AppArmor vs SELinux: Mandatory Access Control Without the Existential Dread
AppArmor vs SELinux: what mandatory access control actually does, writing AppArmor profiles with aa-genprof, SELinux labels and audit2allow, and when to use each.
All the articles with the tag "security".
AppArmor vs SELinux: what mandatory access control actually does, writing AppArmor profiles with aa-genprof, SELinux labels and audit2allow, and when to use each.
Linux entropy explained: /dev/random vs /dev/urandom, entropy pools, haveged, virtio-rng, and hardware RNG. Fix low entropy on VMs and containers for safe crypto key generation.
Advanced Caddy server configuration: wildcard certs, Caddyfile matchers, Docker label integration, rate limiting, forward auth with Authelia, and the JSON API.
Master auditd for Linux audit logging: watch critical files, audit syscalls, use aureport and ausearch, and ship logs to Loki or Elasticsearch for compliance and security monitoring.
HashiCorp Vault tutorial: Docker Compose setup, KV v2 secrets, AppRole auth, dynamic database credentials, PKI engine for internal certs, and auto-unseal with cloud KMS.
Set up a WireGuard VPN kill switch and prevent DNS leaks on Linux. Practical iptables rules, resolv.conf locking, and systemd-resolved config.
nmap isn't just for pen testers. Learn what's actually worth scanning on your home network and what those open ports really mean.
Vaultwarden organizations let you share passwords with family or team members securely. Collections, permissions, CLI usage, and backup — all explained.
Learn Linux capabilities to drop root privileges without breaking your apps. Master cap_drop, cap_add in Docker, and setcap for fine-grained privilege control.
Stop running Docker containers like it's the Wild West. Learn 15 critical Docker security mistakes and practical fixes to harden your containers today.
Go beyond ufw allow/deny: rate limiting with ufw limit, logging levels, before.rules for iptables, IPv6 handling, Docker bypass fixes, and fail2ban integration.
DDoS mitigation for self-hosters: Nginx rate limiting, Fail2ban, Cloudflare free tier, CrowdSec, and iptables tricks that actually work.