SC-Cleared Linux & Cloud Security Contract Consultant
Practical quick-reference guides for Linux and cloud security administrators.
Short version: Use SSHFS for occasional admin access, not as a core storage layer. Mount over SSH with per-user keys, prefer read-only, and avoid backup loops. 1) Install (client) # Debian/Ubuntu sudo apt update && sudo apt install -y sshfs # RHEL/Rocky/Alma sudo dnf install -y fuse-sshfs 2) One safe pattern (read-only) sudo mkdir -p … Read more
Problem: You need to reach a service on a host behind NAT. A reverse tunnel lets the hidden host dial out to a bastion, exposing its local port only on that bastion. 1) One approved pattern On the hidden host (client), create a reverse tunnel to the bastion. This exposes client’s local SSH on bastion … Read more
Short version: For quick exchange, a passworded ZIP is fine; for stronger protection and hiding filenames, use tar piped into gpg –symmetric. Option A — Quick ZIP (password prompt) # Single file zip -e backup.zip important.txt # Whole directory (recursively) zip -er project.zip ./project/ Note: Traditional ZIP encryption is weaker and may reveal filenames/metadata to … Read more
Purpose: Present one reliable pattern for bind-mounting a directory elsewhere, then make it read-only, persist it in /etc/fstab, and roll back cleanly. 1) Basic bind mount # Example: expose /srv/app/upload at /var/www/app/upload sudo mkdir -p /var/www/app/upload sudo mount –bind /srv/app/upload /var/www/app/upload 2) Make it read-only Bind mounts ignore -o ro on first mount; you must … Read more