Skip to content

Tag: linux

All the articles with the tag "linux".

Falco: Catch Container Attacks at Runtime

Falco: Catch Container Attacks at Runtime

Falco watches every syscall your containers make and screams when something sketchy happens. Like someone exec'ing a shell inside your nginx container at 3am.

Your Server Doesn't Know What Random Means (And That's a Problem)

Your Server Doesn't Know What Random Means (And That's a Problem)

Your freshly booted VM is generating SSH keys with barely any entropy, and that should make you nervous. Linux needs randomness to do cryptography, and headless servers are terrible at collecting it. Here's what's actually happening inside /dev/random and how to fix it before you generate a weak key.

2FA for SSH and sudo via PAM

2FA for SSH and sudo via PAM

Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.

SSH CA: Finally Ditch authorized_keys

SSH CA: Finally Ditch authorized_keys

Managing authorized_keys across 10 servers is how you lose track of who has access to what. An SSH CA lets you sign keys and revoke access without touching every server.