Incessant tinkerer since the 70’s. Staunch privacy advocate. SelfHoster. Musician of mediocre talent. https://soundcloud.com/hood-poet-608190196

  • 32 Posts
  • 1.59K Comments
Joined 1 year ago
cake
Cake day: March 24th, 2025

help-circle

  • Didn’t downvote. I use AI, and not ashamed of it. I don’t write huge programs and I damn sure don’t release anything to the public mainly because, in the back of my mind, I can just see some poor chap using my code and now smoke is coming out of his server. It works for me. Usually it’s ‘write a script that does _________’ or Docker compose files. It seems pretty accurate for those uses and if I need a bash command sequence explained, it’s good for that too.

    I also use AI when I master my audio tracks before I upload them. I am clinically deaf and there are some frequencies that I just can’t hear well enough to make a judgement call. It’s pretty good at that too.











  • Now, I still got the rack because I think they look cool

    I recently decommissioned one of my Dell T320s, and replaced it with the Dell Optiplex 7020 SFF with the i7-4790 and maxed out to 32 gb RAM. I paid $117 USD for the Optiplex 7020 SFF which came with 8GB RAM, and I maxed it out with three more 8 GB RAM sticks for about $75 USD.

    The Dell T320 costs ~$40/month in electrical costs in my locale to run. The Dell Optiplex 7020 SFF costs $5-8/month to run. So, less than the duration of this year, I will have recouped my initial $200 investment in the Optiplex 7020 SFF just in power consumption alone, and I’ll have ‘left over’ money if I wanted to get yet another Optiplex 7020 SFF. I have 40+ containers running on the Optiplex 7020 SFF, and it hasn’t broke a sweat yet. Far more quieter than the Dell T320 and less heat funneling into the server room.

    I’m going to sell the T320 which is also maxed out at 32 GB RAM, so I’ll have more $$ to replace the other T320. Winner winner chicken dinner.




  • I actually like Ai when used correctly and privately. I see it as a tool for specific jobs but not made to be shoved down our throats every single chance companies get

    I would concur: ‘When used correctly’.

    You’ll get a mixed reactive crew here. Probably 70% pro/30% con with the 30% quite vocal that they shadow the 70% at times. Pay no attention to the grumps or their down votes. LOL




  • but suricata will not automatically correlate primitives into actual alerts from different vlans without transforms, which are cpu-intensive for what they do.

    It is possible to offload the correlation to a downstream SIEM or log aggregator like Wazuh or ELK. Again, it’s something I’m currently trying to spool up on. I know it can be done, I’m just trying different things until I do get it right. I appreciate any input.


  • How did you monitor your vlans with suricata?

    At present I only monitor the VLAN serving the ‘computer room’ which includes the servers. It’s where all the ‘stuff’ happens so I figured I’d start with the most important. However I am in the process of learning how to SPAN (Switch Port Mirroring) where you configure your managed switch to copy traffic from specific VLAN port or all VLANs ports to a dedicated ‘monitoring port’ where a micro server is running Suricata. The mirrored traffic will retain their VLAN tags and Suricata can parse these tags.

    Those are the lofty plans. LOL I’m still fiddling around with it and Suricata because you have to actually set Suricata up to be able to do that. It doesn’t right out of the box.


  • So, I have a standalone pFsense box running Suricata (IDS/IPS) on WAN & LAN, pfblockerng (filtering), unbound, ntopng (traffic analysis), and Tailscale as an overlay on the firewall. The servers are on their separate VLANs, IoT, phone, laptops and other devices are also isolated. On the server I run Cloudflare Tunnels/Zero Trust, UFW, Tailscale as an overlay, and Fail2Ban. Everything is ‘default deny until something complains’. I’ve never run oPensense so I can’t speak to their software, but pFsense has been rock solid for me for years. I utilize Lnav to review logs. It’s lean, easy to install, and it just works.

    To be quite honest about updates like Docker container updates, I wait until all the early adopters work out all the bugs for me and update when I feel comfortable. Updates to Ubuntu Jammy are usually straight forward and I can’t say I’ve had many issues over the years with Ubuntu Jammy updates. There may be a rare occasion, but nothing really stands out at this moment. The only issue I can think of here recently is when Docker updated but Portainer hadn’t caught up, but that was about a 30 minute fix.

    It took me a while to get everything lined out from the modem to the servers, but my track record makes me feel pretty comfortable with how I have everything set up. In fact, literally most of the time, I just enjoy the set up and scout for the next project.