How to Setup OpenVPN on CentOS 7 with Firewalld

If you want to have anonymous access to the Internet from multiple remote locations around the globe, there are several VPN providers such HideMyAss, ExpressVPN and PureVPN who offers such services.However, if you need to have your own VPN server, here’s how to do it using OpenVPN on Linux CentOS 7.How to Setup OpenVPN Using firewalld Instead of iptablesFor this tutorial, I will be using a CentOS cloud server from DigitalOcean. By the way, if you’ve never heard of DigitalOcean, I strongly advise you have a look at them. You can easily deploy a fully functional VPS in just a few minutes and they are insanely fast.

Source: How to Setup OpenVPN on CentOS 7 with Firewalld

IPSEC VPN on Centos 7 with StrongSwan – Raymii.org

This is a guide on setting up an IPSEC VPN server on CentOS 7 using StrongSwan as the IPsec server and for authentication. It has a detailed explanation with every step. We choose the IPSEC protocol stack because of recent vulnerabilities found in pptpd VPNs and because it is supported on all recent operating systems by default.

Source: IPSEC VPN on Centos 7 with StrongSwan – Raymii.org

KVM – Live backups with qcow2

List the current block device in use:
# virsh domblklist <VMNAME>
Target Source
------------------------------------------------
vda /path/to/<VMNAME>.qcow2

Create an external disk snapshot:
# virsh snapshot-create-as --domain <VMNAME> <VMNAME>-snap1 --disk-only --atomic --quiesce

Now that the guest is using the external snapshot disk we can take a backup of the original disk in background using your favorite tool.

When the backup is finished, perform active blockcommit by live merging contents of <VMNAME>-snap1 into base:
# virsh blockcommit <VMNAME> vda --active --verbose --pivot
Block Commit: [100 %]
Successfully pivoted

List the current block device in use, again. It can be noticed, once the blockcommit operation is completed, the live QEMU is pivoted to the base image again:
# virsh domblklist <WMNAME>
Target Source
------------------------------------------------
vda /path/to/<VMNAME>.qcow2

Finaly, if we want, we can remove the external snapshot to not to leave it there:

# virsh snapshot-delete <VMNAME> <VMNAME>-snap1 --metadata
Domain snapshot <VMNAME>-snap1 deleted

Then remove the <VMNAME>-snap1.qcow2 file created above.

How to install Fail2Ban on CentOS 7

Most Linux servers offer an SSH login via Port 22 for remote administration purposes. This port is a well-known port, therefore, it is often attacked by brute force attacks. Fail2ban is a software that scans log files for brute force login attempts in real-time and bans the attackers with firewalld or iptables. Fail2ban recognizes unwanted access or security breach efforts to the server within the administrator set time frame and blocks the IP addresses which show signs of brute force attacks or dictionary

Source: How to install Fail2Ban on CentOS 7

Using Foreman, an Opensource Frontend for Puppet

I was looking into deploying foreman for our rapidly multiplying linux server farm. This was a great introduction, and even better, the instructions work!

The recent vulnerability in bash, got me running to update bash. It’s easy when you have maybe one or two Linux servers, but what do you do if you have 100’

Source: Using Foreman, an Opensource Frontend for Puppet