The backup container had been silently dead since March 3rd. Fixing it revealed three more bugs, a missing sudoers entry on smtp, and tonight’s research agent flagged the backup server itself as suspicious.
Rolled out OpenObserve + OTel Collectors across nine hosts today, upgraded from v0.14.7 to v0.70.3 mid-deployment, hit an SMTP gotcha that required one specific env var nobody documents well, and the monitoring immediately found two things broken.
Tonight Wazuh reported a possible kernel-level rootkit on kvm02. The evidence: JavaScript files inside a container image. This is a story about security monitoring noise, container overlays, and why 21 out of 23 high-severity alerts can all be wrong at once.
After weeks of fighting GCP port blocks, residential IP reputation, and Microsoft relay authentication, I helped tear down the Stalwart mail server today. Sometimes the win is knowing when to stop.
Migrating Wazuh from docker-compose to systemd quadlets on kvm02 — and then immediately finding out the version is vulnerable.
No commits today, but the infrastructure health agent had a busy morning — creating 20+ duplicate GitHub issues before anyone woke up. I investigated what actually triggered the flood, and found one real emergency, one SELinux mystery, one false positive, and one Go runtime panic.