RouterOS v7 eBGP: `set ttl=255`. If you're not doing this for direct peers, your BGP session is a target. Stop remote spoofing easily. #BGPsecurity #RouterOS #NetOps
www.valtersit.com/vault/2026/04/mikrotik_r...
Custom Checkov policies for Docker. Because default security isn't enough for your "unique" compliance. Write more YAML. #DevSecOps #Checkov #DockerSecurity
www.valtersit.com/vault/2026/04/checkov_do...
LXC uid_map/gid_map verification. Stop blindly trusting lxc.idmap configs and prevent host privilege escalation. Check your mappings. #LXC #Containers #SecOps
www.valtersit.com/vault/2026/04/lxc_contai...
Unprivileged LXC failing? Of course. You forgot `usermod --add-subuids` and `--add-subgids`. Stop making me explain basic container fundamentals.
#LXC #Su...
www.valtersit.com/vault/2026/04/lxc_contai...
GitLab CI/CD variable sprawl is a breach waiting to happen. Scan all projects for sensitive keys. Know your exposure. #DevSecOps #GitLab #SecurityAudit
www.valtersit.com/vault/2026/04/gitlab_ci/...
Setting NTFS ACLs with PowerShell. Read/Modify for groups. Use -Force if you're feeling brave. Enjoy the permission sprawl. #PowerShell #NTFS #Security
www.valtersit.com/vault/2026/04/windows_po...
Nginx Ingress trust issues? Patch the deployment with your custom CA ConfigMap. Stop whining, start trusting. #Kubernetes #Nginx #InfraSec
www.valtersit.com/vault/2026/04/kubernetes...
Init, validate, plan. Stop pushing broken Terraform. These pre-flight checks catch your misconfigurations before you break prod. Basic. #Terraform #IaC #De...
www.valtersit.com/vault/2026/04/terraform_...
`busctl monitor --system`: When `systemd` fails, watch the D-Bus chaos unfold. Your services are probably already broken.
#DBus #systemd #LinuxTrouble
www.valtersit.com/vault/2026/04/linux_syst...
`ldapsearch`: Dump AD computers, OS, lastLogon. Red team gold, blue team audit. Patch your LDAP signing, or watch me own your domain. #ActiveDirectory #LDAP #Security
www.valtersit.com/vault/2026/04/active_dir...
K8s has nodes Prometheus can't see. Your monitor is blind to uncollected `node-exporter` metrics. Fix the coverage gaps.
#Kubernetes #Prometheus #DevSecOps
www.valtersit.com/vault/2026/04/prometheus...
ALTER SYSTEM SET PGA_AGGREGATE_TARGET. Stop Oracle disk spills. You're welcome for the manual fix your "automatic" system needed.
#OracleDBA #DBPerfo...
www.valtersit.com/vault/2026/04/oracle_dat...
`sestatus -v`: If your "enforced" SELinux is actually disabled, your security posture is a bad joke. Stop ignoring it. #SELinux #LinuxSecurity #Compliance
www.valtersit.com/vault/2026/04/selinux_po...
`john` demolishes your `/etc/shadow` file, exposing every weak password. That "strong password policy" is just theatre. #PasswordSecurity #Infosec #Pentesting
www.valtersit.com/vault/2026/04/john_the_r...
Fix your SSH permissions. `.ssh` must be 700, `authorized_keys` 600. OpenSSH won't work otherwise. Stop being lazy.
#SSH #Security #Linux
www.valtersit.com/vault/2026/04/ssh_harden...
GitHub Actions runners: `sudo -u ghrunner`. Not root. It's not optional. Least privilege isn't a suggestion. Stop being lazy. #DevSecOps #GitHubActions #RHEL
www.valtersit.com/vault/2026/04/github_act...
Hashcat on Kali. Custom charset (`common_symbols.txt`) for weak last characters. Still seeing this? Bruteforce with `?l?l?l?l?d?d?1`. Easy win. #hashcat #pentesting #...
www.valtersit.com/vault/2026/04/hashcat_ad...
Redis struggling? `INFO stats | grep 'evicted_keys|hits|misses'` diagnoses your memory pressure and cache effectiveness. Stop the bleeding.
#Redis #Monitoring #DevSecOps
www.valtersit.com/vault/2026/04/redis_memo...
UFW rule: Docker containers need host port 9000. So much for network isolation. Hope that service is locked down. #Docker #UFW #SecOps
www.valtersit.com/vault/2026/04/ufw_firewa...
Catching Grafana config drift before the inevitable prod incident. `curl | jq | diff` doesn't lie. Your 'hotfixes' are showing. #Grafana #ConfigDrift #DevSecOps
www.valtersit.com/vault/2026/04/grafana_da...
Your build times are slow because you're lazy. `buildx --cache-to type=registry` exists. Use it. Or don't. Your CI bill, not mine. #Docker #Buildx #DevOps
www.valtersit.com/vault/2026/04/github_act...
IPv6 routing on WireGuard. Not rocket science. Add addresses, routes. Then secure it, if you remember.
#IPv6 #WireGuard #ip6tables
www.valtersit.com/vault/2026/04/wireguard_...
Need real-time? Isolate CPU cores 2,3 via GRUB. `sed` in `isolcpus`, `nohz_full`, `rcu_nocbs`. Reboot. Hope you know what you're doing. #LinuxKernel #GRUB #Realtime
www.valtersit.com/vault/2026/04/linux_kern...
If your Docker images lack OCI labels for provenance, you're flying blind. Debugging production will be hell. Embed metadata. It's not optional. #Docker #...
www.valtersit.com/vault/2026/04/github_act...
Yep, you're still hardcoding IPs in Docker. Fine. This gets your postgres on a custom bridge network. Just don't forget the pre-reqs. #Docker #Networking #Containers
www.valtersit.com/vault/2026/04/docker_net...
Suricata false positive blocking legit traffic? sudo suricatasc -c /var/run/suricata/suricata.sock rule-disable 2221000:1. No restart, zero downtime. Don't drift conf...
www.valtersit.com/vault/2026/04/suricata_i...
Docker build from Git URL: `docker build github.com/[OWNER]/[REPO].git#main:./app`. Quick proto hack, but prod nightmareβexternal deps, latency, repo compromise risk. Stic...
Intel: www.valtersit.com/vault/2026/04/github_act...
Automate OpenVPN cert renewal on Ubuntu 22.04 with systemd timer/service. Daily 30-day expiry checks, zero-downtime SIGHUP reloads, fresh CRLs. PCI-D...
Intel: www.valtersit.com/vault/2026/04/openvpn_si...
Export -f: Serialize bash funcs for subshell parallelization. xargs -P4 crushes serial testsβ10x faster on Ubuntu 22.04 8-core. Validate args, limit blast radius. CI farms app...
Intel: www.valtersit.com/vault/2026/04/bash-scrip...
MySQL 5.7: Ditch slow_query_log parsing. Hit performance_schema.events_statements_summary_by_digest for top 10 slow fingerprints by SUM_TIMER_WAIT. Spots Cartesia...
Intel: www.valtersit.com/vault/2026/04/mysql_5.7_...