Security & Hardening
SSH hardening, sudo, fail2ban, SELinux/AppArmor, firewalls and disk encryption.
How to Use a YubiKey on Linux
Use a YubiKey on Linux for PIV SSH, FIDO2 sudo and login via PAM, GPG smart card subkeys, and SSH through gpg-agent — step by step.
How to Add Two-Factor Authentication to SSH
Enforce two-factor authentication on SSH using PAM and Google Authenticator TOTP, with YubiKey alternatives and per-user exemption patterns for automation accounts.
How to Scan a Linux System for Malware with ClamAV
Install ClamAV on Linux, update virus signatures with freshclam, run on-demand and scheduled scans, and verify detection works with the EICAR test file.
How to Protect nginx with fail2ban
Build custom fail2ban filters for nginx to block bad bots, brute-force attempts, and scanners — with tuned ban times and firewall backend configuration.
How to Detect Rootkits with rkhunter
Install rkhunter, build a clean file-property baseline, tune the config to cut false positives, and automate daily scans with a systemd timer.
How to Configure ModSecurity as a Web Application Firewall
Install ModSecurity with OWASP CRS on Apache or Nginx, run it in detection mode to catch false positives, tune exclusions, then enforce blocking.
How to Audit Linux Hardening with Lynis
Run Lynis to audit your Linux server, interpret the hardening index and warning output, and work through findings from critical to low-effort wins.
Shadow Passwords Explained
Learn why /etc/shadow exists, how to read its nine fields, which hashing algorithms are current, and how to manage password aging with chage, pwconv, and pwck.
How to Set Up GPG Encryption
Generate GPG key pairs, encrypt and decrypt files, sign data, manage your keyring, and verify signatures on Debian, Fedora, and Arch Linux.
How to Set Up a Firewall with UFW
Learn to configure UFW on Linux: set secure default policies, open only the ports you need, read existing rules, and verify your firewall is working correctly.
How to Set Up a Firewall with firewalld
Learn how to configure firewalld using zones, services, rich rules, and source bindings — with a clear explanation of runtime vs permanent changes.
SELinux Explained (and How to Live With It)
Learn SELinux modes, file contexts, booleans, and how to fix denials with restorecon, setsebool, and audit2allow — without ever disabling it.
How to Secure Webmin
Harden Webmin against attack: restrict access by IP, enforce HTTPS with valid certs, set up TOTP two-factor auth, integrate Fail2ban, and lock down modules.
Linux Server Security Checklist
A step-by-step Linux server hardening checklist: secure SSH, firewall rules, automatic updates, service auditing, fail2ban, and intrusion detection for any internet-facing server.
How to Install and Configure fail2ban
Install fail2ban, configure the SSH jail, tune ban times, write custom filters, and verify bans are working — on Debian, Fedora, and Arch.
How to Harden SSH on Linux
Lock down OpenSSH with key-only auth, disabled root login, user allowlists, and firewall rules. Step-by-step for Ubuntu, Fedora, RHEL, and Arch.
How to Encrypt a Disk with LUKS
Encrypt a full disk or individual partition on Linux using LUKS2 and cryptsetup, including key management, boot integration, and header backups.
How to Configure sudo Safely
Learn to configure sudo securely using visudo, sudoers syntax, per-command restrictions, NOPASSWD, and drop-in files to enforce least-privilege access on Linux.
How to Enable Automatic Security Updates
Enable automatic security updates on Debian, Ubuntu, Fedora, and RHEL using unattended-upgrades and dnf-automatic — configured to patch safely without manual effort.
How to Audit a Linux System with auditd
Set up auditd on Linux to track file access, syscalls, and privilege use. Covers persistent rules, file watches, ausearch, and aureport across major distros.
AppArmor Explained
Learn how AppArmor profiles work, how to switch between enforce and complain mode, create new profiles, and diagnose access denials on Ubuntu, Debian, and Arch.