K8 misconfig exposes Fortune 500s’ data

Professionally, I work in the security space, and because of that, I’m always interested in hearing about security issues, risks, attacks, or anything really going on in that space. So right now my Infosec exchange feed is full of people traveling to Vegas, of course and a lot of activities directed towards finding and reporting on security issues. One of the most forward companies in the K8 security space is Aqua Security.

The Reluctant Sysadmin’s Guide to Securing a Linux Server

Since we’re talking about security already, why not cover the basics in case you’re someone using a Linux server or workstation somewhere in your network. I am a huge fan of revisiting basics over and over again, just to make sure everyone is getting the same message, consistently and frequently. It deepens and freshens knowledge of any topic. Some call it wax on, wax off or sharpening the saw.
I recently came across The Reluctant Sysadmin’s Guide to Securing a Linux Server and I think it has some great information and is very useful.

John maddog Hall’s take on RHELs license changes

Lots and lots has been written about Red Hat’s changes in releasing source code for RHEL and I talked about it in the last show or two. As with everything, people are calming down after a frenzy of discussion and disagreements and the waters are calming a little bit. The distros competing with RHEL have made their business decisions and are moving on with their lives.

An assessment by John maddog Hall is worth noting in this discussion

https://blog.aquasec.com/kubernetes-exposed-one-yaml-away-from-disaster

https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/

https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF

https://pboyd.io/posts/securing-a-linux-vm/

https://www.lpi.org/blog/2023/07/30/ibm-red-hat-and-free-software-an-old-maddogs-view/

https://linuxunplugged.com/about