How To
openSUSE Leap 16 Initial Server Setup and Hardening
A fresh openSUSE Leap 16 server is reachable over SSH the moment it boots, and straight out of…
Category
Security
Security
How Security Awareness Training for Employees Reduces Human Cyber Risk
Phishing emails used to be easy to spot. Broken English or a Nigerian prince in urgent need of…
How To
How Organizations Can Turn Security Findings Into Actionable Improvements
Security teams rarely struggle to generate findings. Reports pile up, dashboards expand, and the volume of identified issues…
Security
How to Create SSH Tunnels on Linux (Local, Remote, Dynamic)
An SSH tunnel moves a network port from one machine to another inside an encrypted SSH session. No…
DevOps
SonarQube Alternatives for Security-Minded Engineering Leaders
The strongest SonarQube alternatives are judged on one thing: whether they turn security findings into fixed, verified code…
Linux
Monitoring FreeIPA with ipa-healthcheck, Prometheus, and Grafana
Wire ipa-healthcheck into Prometheus via node_exporter textfile collector, build a Grafana dashboard with per-check granularity, alert on five…
Linux
FreeIPA ACME + cert-manager for Kubernetes Workloads
Point cert-manager at FreeIPA 4.12 ACMEv2 to auto-issue TLS for every Kubernetes Ingress. 3-node k3s lab, end-to-end tested,…
Linux
FreeIPA as an Internal ACME CA with certbot and acme.sh
Enable FreeIPA 4.12 ACMEv2, issue 90-day RSA certs with certbot and acme.sh, auto-renew via systemd timer and cron.…
Linux
FreeIPA Random Serial Numbers (RSNv3) on Fresh Installs
Verify, decode, and ship the 128-bit random serial that became default in FreeIPA 4.12. Five proof methods, the…
Linux
FreeIPA Sudo Rules Cookbook: 10 Real-World Patterns You Can Copy
10 production-tested FreeIPA sudo rules: Defaults, NOPASSWD, RunAs, deny patterns, break-glass, auth-indicator gated, time-bound, AD-trusted, GSSAPI passwordless. Built…
Linux
FreeIPA HBAC: From allow_all to Least Privilege with hbactest
Build a least-privilege FreeIPA HBAC policy on Rocky Linux 10: replace allow_all, validate every rule with hbactest, and…
DevOps
How to Make Sure Your SAST Scans Don’t Contribute to Alert Fatigue
Static Application Security Testing is considered to be the gold standard for testing software in DevOps cycles. SAST,…