Falco: Catch Container Attacks at Runtime
Falco watches every syscall your containers make and screams when something sketchy happens. Like someone exec'ing a shell inside your nginx container at 3am.
Tag: security
All the articles with the tag "security".
Cloudflare Tunnels: The Zero-Port-Forward Guide to Exposing Your Services
No port forwarding, no DDNS drama. Cloudflare Tunnels advanced config: multiple services, Access policies, origin TLS, and what Cloudflare can actually see.
Trivy + Cosign: Scan and Sign Your Images
You're pulling container images from strangers on the internet. Trivy scans them for CVEs. Cosign proves they haven't been tampered with. Use both.
Fail2ban vs CrowdSec: Blocking the Bots Actually Smartly
Fail2ban bans IPs that attack you. CrowdSec bans them before they attack you, using community threat intelligence. Here's how to set up both and why you might want both.
Tailscale Deep Dive: Mesh Networking That Actually Works
Tailscale takes WireGuard's speed and wraps it in a control plane that handles key exchange, routing, and ACLs automatically. Here's everything beyond 'tailscale up'.
2FA for SSH and sudo via PAM
Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.
WireGuard vs OpenVPN 2026: It's Not Even Close
OpenVPN is the battle-tested workhorse. WireGuard is everything VPNs should have been from the start. In 2026, here's which one you should actually use.
SSH CA: Finally Ditch authorized_keys
Managing authorized_keys across 10 servers is how you lose track of who has access to what. An SSH CA lets you sign keys and revoke access without touching every server.
Wazuh: Open Source SIEM for Your Home Lab
Wazuh gives you SIEM, HIDS, FIM, and threat detection in one stack. Here's how to deploy it in your home lab with Docker and actually use it.
LUKS Full Disk Encryption on Linux
LUKS encrypts your drives so a stolen server is just expensive recycling. Here's how to set it up, manage keys, and unlock headless boxes remotely.
Rootless Docker: Run Without Root
Run Docker containers without root privileges — here's the security difference, the install steps, and the gotchas nobody tells you about.
Linux Privilege Escalation: The Defensive Playbook
Attackers love finding ways to go from www-data to root. Here's how they do it, and more importantly, how you harden your Linux boxes to stop them.