Kernel Live Patching: Security Updates Without the 3am Reboot
Apply Linux kernel security patches without rebooting using kpatch and Canonical Livepatch. Keep servers secure and online simultaneously — here's the practical setup guide.
Tag: sysadmin
All the articles with the tag "sysadmin".
You Should Be Testing Your Restores
You've got backups. Great. But do you know if they actually work? RTO and RPO mean nothing if you've never actually restored.
Log Rotation for Self-Hosted Apps
Your app is logging to a single file. It's 50GB now. Here's how to rotate logs before your disk dies.
AppArmor vs SELinux: Mandatory Access Control Without the Existential Dread
AppArmor vs SELinux explained: what mandatory access control actually does, how to write AppArmor profiles with aa-genprof, navigate SELinux labels and audit2allow, and when to use each.
TCP Keepalives: Why Connections Die and How to Fix It
Long-lived connections dropping randomly? Your OS is killing them. Here's why keepalives matter and how to tune them.
Auditd & Audit Logging: Know Exactly Who Touched What on Your Server
Master auditd for Linux audit logging: watch critical files, audit syscalls, use aureport and ausearch, and ship logs to Loki or Elasticsearch for compliance and security monitoring.
Time Sync on VMs: Why NTP Keeps Drifting
Your VM's clock is off by minutes. NTP is running but your system still drifts. Here's why.
The MTU Problem Nobody Diagnoses Correctly
MTU mismatches silently break large file transfers, backups, and video calls. Here's how to find and fix the wrong frame size on your network.
DNS Troubleshooting from the Command Line
DNS broke again. Here's the exact command sequence to figure out what's happening without touching a GUI.
LVM Advanced: Snapshots, Thin Provisioning, and Not Losing Your Data
Master LVM snapshots and thin provisioning on Linux. Learn to create, use, and merge snapshots for backups, and over-provision storage safely.
SSH Hardening: Lock Down Remote Access Without Locking Yourself Out
Harden SSH properly: disable password auth, switch to Ed25519 keys, configure sshd_config, set up SSH certificates with step-ca, add 2FA, and configure ProxyJump for bastion hosts.
Docker Volumes vs Bind Mounts: Where Your Data Actually Lives
Docker volumes vs bind mounts explained: named volumes, anonymous volumes, bind mounts, and tmpfs. Real examples for databases, dev workflows, and production.