Hello,

This is the SadServers newsletter, presenting new challenges designed to improve your skills and grow your Linux and DevOps abilities.

We now have over 100 scenarios and growing!

New scenarios since the last newsletter:

• "San Juan": mucho Traefik - a Traefik load balancer scenario.
• "Suzhou": MongoDB replicas! - a challenge involving the most popular no-SQL database.
• "Amsterdam": Cron Hijack - this "hack" scenario shows a way to escalate privileges when root has a permissive PATH.
• "Madrid": exploiting capabilities - another "hack" challenge based on exploiting Linux capabilities.
• "Valladolid": Cleaner not cleaning - a fairly simple Systemd / general Linux scenario. Easy scenarios like this one can be fun to try and do very quickly.
• "London": Ollama LLM troubles - this is a pretty hard scenario, our first AI one.
• "Anatolia": compromised server - probably one of the best SadServers scenarios. We took a real incident of a web server that was compromised ("hacked") by a malicious agent and reproduced the whole system (logs, entry, effect) and packaged it into a scenario. Even if you are not into security, we think this is a great troubleshooting exercise with multiple facets. The solution that is checked is only part of the problem, so even if you fix that part you want to continue investigating the way or ways this server was broken into and what's changed. Clues and solution will not be posted for the time being (we'll add them later on).

New features:

• We have a new scenario search box. It's not the greatest but it works for simple searches. 
• Business accounts users now can:
  • customize scenario times in their interviews.
  • disable Clues/Solution for the candidates.
  • disable the scenario countdown timer.
  • get an email alert when the candidate starts a scenario (useful for those using async interviews).

Other news:

• We have a short SadServers explainer video
• There are a couple new blog posts
• A CLI / TUI SadServers tool was supposed to be announced here (launch and run scenarios from your local command prompt) but alas, the last 5% takes 95% of the time (especially true with things where security is involved). Mentioning it anyways so we are more motivated to finish (the first version of) this project.

 

If your company is interviewing for Linux/DevOps/SRE or similar positions, you may be interested in our Business solutions, contact us for any questions.

 

Cheers,

Fernando Duran
SadServers Founder

Follow us on Bluesky, Mastodon, Twitter or LinkedIn