It would be nice if RTFM was always an option, but a lot of the time the documentation is woefully incomplete.

Yeah, when you have the VPN running all of your external traffic should go through it. It starts to get complicated when you only want a specific container/user to use/bypass the VPN.

Likely the same deal with the platter drives too.

You can buy a $400 900GB HDD, so OPs price gap is actually pretty narrow.

You can get them from AliExpress for only a few bucks each, although I’ve made the switch to pi pico.

If only it worked on systems with a banner enabled.

It’s not in RHEL. Tenable and Nessus are vulnerability scanners, and Nessus at least can be installed via yum.

Docker installs in /var/lib. Tenable and Nessus use /opt.

There are tons of packages that store config files in places other than /etc.

Docker on RHEL saves everything in /var/lib, for example. Tenable and Nessus stick it in /opt. I’m currently doing a rhel7->8 upgrade, and that shit gets stuck everywhere.

But, I also have issues on my Pis. For a lot of the packages I use, I’m lucky if they actually put their .service file in /etc/systemd. Having to run a find / command on a pi can take forever.

And Linux isn’t? There’s definitely not a central location either.

Yup. Is it in /usr /var /etc or /opt? Maybe in some hidden home folder? Sure, you can Google it, but there’s no guarantee you’ll find the right answer.

There are only a handful of places Windows sticks stuff, and it’s pretty predictable.

No probably about it

s3://cat

Desktops absolutely run services that can be vulnerable.

According to NIST it is:

A process intended to eliminate a means of attack by patching vulnerabilities and turning off nonessential services..

You have to harden servers because they’re vulnerable.

I belive that they have hardened Ubuntu images as well.

Are you guys using an AMI, or is this for physical servers? The NEMU images for RHEL on AWS are pretty solid, although I’m working on building one from scratch for our move to RHEL9

That isn’t true at all.

Source: My job is hardening Linux servers against cyber security threats.

Get one with a remote, then get a smart RF blaster. There’s the Broadlink RM4 that I’ll likely be going with in the future.

Or, you could get an ESP32 and an IR transmitter/receiver and use Esphome. Same concept, but completely local.

What’s the make and model of your server?