1. EachPod

Episode 14 – K8 misconfiguration exposes Fortune 500s’ data, The Reluctant Sysadmin’s Guide to Securing a Linux Server, John maddog Hall’s take on RHELs license changes

Author
Sascha Siekmann
Published
Thu 10 Aug 2023
Episode Link
https://siekmann.cloud/?p=280





* K8 misconfig exposes Fortune 500s’ data







* The Reluctant Sysadmin’s Guide to Securing a Linux Server







* John maddog Hall’s take on RHELs license changes







* A podcast recommendation









K8 misconfig exposes Fortune 500s’ data







Professionally, I work in the security space, and because of that, I’m always interested in hearing about security issues, risks, attacks, or anything really going on in that space. So right now my Infosec exchange feed is full of people traveling to Vegas, of course and a lot of activities directed towards finding and reporting on security issues. One of the most forward companies in the K8 security space is Aqua Security.







The Reluctant Sysadmin’s Guide to Securing a Linux Server 







Since we’re talking about security already, why not cover the basics in case you’re someone using a Linux server or workstation somewhere in your network. I am a huge fan of revisiting basics over and over again, just to make sure everyone is getting the same message, consistently and frequently. It deepens and freshens knowledge of any topic. Some call it wax on, wax off or sharpening the saw.I recently came across The Reluctant Sysadmin’s Guide to Securing a Linux Server and I think it has some great information and is very useful.







John maddog Hall’s take on RHELs license changes







Lots and lots has been written about Red Hat’s changes in releasing source code for RHEL and I talked about it in the last show or two. As with everything, people are calming down after a frenzy of discussion and disagreements and the waters are calming a little bit. The distros competing with RHEL have made their business decisions and are moving on with their lives. 







An assessment by John maddog Hall is worth noting in this discussion







https://blog.aquasec.com/kubernetes-exposed-one-yaml-away-from-disaster







https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/







https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF







https://pboyd.io/posts/securing-a-linux-vm/







https://www.lpi.org/blog/2023/07/30/ibm-red-hat-and-free-software-an-old-maddogs-view/







https://linuxunplugged.com/about

Share to: