Posts — Page 41 | SumGuy's Ramblings

Firewall rules are evaluated top-down, first match wins. One misplaced ALLOW rule silently defeats all security.

14 May, 2025

5 min read

Understand sticky bit, setuid, and setgid: what they do, how to set them, security implications, and real-world use cases.

9 May, 2025

6 min read

Verify fail2ban is protecting you: check jails, test bans, monitor logs, common misconfiguration, and unban IPs when needed.

7 May, 2025

6 min read

Use systemd-analyze to find which services are slowing down boot. Fix the bottlenecks.

6 May, 2025

6 min read

CMD and ENTRYPOINT work together. Learn the difference, exec vs shell form, and when to use the combo pattern.

2 May, 2025

5 min read

SSHFS mounts remote filesystems over SSH so you can browse and edit files locally — faster than scp for interactive work.

29 Apr, 2025

15 min read

Decode systemctl status: Active state, CGroup processes, recent logs, loaded/enabled state. What each field tells you.

28 Apr, 2025

7 min read

Understand SSH agent forwarding security risks. When it's safe (almost never), and better alternatives like ProxyJump for jump hosts.

26 Apr, 2025

5 min read

Check SSD health, find excessive write patterns, use noatime, move logs to tmpfs to extend lifespan.

23 Apr, 2025

5 min read

Profiles let you conditionally start services in Compose. Perfect for dev vs prod service splits without multiple files.

21 Apr, 2025

5 min read

Essential journalctl commands: -u, -f, --since, -p, -k, -b, --no-pager, JSON output. The queries you need on a broken server at 2 AM.

16 Apr, 2025

6 min read

Fix SSH timeouts: ServerAliveInterval, ServerAliveCountMax, ClientAliveInterval. Understand NAT, firewalls, and TCP keepalive.

14 Apr, 2025

5 min read