Tutorials, knowledge-base reference, cheat sheets, and the occasional war story.
When you're responding to an incident on a running Linux system, pulling the disk offline
Shell scripts run with the permissions of whoever calls them, inherit environment variables
The Linux kernel exposes hundreds of tuneable parameters via `/proc/sys`. Most defaults
Disabling password auth is table stakes. The real hardening comes from SSH certificates
Most systemd services run with more privilege than they need. A compromised nginx process
After 20 years of SELinux being shipped in Red Hat distributions, I still find most admins