There are many ways to configure a firewall in Linux. Some people prefer ufw, others go straight to iptables or nftables. But in between those layers of complexity, there’s a small, quiet tool that often goes unnoticed: Ferm, For Easy Rule Making. The name says it all. I like Ferm because it doesn’t try to… Continue reading
In continuous integration environments, it’s often necessary to run Jenkins agents or scripts securely under a dedicated system account. On Debian 12, this means creating a non-interactive user, one that can authenticate via SSH keys but cannot log in interactively or hold a password. This guide walks through setting up a minimal, hardened Jenkins user… Continue reading
Redash remains one of the most approachable open-source tools for building dashboards, sharing SQL queries, and collaborating on data. While the project is no longer actively maintained upstream, the community builds (10.x) are still widely used for internal analytics. In this article, I’ll show how to bring up Redash quickly on Debian 12 using Docker… Continue reading
It happened to me on a quiet evening, running the usual sudo apt update on a Debian 12 server that powers Grafana for dashboards I rely on daily. Instead of the usual green lines of updates, I was greeted by a red warning. For a moment, it looked like the repository had gone bad, but… Continue reading
WireGuard is often chosen because it’s modern, lightweight, and fast compared to older VPN protocols. Its codebase is much smaller than OpenVPN or IPsec, which makes it easier to audit and maintain, reducing the risk of hidden vulnerabilities. This simplicity also translates to better performance with lower latency and faster connection times. Another reason to… Continue reading
If you’ve been working with Debian 12, chances are you’ve already used tar or zip for packaging files. They work fine, but when you need smaller archives and stronger protection, nothing beats 7-Zip. The .7z format not only compresses better, it also supports AES-256 encryption and can even hide file names. This guide will walk… Continue reading
Fail2ban monitors your service logs for repeated failures and blocks offending IPs using your firewall. This guide explains the concept and gives copy paste jails for SSH on 22, HTTP on 80 or 443, and MySQL or MariaDB on 3306. How Fail2ban works Key terms: Install Fail2ban Install rsyslog Fail2ban only works if it can… Continue reading
In my earlier post, “How to set up MongoDB 8 master–slave on Debian 12 (Bookworm)”, we ended with a working replica set and basic authentication. Now comes the daily-ops reality: your app user needs to write documents, but your ops tasks also need to tweak schema rules, adjust TTLs, rename collections, or rebuild indexes during… Continue reading
If you need a simple, secure, and straightforward SFTP server, Atmoz SFTP is one of the easiest solutions available. It runs inside Docker, requires minimal configuration, and is secure by default, no fiddly chroot setup that can often be error-prone or introduce security risks. In this guide, we’ll install and run Atmoz SFTP on Debian… Continue reading
In a production environment, Redis should never run without proper access control. If you’ve followed the basic Redis master-slave installation guide on Debian 12, it’s time to take the next step: securing your Redis nodes with passwords and user-based authentication (ACL), while ensuring replication remains functional. This article focuses on three key areas: 1. Enable… Continue reading