 12, 2024
21 min read

Atomic Red Team x Unix Artifacts Collector

An overview of spinning up a test environment, and extracting evidence from any unix-like endpoint. This is mostly for personal reference, as it's just pointing to all the existing (and vast) documentation in a sequence that's useful for me -- and hopefully for you as well.

Updated on 2024/07/12.

May 29, 2024
12 min read

Custom Shell Profiles

Working with and customizing shell profiles.

May 29, 2024
23 min read

OpenSCAP Practical Usage

Install OpenSCAP, pull compliance profiles from GitHub/ComplianceAsCode, debug policies with Ansible's -C and -D options, apply, test, and maintain policies with Ansible tags.

Updated on 2024/07/10.

May 15, 2024
6 min read

AIDE (Advanced Intrusion Detection Environment)

How to set up aide for filesystem integrity monitoring and do basic tuning of the configuration.

May 15, 2024
3 min read

Triage auditd logs with check-auditd

Recently updated to mirror and support ausearch arguments. This post showcases those changes and how the tool works.

May 8, 2024
87 min read

Windows

Various configuration settings and notes for Microsoft Windows operating systems.

Updated on 2024/07/23.

May 7, 2024
18 min read

flatpak

Overview of using and configuring flatpak.

May 7, 2024
24 min read

OpenWrt

This guide includes details for installing and running OpenWrt on UniFi AP's as well as Raspberry Pis and even as a virtual machine.

Because it's so flexible in its deployment, there are examples for different use cases included. For instance Tailscale can be leveraged for easy remote administration from anywhere including your mobile device thanks to the Web UI if that's important to you. Generally this guide approaches OpenWrt as a way to provide WiFi to networks where pfSense (or another upstream device) is the primary firewall router.

There's a detailed list of reference links at the top to keep in mind as you read through, and each step tries to include useful copy-and-paste ready commands for operations you may need to repeat every time you go through the process being described.

Updated on 2024/12/14.

May 7, 2024
4 min read

snap

Notes related to the snap package manager.

May 2, 2024
3 min read

bitwarden

Notes related to the bitwarden password manager.

May 2, 2024
56 min read

pfSense administration

A quick reference for pfSense administration.