Tag: security

All the articles with the tag "security".

Linux Capabilities: Drop Root Without Breaking Everything

24 Sep, 2025

Learn Linux capabilities to drop root privileges without breaking your apps. Master cap_drop, cap_add in Docker, and setcap for fine-grained privilege control.

Docker Security Hardening: 15 Things You're Doing Wrong Right Now

22 Sep, 2025

Stop running Docker containers like it's the Wild West. Learn 15 critical Docker security mistakes and practical fixes to harden your containers today.

UFW Advanced: Rate Limiting, Logging, and Rules That Actually Make Sense

13 Sep, 2025

Go beyond ufw allow/deny: rate limiting with ufw limit, logging levels, before.rules for iptables, IPv6 handling, Docker bypass fixes, and fail2ban integration.

DDoS Mitigation: Teaching Your Server to Say No Politely (Then Impolitely)

20 Aug, 2025

DDoS mitigation for self-hosters: Nginx rate limiting, Fail2ban, Cloudflare free tier, CrowdSec, and iptables tricks that actually work.

SSH Hardening: Lock Down Remote Access Without Locking Yourself Out

14 Aug, 2025

Harden SSH properly: disable password auth, switch to Ed25519 keys, configure sshd_config, set up SSH certificates with step-ca, add 2FA, and configure ProxyJump for bastion hosts.

Vaultwarden vs Bitwarden: Own Your Passwords Before Someone Else Does

21 Jul, 2025

Why trust a cloud with your passwords? Compare Vaultwarden and Bitwarden self-hosted — lightweight vs full-stack, Docker setup, backups, and which one to actually run.

Linux Audit Log: What's Really Happening on Your Server

5 Jul, 2025

auditd logs every system call, file access, and command. Learn ausearch, aureport, and writing audit rules.

The sudoers Mistake Everyone Makes Once

23 Jun, 2025

Never edit /etc/sudoers directly. One syntax error locks everyone out. Use visudo, understand NOPASSWD risks.

Why Your TLS Certificate Isn't Trusted

10 Jun, 2025

Incomplete cert chains, wrong order, self-signed certs. How to diagnose trust failures with openssl s_client.

Certificate Expiry: Monitor Before the 3 AM Call

28 May, 2025

Certs expire silently. Check expiry with openssl, automate renewal checks with cron, get alerts before disaster.

The Firewall Rule Order That's Breaking Your Setup

14 May, 2025

Firewall rules are evaluated top-down, first match wins. One misplaced ALLOW rule silently defeats all security.

Sticky Bit, Setuid, Setgid: Linux Special Permissions Explained

9 May, 2025

Understand sticky bit, setuid, and setgid: what they do, how to set them, security implications, and real-world use cases.