linux

I like lightweight audit scripts that reveal obvious host hygiene problems quickly: world-writable files, suspicious SUID bits, and weak key permissions. These scripts are not a substitute for configuration management, but they help surface drift befo

SSH hardening is basic but still worth doing carefully. I disable password auth, restrict root login, and pair strong settings with operational practices like host key monitoring and per-user key lifecycle management. Security without maintainability

Privilege escalation detection is rarely one command. I look for unexpected SUID binaries, writable service units, dangerous sudo rules, and kernel or package drift. These checks are not glamorous, but they catch a lot of real misconfigurations that a

During incidents I want a repeatable evidence collection script that preserves volatile context before a system changes again. Time, network state, processes, and recent logs usually matter immediately. Good collection is quiet, timestamped, and resis

Shell scripts automate repetitive DevOps tasks like deployments, backups, and health checks. I use #!/bin/bash with set -euo pipefail for strict error handling—-e exits on error, -u errors on undefined variables, -o pipefail catches pipe failures. Fun

Linux system administration is fundamental to DevOps. Process management with ps, top, htop monitors system activity. systemctl manages systemd services—start, stop, enable, disable. Disk management with df, du, lsblk, mount handles storage. journalct

I prefer a default-deny stance and then open only what the host actually serves. nftables is flexible enough to express that clearly without giant unreadable rule sets. A short explicit policy ages better than a sprawling inherited firewall script nob