Latest articles

  1. Which Windows edition should I choose?

    Published: Tue 26 September 2017 in Cookbook.
    Updated: Thu 05 October 2017 (Added information on older Windows Server versions.)
    For those who may find the difference between core, standard, essentials, enterprise, professional, datacenter & others a bit hard to grasp.

    Windows editions follow a naming convention which may not be the clearest and, to make things worse, change with Windows versions and cover both technical and non-technical differences (meaning that two different editions may actually be the same with just a different EULA).

    Here is a short post on main Windows editions with a focus on the version you may prefer for your lab.

    Windows client editions

    • Windows Home or Core edition is the low-budget, consumer grade version of Windows. It is enough for home uses, but is missing features necessary for corporate environments such as the ability to join an Active Directory domain.

    • Windows Professional or Business edition adds more functionalities, such as the ability to join an Active Directory domain and disk encryption (limited to the Enterprise edition and above until Windows 7 included).

    • Windows Enterprise, Education and Ultimate editions are the most complete editions. There is little …

  2. BSDA certification review

    Published: Fri 22 September 2017 in Opinions.
    Updated: Tue 26 September 2017 (Add link to the BSDA Certification Study DVD)
    Facts, advices and personal impressions on the BSDA certification from the BSD Certification Group.

    The five Ws

    • What: The BSD Associate (BSDA) is a technical certification on BSD systems administration. It covers DragonFlyBSD, FreeBSD, NetBSD and OpenBSD.

      This certification covers general BSD systems administration (there is not much about system architecture itself), the specificities of each covered BAD flavors, common Unix services administration, and also a few non-technical points notably on the BSD license and its difference with other licensing types.

      I personally find the official naming misleading, as the requirement for this certification actually targets system administrators, not assistants.

    • When: The BSDA has no prerequisites, but is very technical and covers a wide range of domains so I would certainly not recommend it for the beginners.

      It can be seen as the BSD counter-part of the LPIC-2 Linux certification.

    • Why: BSD systems have a different approach than Linux ones on a lot of things, both technical and non-technical. Being Linux certified does …

  3. vmtools guided tour, part 2: manage virtual machines

    Published: Thu 21 September 2017 in Projects.
    Learn hos to fork, merge, and otherwise manipulate and diagnose vmtools virtual machines.

    Still with me? In this second part of the vmtools guided tour (read the first part first!), we will now enter in the core of the subject and learn how to manage virtual machines, and in particular how virtual machines forks and merges work.

    As before, if anything seems unclear or would warrant more explanation, feel free to contact me.

    Use vmcreate to create virtual machines

    Create a virtual machine from an installation ISO image

    vmup is useful to boot a virtual disk image, but it doesn’t save the virtual machine settings and does not provide access to vmtools more advanced features.

    In vmtools, a virtual machine is a standard directory gathering a few files. To create a new virtual machine, the most common way is to provide the path to the ISO image of an installation disk and the name of a new directory to create:

    user@host …

  4. vmtools guided tour, part 1: introduction and basic usage

    Published: Mon 18 September 2017 in Projects.
    Install vmtools and use vmup to boot disk image files.

    This the first of a short series of posts introducing vmtools main features. We will start in a gentle way by focusing on a single but central command: vmup.

    Feel free to contact me if anything seems unclear or would warrant more explanation.

    vmtools installation and uninstallation

    Use the provided script to install vmtools on your system. The default is to install it system-wide:

    sudo sh ./

    To install it as unprivileged user, create a ~/.local directory and use it as installation prefix:

    sh ./ -p ~/.local

    To uninstall vmtools, use the provided script.

    Centralized configuration file

    System-wide settings are stored in the file /etc/vmtools/vmtools.conf, this file is optional and must be manually created.

    This file lets you centrally configure the default settings to apply to all your virtual machines.

    Here is an example file:

    # Use VNC as the default display …

  5. vmtools, a Qemu virtual machines manager, is now available

    Published: Sun 17 September 2017 in Projects.

    vmtools is a Qemu virtual machines manager which strives to be easy, versatile and modular while adhering to the principle of least privileges, to respect users’ freedom and security.

    • Easy: Just vmup anything which can be booted, from a local disk image file to remote URLs including .ova archives and devices files. No complex parameters to set or remember, just boots the damn thing.

      Virtual machine settings are saved in short and clean plain-text files. No XML, no unneeded settings, only the non-default values specific to the virtual machine, easily readable and editable with any text editor.

    • Versatile: Use it how you want, vmtools does as few assumptions as possible. No imposed directory structure, no imposed work-flow.

      Saved virtual machines are standard directories and files which can be moved, copied or renamed at will, but can also be freely forked and merged to match even advanced work-flows.

      vmtools commands offer …

  6. SELinux cheatsheet

    Published: Fri 08 September 2017 in Cookbook.
    A mind-refresher on SELinux main commands, files and behavior.

