Suricata vs Snort: Network Intrusion Detection That Actually Works
Snort invented network intrusion detection. Suricata multi-threaded its way past it. Here's how to set up real IDS/IPS on your home lab and actually understand what it's telling you.
All the articles with the tag "linux".
Snort invented network intrusion detection. Suricata multi-threaded its way past it. Here's how to set up real IDS/IPS on your home lab and actually understand what it's telling you.
Linux ships with conservative kernel defaults. These sysctl settings tune your server for networking, memory, and file I/O — with explanations, not just paste-and-pray values.
Falco watches every syscall your containers make and screams when something sketchy happens. Like someone exec'ing a shell inside your nginx container at 3am.
Cockpit is the modern systemd-native Linux admin panel. Webmin is the veteran that configures everything. Here's which one should be on your servers — and which shouldn't.
Your freshly booted VM is generating SSH keys with barely any entropy, and that should make you nervous. Linux needs randomness to do cryptography, and headless servers are terrible at collecting it. Here's what's actually happening inside /dev/random and how to fix it before you generate a weak key.
Fail2ban bans IPs that attack you. CrowdSec bans them before they attack you, using community threat intelligence. Here's how to set up both and why you might want both.
Your Linux box has hundreds of kernel knobs in /proc/sys that nobody ever touches. Most don't matter — here are the handful that actually improve a Docker host.
Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.
Cron has been scheduling your jobs since before you were born. Systemd timers do everything cron does, plus logging, dependencies, and missed-run recovery.
Managing authorized_keys across 10 servers is how you lose track of who has access to what. An SSH CA lets you sign keys and revoke access without touching every server.
Wazuh gives you SIEM, HIDS, FIM, and threat detection in one stack. Here's how to deploy it in your home lab with Docker and actually use it.
ZFS is the paranoid fortress of filesystems. Btrfs is the scrappy upstart built into your kernel. Here's which one belongs in your home lab.