SSL/TLS Information

SSL Private CA

  openssl req -out mydomain.csr -new -sha256 -newkey rsa:2048 -nodes -keyout mydoamin.key
  openssl ca -config openssl.cnf -in mydomain.csr -out mydomain.crt

Using a Private CA - Cert Manager

Leveraging cert-manager

Create a secrete with the crt and key above (base64 encoded)

kubectl create secret tls internalca --cert=path/to/cert/file --key=path/to/key/file

Then create an issuer for that key

kubectl apply -f - <EOF
kind: ClusterIssuer
  name: ca-issuer
    secretName: internalca

## External Links

Useful article at [Open Source Replacement for Security Software](  Packages I found interesting (mostly untested by myself unless otherwise stated)

- Configuration Standards
  - [Center for Internet Security]( Provides configuration guides for common OS and server software.
  - [Linux Foundation Workstation Guidelines]( Excellent overview for securely configuring a Linux workstation
- Security Scanners
  - [GovReady Github]( An entire Government sponsored site that integrates open source tools into government standards.  Policies for CentOS and Ubuntu exist, as well as a lot of other resources.
  - [OpenSCAP]( Open source tool to read and evaluate system security based on SCAP standards
  - [Lynis](  Another security scanner for Linux/Unix systems, focusing around common standards and best practices.  Seems far easier to install and configure than OpenSCAP.  However, I have not tested either at this point.
- [Endian]( Appliance for security and hotspot management
- [IPFire]( Linux based firewall distro
- [MailScanner](  Seems easier then attempting to roll Spamassassin, ClamAV, greylisting, etc.
- [Odessa]( Alternative to Autopsy/Sleuth Kit for Open Source forensics work.
- [PFSense](  Pretty solid when I last used the project a few years ago.  Based on FreeBSD, so limited to whatever FreeBSD supports hardware wise.
- [Snort]( Open source intrusion detection system.

## Reading

- [Lessons From Reviewing Postmortems](
Steve Miller BY-NC 4.0 | Rendered by Hugo | Subscribe