This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.7" | |
services: | |
backend: | |
image: registry.example.com/my-example-docker-image:stable | |
restart: always | |
hostname: my-example-service.example.com | |
environment: | |
TZ: Europe/Zurich | |
env_file: |
feature netflow
flow exporter elastic-exp
description elasticsearch exporter
destination 10.10.10.10 use-vrf XY
transport udp 9995
source Vlan123
dscp 0
version 9
Use the following commands to add CA certificates to the Firefox truststore via command line. Ensure Firefox is closed while running these commands! certutil
comes with the installation of libnss3-tools
.
certificateFileRoot="root.crt"
certificateNameRoot="Root CA"
certificateFileInter="intermediate.crt"
certificateNameInter="Intermediate CA"
# We use cert9.db and "sql:..." since cert8.db is in the legacy format
for certDB in $(find ~/.mozilla* -name "cert9.db")
Use the following commands to add a security device module to Firefox. Ensure Firefox is closed while running these commands! modutil
comes with the installation of libnss3-tools
.
securityModuleDeviceName="My Awesome Module"
securityModulePath="/usr/lib/libBlaBla.so"
# We use cert9.db and "sql:..." since cert8.db is in the legacy format
for devicedDB in $(find ~/.mozilla* -name "cert9.db")
do
certDir=$(dirname ${devicedDB});
Save the file nic-isolation.service
to /etc/systemd/system/nic-isolation.service
.
Afterwards reload the systemd daemon and enable & start the "service":
sudo systemctl daemon-reload
sudo systemctl enable nic-isolation.service
sudo systemctl start nic-isolation.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ | |
# Attention: This PSP has quite some loose restrictions! Do not just copy & paste it! | |
apiVersion: policy/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: example | |
spec: | |
allowPrivilegeEscalation: true | |
allowedCapabilities: |
OlderNewer