This is a follow-up to my last post in which I set up Suricata as an IPS. This article demonstrates how to effectively work with the Suricata engine—specifically, how I analyze its log output, silence unnecessary alerts, and promote specific detection rules to prevention rules.
Continue reading Suricata Alert Analysis: Tuning Rules and Promoting Detection to PreventionAuthor: jean
Suricata IPS: Building a Transparent Network Defense Layer with AF-Packet Bridging
Suricata functions as a powerful engine for Network Intrusion Detection and Prevention (IDS/IPS). This guide demonstrates how to set up Suricata as a transparent Intrusion Prevention System (IPS) within a KVM environment by replacing the kernel bridge with the high-performance AF-Packet mechanism.
Continue reading Suricata IPS: Building a Transparent Network Defense Layer with AF-Packet BridgingAutomated Defense: Building a Central Log Hub for Fail2ban and External Firewall Integration
A very light-weight and efficient approach for consolidating logs centrally is by using rsyslog. My virtual machines all use rsyslog to forward their logs to a dedicated internal virtual machine, which acts as the central log hub. A fail2ban instance on this hub checks all incoming logs and sends a block command to an external firewall—a process helpful for automated security.
Continue reading Automated Defense: Building a Central Log Hub for Fail2ban and External Firewall IntegrationZFS Data Migration: Encrypting Existing Volumes with zfs send and zfs recv
Encrypting previously unencrypted data, such as a legacy ZFS pool, requires a reliable migration strategy. The most robust way to achieve this is by using the powerful ZFS data stream mechanism: zfs send and zfs recv.
The core procedure is simple: create a snapshot, transfer this snapshot, and receive it at a new, encrypted destination.
Continue reading ZFS Data Migration: Encrypting Existing Volumes with zfs send and zfs recvZFS Encryption: Mitigating Physical Attacks with Remote Key Management
This article documents the design and implementation of an external key management solution for ZFS encryption. This approach utilizes a custom PHP service to serve encryption keys on demand, specifically designed to mitigate physical and system-level compromises where local keys would fail. This deep dive explores the security architecture, the self-written PHP proof-of-concept (PoC), and the critical security caveats of building a custom Key Management System (KMS).
Continue reading ZFS Encryption: Mitigating Physical Attacks with Remote Key ManagementDistributed MinIO on AWS Lightsail: Multi-Node Setup
MinIO is a high-performance, S3-compatible object storage solution. This article provides a blueprint for deploying a distributed MinIO stack using Amazon Lightsail, covering the critical steps for multi-node setup, networking, and Systemd.
Continue reading Distributed MinIO on AWS Lightsail: Multi-Node SetupNextcloud Client on Chromebook (ARM/aarch64): Solving Two-Way Sync
Short explanation on how to get the Nextcloud Linux desktop client working reliably on a Chromebook. This solution is necessary because the official Android desktop client does not offer true two-way synchronization, which is a critical feature for managing files across systems.
Continue reading Nextcloud Client on Chromebook (ARM/aarch64): Solving Two-Way SyncNextcloud and MinIO Integration: Why Direct S3 Fails and the Filesystem Abstraction Workaround
MinIO is a fantastic Object Storage solution, and I intended to use my distributed MinIO system as the primary external storage for Nextcloud. This distributed setup, which uses Sidekick as a load balancer for seamless node access, proved functional but revealed a critical stability flaw, particularly with mobile uploads.
Continue reading Nextcloud and MinIO Integration: Why Direct S3 Fails and the Filesystem Abstraction WorkaroundNextcloud Migration and Database Performance: Solving Deadlocks with PostgreSQL
Getting the famous “1213 Deadlock found when trying to get lock; try restarting transaction” error in Nextcloud can be frustrating. This issue affected many users and was discussed in bug reports like this: Nextcloud Deadlock Issue
. The community frequently recommends switching the backend database to PostgreSQL. While I was initially skeptical, the migration proved to be the definitive solution for this recurring issue in my setup.
This guide outlines the streamlined procedure for migrating Nextcloud from MariaDB/MySQL to PostgreSQL. The process is uncomplicated and can drastically improve system stability.
Continue reading Nextcloud Migration and Database Performance: Solving Deadlocks with PostgreSQLNextcloud Performance Tuning: PHP, Redis, and Database Optimization
Just a quick guide on how I install Nextcloud. This covers Nextcloud 25.0.1 with PHP 8.1 on Debian Bullseye, optimized with Redis, APCu, and MariaDB.
Continue reading Nextcloud Performance Tuning: PHP, Redis, and Database Optimization