Incident Response for Self-Hosters
You've been compromised. Now what? A practical incident response playbook for self-hosters who didn't think they'd need one until right now.
All the articles with the tag "sysadmin".
You've been compromised. Now what? A practical incident response playbook for self-hosters who didn't think they'd need one until right now.
iptables is being phased out. nftables is faster, cleaner, and already the default on modern Linux. Here's how to actually use it without wanting to quit.
Linux ships with conservative kernel defaults. These sysctl settings tune your server for networking, memory, and file I/O — with explanations, not just paste-and-pray values.
Cockpit is the modern systemd-native Linux admin panel. Webmin is the veteran that configures everything. Here's which one should be on your servers — and which shouldn't.
Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.
Cron has been scheduling your jobs since before you were born. Systemd timers do everything cron does, plus logging, dependencies, and missed-run recovery.
Managing authorized_keys across 10 servers is how you lose track of who has access to what. An SSH CA lets you sign keys and revoke access without touching every server.
LUKS encrypts your drives so a stolen server is just expensive recycling. Here's how to set it up, manage keys, and unlock headless boxes remotely.
A kernel upgrade halved one team's PostgreSQL throughput. The fix was kernel tuning: huge pages, THP, swappiness, I/O scheduler. Here's what matters and why.
Run multiple Proxmox VMs and LXC containers behind a single public IP using NAT bridging and iptables port forwarding. Works on Proxmox VE 8 and 9.
Attackers love finding ways to go from www-data to root. Here's how they do it, and more importantly, how you harden your Linux boxes to stop them.
Out of RAM and no time to reimage? Add swap via a file on any partition using mkswap, swapon, and fstab — done in under 5 minutes.