Our Blog

November 5, 2018 06:56

Nagios Plugins for Kubernetes

We are sharing with the community the Nagios Plugins we have written for Kubernetes which focuses on Prometheus. This is also our first project hosted on Gitlab since we decided to move out of Github in the light of Microsoft's acquisistion of the latter. Microsoft has since embraced Open Source but Gitlab support of free Private repositories are essential for sensitive projects to still be hosted.

Please click on the title to take you to the Gitlab repository.

Joebert Jacaba

August 26, 2018 16:08

Service Reliability Hierarchy

Monitoring is the foundation of Service Reliability. Without it you will be working blind. Only at the time when users complain that you will know there is a problem. The objective of monitoring is to know a problem will occur before the users find out. This way you will have time for decision-making on how to attack the impending incident.

Joebert Jacaba

August 26, 2018 15:53

What is Your Industry?

An owner of one of the largest bank in the country have said that his company is a technology company with financial-domain expertise. The board laughed at him in secret. Today, his bank is leading in embracing technology and proves that his vision is a requirement for companies to survive. Indeed, to be a competitive company today one must fully adopt technology and maximize it to the fullest to gain advantage over your competitor.

Joebert Jacaba

July 5, 2018 08:45

Minimum Features When Building a Mail Server

Our mail server has a corresponding Reverse DNS. Bind is replicated via AXFR to BuddyNS. Plain SMTP does not allow relaying and has a rate limiter using fail2ban. Authentication via SMTP Submission for Postfix and IMAPS using Dovecot.

It is equipped with additional security features like SPF, DMARC, DKIM and RBL. It is protected against Directory Harvest Attack (DHA).

It is also not enough that you are running SSL. Not all protocols and ciphers are equal. We only enabled the Strongest ones. Use this command to check your ciphers and their strength. nmap --script=ssl-enum-ciphers <target>

There is also a new way to limit issuing authority to issue certificates for your domain. So if you are using Let's Encrypt, you need to add these lines to your DNS server:

This domain's DNS certificates are protected by CAA.

yourdomain.com. IN CAA 128 issue "letsencrypt.org"
yourdomain.com. IN CAA 128 issuewild ";"
yourdomain.com. IN CAA 128 iodef "mailto:user@yourdomain.com"
sub.yourdomain.com. IN CAA 128 issue "letsencrypt.org"

Here 128 means maximum enforcement issuewild ";" means don't authorize anyone to issue wildcards and iodef means send any issues or violations to this email. You also need to do that for every subdomain you need.

Joebert Jacaba