Tag: security

All the articles with the tag "security".

• tcpdump Basics: Capture Traffic Without Wireshark

  22 Nov, 2025

  You don't need a GUI to see network packets. tcpdump on the command line beats opening Wireshark every time.

• AppArmor vs SELinux: Mandatory Access Control Without the Existential Dread

  20 Nov, 2025

  AppArmor vs SELinux explained: what mandatory access control actually does, how to write AppArmor profiles with aa-genprof, navigate SELinux labels and audit2allow, and when to use each.

• Your Server Doesn't Know What Random Means (And That's a Problem)

  19 Nov, 2025

  Linux entropy explained: /dev/random vs /dev/urandom, entropy pools, haveged, virtio-rng, and hardware RNG. Fix low entropy on VMs and containers for safe crypto key generation.

• Caddy Advanced: Automatic HTTPS, Plugins, and Config That Doesn't Make You Cry

  7 Nov, 2025

  Advanced Caddy server configuration: wildcard certs, Caddyfile matchers, Docker label integration, rate limiting, forward auth with Authelia, and the JSON API.

• Auditd & Audit Logging: Know Exactly Who Touched What on Your Server

  7 Nov, 2025

  Master auditd for Linux audit logging: watch critical files, audit syscalls, use aureport and ausearch, and ship logs to Loki or Elasticsearch for compliance and security monitoring.

• HashiCorp Vault: Stop Hardcoding Secrets Like It's 2012

  1 Nov, 2025

  HashiCorp Vault tutorial: Docker Compose setup, KV v2 secrets, AppRole auth, dynamic database credentials, PKI engine for internal certs, and auto-unseal with cloud KMS.

• VPN Kill Switch and DNS Leak Prevention: Paranoia, Justified

  25 Oct, 2025

  Set up a WireGuard VPN kill switch and prevent DNS leaks on Linux. Practical iptables rules, resolv.conf locking, and systemd-resolved config.

• Authentik vs Authelia: Single Sign-On for Your Home Lab (Without a PhD)

  25 Oct, 2025

  Authentik vs Authelia for self-hosted SSO — which one belongs in your home lab? We break down setup, features, and resource use so you can stop logging in like an animal.

• Suricata vs Snort: Intrusion Detection for the Paranoid Home Lab Owner

  24 Oct, 2025

  Suricata vs Snort for home lab IDS/IPS: compare performance, rules, and setup. Includes Suricata installation, suricata.yaml config, EVE JSON logging, and OPNsense integration.

• nmap for Your Own Network: What You Should Be Scanning

  2 Oct, 2025

  nmap isn't just for pen testers. Learn what's actually worth scanning on your home network and what those open ports really mean.

• Vaultwarden Organization Sharing: Password Management for Your Whole Household (or Team)

  30 Sep, 2025

  Vaultwarden organizations let you share passwords with family or team members securely. Collections, permissions, CLI usage, and backup — all explained.

• Linux Capabilities: Drop Root Without Breaking Everything

  24 Sep, 2025

  Learn Linux capabilities to drop root privileges without breaking your apps. Master cap_drop, cap_add in Docker, and setcap for fine-grained privilege control.