Admin On almost every Linux system sudo is central to access control. It allows administrators to delegate privileges without handing out the root password. Used properly, it enforces least privilege. Used poorly, it creates a false sense of security and leaves audit gaps. This article sets out the best practices for configuring and managing sudo. The … Read more
Secure Shell (SSH) is the standard tool for remote administration of Linux systems. In practice, it is also one of the most common weaknesses I encounter when reviewing environments. Misconfigurations are frequent, and attackers actively exploit them. Hardening SSH is one of the most effective early steps in strengthening infrastructure security. 1. Why SSH Security … Read more
Short version: One interface, named peers, least-privilege routes. Keep logs, rotate keys quarterly, and block everything you don’t route. 1) Install sudo apt update && sudo apt install -y wireguard # or sudo dnf install -y wireguard-tools 2) Keys umask 077 wg genkey | tee /etc/wireguard/server.key | wg pubkey > /etc/wireguard/server.pub wg genkey | tee … Read more
Short version: Use SSHFS for occasional admin access, not as a core storage layer. Mount over SSH with per-user keys, prefer read-only, and avoid backup loops. 1) Install (client) # Debian/Ubuntu sudo apt update && sudo apt install -y sshfs # RHEL/Rocky/Alma sudo dnf install -y fuse-sshfs 2) One safe pattern (read-only) sudo mkdir -p … Read more
