Suricata Alert Analysis: Tuning Rules and Promoting Detection to Prevention

This is a follow-up to my last post in which I set up Suricata as an IPS. This article demonstrates how to effectively work with the Suricata engine—specifically, how I analyze its log output, silence unnecessary alerts, and promote specific detection rules to prevention rules.

Continue reading Suricata Alert Analysis: Tuning Rules and Promoting Detection to Prevention

Suricata IPS: Building a Transparent Network Defense Layer with AF-Packet Bridging

Suricata functions as a powerful engine for Network Intrusion Detection and Prevention (IDS/IPS). This guide demonstrates how to set up Suricata as a transparent Intrusion Prevention System (IPS) within a KVM environment by replacing the kernel bridge with the high-performance AF-Packet mechanism.

Continue reading Suricata IPS: Building a Transparent Network Defense Layer with AF-Packet Bridging

Automated Defense: Building a Central Log Hub for Fail2ban and External Firewall Integration

A very light-weight and efficient approach for consolidating logs centrally is by using rsyslog. My virtual machines all use rsyslog to forward their logs to a dedicated internal virtual machine, which acts as the central log hub. A fail2ban instance on this hub checks all incoming logs and sends a block command to an external firewall—a process helpful for automated security.

Continue reading Automated Defense: Building a Central Log Hub for Fail2ban and External Firewall Integration

ZFS Data Migration: Encrypting Existing Volumes with zfs send and zfs recv

Encrypting previously unencrypted data, such as a legacy ZFS pool, requires a reliable migration strategy. The most robust way to achieve this is by using the powerful ZFS data stream mechanism: zfs send and zfs recv.

The core procedure is simple: create a snapshot, transfer this snapshot, and receive it at a new, encrypted destination.

Continue reading ZFS Data Migration: Encrypting Existing Volumes with zfs send and zfs recv

ZFS Encryption: Mitigating Physical Attacks with Remote Key Management

This article documents the design and implementation of an external key management solution for ZFS encryption. This approach utilizes a custom PHP service to serve encryption keys on demand, specifically designed to mitigate physical and system-level compromises where local keys would fail. This deep dive explores the security architecture, the self-written PHP proof-of-concept (PoC), and the critical security caveats of building a custom Key Management System (KMS).

Continue reading ZFS Encryption: Mitigating Physical Attacks with Remote Key Management

Distributed MinIO on AWS Lightsail: Multi-Node Setup

MinIO is a high-performance, S3-compatible object storage solution. This article provides a blueprint for deploying a distributed MinIO stack using Amazon Lightsail, covering the critical steps for multi-node setup, networking, and Systemd.

Continue reading Distributed MinIO on AWS Lightsail: Multi-Node Setup

Nextcloud Client on Chromebook (ARM/aarch64): Solving Two-Way Sync

Short explanation on how to get the Nextcloud Linux desktop client working reliably on a Chromebook. This solution is necessary because the official Android desktop client does not offer true two-way synchronization, which is a critical feature for managing files across systems.

Continue reading Nextcloud Client on Chromebook (ARM/aarch64): Solving Two-Way Sync

Nextcloud and MinIO Integration: Why Direct S3 Fails and the Filesystem Abstraction Workaround

MinIO is a fantastic Object Storage solution, and I intended to use my distributed MinIO system as the primary external storage for Nextcloud. This distributed setup, which uses Sidekick as a load balancer for seamless node access, proved functional but revealed a critical stability flaw, particularly with mobile uploads.

Continue reading Nextcloud and MinIO Integration: Why Direct S3 Fails and the Filesystem Abstraction Workaround

Nextcloud Migration and Database Performance: Solving Deadlocks with PostgreSQL

Getting the famous “1213 Deadlock found when trying to get lock; try restarting transaction” error in Nextcloud can be frustrating. This issue affected many users and was discussed in bug reports like this: Nextcloud Deadlock Issue
. The community frequently recommends switching the backend database to PostgreSQL. While I was initially skeptical, the migration proved to be the definitive solution for this recurring issue in my setup.

This guide outlines the streamlined procedure for migrating Nextcloud from MariaDB/MySQL to PostgreSQL. The process is uncomplicated and can drastically improve system stability.

Continue reading Nextcloud Migration and Database Performance: Solving Deadlocks with PostgreSQL