In a previous blog post, I wrote how to secure OpenSSH against brute force attacks. However, what if someone manages to get a shell on your system, despite all your efforts? You want to protect your…| Frederik Himpe
In a previous blog post, I wrote how to secure OpenSSH against brute force attacks. However, what if someone manages to get a shell on your system, despite all your efforts? You want to protect your system from your users doing nasty things? It is important to harden your system further according to the principle of defense in depth in order.| Frederik Himpe
PHP-FPM is an ideal candidate to secure with AppArmor. Not only can the security of a web server be endangered by security bugs in PHP itself, it can also be affected by security holes in PHP applications. By confining PHP-FPM with AppArmor, we can limit abuse when a security hole is exploited, by preventing PHP-FPM for example from reading arbitrary files on your system or executing random binaries, which may contain a Linux backdoor or crypto-miner malware.| Frederik Himpe
How to configure a dual stack IPv4 and IPv6 Wireguard VPN gateway with systemd-networkd and the Foomuuri NFTables firewall on Debian GNU/Linux.| Frederik Himpe
Step-by-step guide explaining how to upgrade from Debian 12 Bookworm to Debian 13 Trixie| Frederik Himpe
How to secure your system from exploits in PHP applications by confining them with an AppArmor profile, separating different sites with AppArmor hats.| Frederik Himpe
The bookworm-frehi Debian package repository contains newer packages for AppArmor and libapache2-mod-qos fixing some bugs in Debian 12 Bookworm.| Frederik Himpe