    This page is only designed as a memory-refresher. SElinux may be a complex thing to get right, if you are not familiar with it yet I highly encourage you to read Sven Vermeulen books.

    SELinux state

    To detect whether SELinux is enabled or not:

    • From a script, selinuxenabled doesn’t produce any output and its exit code gives SELinux status.
    • From an interactive prompt, sestatus provides more information.

    SELinux main configuration file is /etc/selinux/config, it defines:

    • SELINUX=: SELinux state:

      • enforcing: Enabled and block unauthorized actions (policy violations).

      • permissive: Enabled, but only logs unauthorized actions and does not block them (useful for development and HIDS purposes).

      • disabled: SELinux is completely disabled.


        If SELinux has been temporarily disabled (which is not recommended, there are usually cleaner ways to proceed), a global relabel will be required before re-enabling SELinux.

        More information.

    • SELINUXTYPE=: The policy currently in use, available policies depend …

  7. SELinux System Administration & SELinux Cookbook (Sven Vermeulen)

    Published: Wed 06 September 2017 in Library.
    The best book to discover SELinux and learn how to take the most out of it.

    Sven Vermeulen, the author of these two books, is deeply involved in the Gentoo community.

    Quoting his biography from the book introduction:

    In 2003, he joined the ranks of the Gentoo Linux project as a documentation developer and has since worked in several roles, including Gentoo Foundation trustee, council member, project lead for various documentation initiatives, and (his current role) project lead for Gentoo Hardened SELinux integration and the system integrity project.

    He is both knowledgeable technically, pedagogically and in SELinux. In these books, he uses his talent to spread the light on a domain which is often conceived as obscure and daunting, explaining in a clear and effective way how and why the things are the way they are so everything finally takes its place into our minds.

    Don’t let the affiliation with the Gentoo project let you think that these books are only about Gentoo. These books …

  8. Linux LPIC certification review

    Published: Sun 03 September 2017 in Opinions.
    Facts, advices and personal impressions on the Linux LPIC certification (all levels).

    The five Ws

    • What: The Linux Professional Institute Certification (LPIC) is a technical certification on GNU/Linux systems administration. This certification is vendor-neutral and covers the major GNU/Linux distributions (Debian, SUSE, Red Hat) and their derivatives.

      With the Linux Essentials certification aside (it targets end-users, not administrators), the LPIC certification path has three main levels:

      • LPIC-1 “Linux Administrator”: This level studies the GNU/Linux system itself: how it works, how to administrate the local system with some knowledge on troubleshooting and main services.

      • LPIC-2 “Linux Engineer”: This level has two folds: on one side you study advanced administration and troubleshooting techniques, on the other you now envision the GNU/Linux system as part of the corporate ecosystem and study the administration of the most common network services (here again vendor neutral, so you should be comfortable with both Apache and Nginx HTTP servers for instance).

      • LPIC-3 …

  9. Cisco CCNA Security certification review

    Published: Fri 01 September 2017 in Opinions.
    Facts, advices and personal impressions on the Cisco CCNA Security certification.

    The five Ws

    • What: CCNA Security is a technical certification about general network security in a professional context. It describes the typical threats potentially affecting such networks then various Cisco technologies allowing to mitigate them. This covers the networking devices themselves, but also the data both in transit and at rest and end-user devices both corporate ones and personal one (BYOD).

    • When: Obtaining this certification requires to have at least the CCENT certification (I recommend having a CCNA Routing & Switching, though).


      While the CCENT or CCNA R&S is a prerequisite to be granted the CCNA Security certification, they are not technically required to take the exam.

      If for some reasons it suits you, Cisco allows you to take the CCNA Security exam before having obtained a CCENT or CCNA R&S. If you pass the exam, you will be granted the CCNA Security certification once you get your …

  10. How to install Cisco Adaptative Security Appliance (ASA) in GNS3

    Published: Mon 28 August 2017 in Cookbook.
    A step-by-step guide to get legacy ASA images and ASAv up-and-running a virtual lab.

    The Cisco Adaptative Security Appliance (ASA) is Cisco’s main firewall and network security product. It mainly provides firewall and VPN services, but its native features can be enhanced with the addition of FirePOWER NGIDS services on top of it.


    Even when used on top of an ASA in the same appliance, the FirePOWER NGIDS is never really merged within the ASA but stays a separate module. For instance, the ASA and the FirePOWER each have their own separate CLI shell, each with their own different syntax and logic. In fact FirePOWER is not a Cisco development but has been acquired when Cisco merged with SourceFire, hence the (personal) feeling of an “alien” product plugged into the ASA.

    For CCNA Security students, while you must know ASA and be comfortable with its usage, as for now you only need to know what FirePOWER is and why it is used …

Pages: 1 2 3 4 5 6

Popular tags see all