Security

Introduction: From Reactive Defense to Proactive Security

In 2025, attacks on servers are becoming increasingly sophisticated, and reactive measures (firewall, Fail2Ban, CrowdSec) are no longer enough. The modern DevSecOps approach requires proactive hardening—strengthening the system—to minimize the attack surface before public exploits appear.

Lynis remains one of the key open-source security auditing tools for Unix systems, but today it is crucial to complement it with integration into security standards frameworks (CIS, SCAP) and automation in CI/CD pipelines.

Introduction: The First Line of Defense for Your Server

Before thinking about complex intrusion detection systems such as Fail2ban or CrowdSec, you need to build the first and most reliable line of defense—a firewall. A firewall controls all network traffic entering and leaving your server and blocks unauthorized connection attempts.

Traditionally, Linux servers have used iptables to manage firewalls, but its syntax can be complicated and confusing. Fortunately, there is a simpler and more intuitive tool — UFW (Uncomplicated Firewall).

Introduction: From Local Defense to Global Protection

In the previous article, we explored Fail2ban — a reliable and time-tested tool for defending against brute-force attacks. However, Fail2ban only works with local logs and has no awareness of what’s happening on other servers. In today’s environment, where cyberattacks are increasingly distributed and sophisticated, we need a smarter and more collaborative solution.

Enter CrowdSec — a modern, open-source Intrusion Prevention System (IPS) that leverages a crowdsourced approach to build a global threat intelligence network.

Introduction: Server Security — The First Line of Defense

Once you deploy any server or virtual machine, one of the first and most important tasks is ensuring its security. Even if your server doesn’t contain critical data, it can still be targeted by automated bots constantly scanning the internet for vulnerabilities. The most common type of attack against any server is brute-force password guessing, typically aimed at SSH access, FTP services, or web control panels.

What is Xen?

Xen is a powerful and flexible Type 1 open-source hypervisor that runs directly on server hardware, delivering high performance. Its unique architecture, based on the concept of paravirtualization, became the foundation for many major cloud platforms, including the early versions of Amazon Web Services (AWS). Xen is known for its performance, security, and ability to flexibly manage resources, making it a popular choice for building scalable and fault-tolerant environments.

We’ve explored the ELK Stack, its power — and, unfortunately, its licensing changes. These changes sparked debate within the open-source community and led to the creation of a worthy alternative — OpenSearch.

OpenSearch is a fully open-source fork of the last open versions of Elasticsearch and Kibana, released under the Apache 2.0 license. The project was initiated by Amazon Web Services (AWS) in 2021 and has since evolved as an independent open-source initiative under the OpenSearch Project.

Why Do We Need Centralized Logging? Making Sense of Log Chaos

We’ve already discussed the importance of metrics monitoring for understanding the health of your IT infrastructure. But metrics are only part of the picture. To truly understand what’s happening inside your systems and applications, you need logs.

Logs are records of events generated by operating systems, applications, network devices, and nearly any software component. They capture what, when, where, and why something happened. Think of them as the “black box” of your infrastructure — an invaluable source of information for debugging, auditing, and incident investigation.

In a world where cyberattacks are becoming increasingly sophisticated, protecting remote access to servers and network equipment is of paramount importance. Simply opening ports for SSH, RDP, or web interfaces makes them targets for constant scanning and brute-force attacks.

Today, we’ll explore a powerful yet lesser-known technique that significantly improves the security of your MikroTik (and not only): Port Knocking. It’s not just about “closing ports,” but a smart system that makes your services invisible to most scanners and bots.

In the world of Linux and networking technologies, there are many subtle but critically important kernel settings. One such setting is rp_filter. This parameter, often overlooked, plays a key role in network security and correct packet routing. Let’s explore what it is, how it works, and why understanding it is essential for every system administrator.

What is rp_filter?

rp_filter stands for Reverse Path Filtering. It’s a Linux kernel mechanism that checks incoming network packets to verify whether they arrived on the interface through which a reply to the sender’s IP address would be routed.

Losing access to the WordPress administrator account can be a real headache. Sometimes, standard password recovery methods (via email) don’t work, especially if:

• You forgot both your login and password.
• The site’s mail sending function (wp_mail) is broken.
• The WordPress admin panel is broken or unavailable.
• The only access left is to the database (via MySQL client, phpMyAdmin, WP-CLI, etc.).

In this article, we’ll walk through a reliable and secure way to find the WordPress administrator directly in the database and reset their password using SQL. We’ll follow DevSecOps best practices to avoid breaking serialized data and minimize risks.