Skip to content

Tag: sysadmin

All the articles with the tag "sysadmin".

Incident Response for Self-Hosters

Incident Response for Self-Hosters

You've been compromised. Now what? A practical incident response playbook for self-hosters who didn't think they'd need one until right now.

nftables: Modern Linux Firewalling

nftables: Modern Linux Firewalling

iptables is being phased out. nftables is faster, cleaner, and already the default on modern Linux. Here's how to actually use it without wanting to quit.

2FA for SSH and sudo via PAM

2FA for SSH and sudo via PAM

Adding TOTP to SSH and sudo takes 10 minutes and makes password spray attacks useless. Here's the setup that won't lock you out of your own server.

SSH CA: Finally Ditch authorized_keys

SSH CA: Finally Ditch authorized_keys

Managing authorized_keys across 10 servers is how you lose track of who has access to what. An SSH CA lets you sign keys and revoke access without touching every server.

LUKS Full Disk Encryption on Linux

LUKS Full Disk Encryption on Linux

LUKS encrypts your drives so a stolen server is just expensive recycling. Here's how to set it up, manage keys, and unlock headless boxes remotely.

Proxmox NAT Bridge: One IP, Many VMs

Proxmox NAT Bridge: One IP, Many VMs

· Updated:

Run multiple Proxmox VMs and LXC containers behind a single public IP using NAT bridging and iptables port forwarding. Works on Proxmox VE 8 and 9.

Adding Extra Swap to Linux

Adding Extra Swap to Linux

· Updated:

Out of RAM and no time to reimage? Add swap via a file on any partition using mkswap, swapon, and fstab — done in under 5 minutes.