I run a piece of software which is replicated across two machines and shares information via multicast. I noticed after performing some updates that information only seemed to be flowing in one direction, so thought I'd share the details of what ended up being wrong for the next person to run into the same problem.
While reviewing the logs of my OpenVPN server recently, I noticed a series of suspicious looking entries that indicated that it was being used as part of a UDP reflection attack. Thankfully this is pretty straightforward to block using the built in functionality of OpenVPN and/or firewall software such as nftables. I'll cover both approaches here.
If you're working on or debugging a PHP application that creates files in the /tmp directory then you may find yourself needing to check for the existence of or the content of these files. On RHEL/CentOS 6 and below this would be as straightforward as listing the contents of /tmp or opening the file in your preferred text editor. On RHEL/CentOS 7 however you may be surprised to see that while your application can see its files fine, you can't.
As Google have publicly stated that a site's usage of SSL will now start to play a part in the ranking of its pages in search results (and presumably other search engines will follow suit) I decided it was time to switch this site to SSL. With online privacy an even bigger concern than ever there's no reason not to use cryptography where possible. I'm posting the steps I took here as a guide for anyone else thinking of making the same move in the hope that someone might find it useful.