Set Up Wazuh SIEM on Linux for Security Monitoring
Wazuh isn't just a SIEM; it's a distributed security analytics platform that can tell you why an alert happened, not just that it happened.
CDK Articles
100 articles
Implement Zero Trust Architecture on Linux Infrastructure
A Zero Trust Architecture fundamentally assumes that no user or device, inside or outside the network, can be trusted by default.
Defense in Depth for Linux Infrastructure: A Layered Approach
Defense in Depth for Linux Infrastructure: A Layered Approach The most surprising thing about "defense in depth" is that it's not about adding more secu.
Encrypt Linux Disks with LUKS Full-Disk Encryption
LUKS Linux Unified Key Setup is the standard for full-disk encryption on Linux, and it's surprisingly straightforward to set up.
Harden Docker Container Security: Capabilities, Namespaces, Seccomp
Harden Docker Container Security: Capabilities, Namespaces, Seccomp — practical guide covering cdk setup, configuration, and troubleshooting with real-w...
Secure Environment Variables on Linux: Avoid Secret Leaks
Environment variables on Linux are surprisingly insecure by default, often leaking sensitive information like API keys and passwords to unauthorized pro.
Configure Fail2Ban on Linux to Block Brute-Force Attacks
Fail2Ban doesn't actually block brute-force attacks; it scans log files for patterns indicating brute-force attempts and then uses the system's firewall.
Monitor File Integrity on Linux with AIDE and Tripwire
AIDE and Tripwire are both excellent tools for monitoring file integrity on Linux systems, but they approach the problem from slightly different angles,.
Encrypt and Sign Files on Linux with GPG
GPG is not just for sending encrypted emails; it's a powerful tool for verifying the integrity and authenticity of any file on your Linux system.
Set Up Snort IDS on Linux for Network Intrusion Detection
Snort is a free and open-source network intrusion detection system NIDS that monitors network traffic for malicious activity and protocol anomalies.
Harden Kubernetes Security: RBAC, PSP, and Network Policies
Kubernetes RBAC, PSP, and Network Policies aren't just security features; they're fundamental to shaping the trust and communication model within your c.
Configure auditd to Audit System Calls on Linux
Auditd doesn't just log what happened, it logs how it happened at the deepest system level. Let's say you want to know every time a user on your system .
Harden Linux Binaries with PIE, RELRO, and Stack Canaries
Harden Linux Binaries with PIE, RELRO, and Stack Canaries — practical guide covering cdk setup, configuration, and troubleshooting with real-world examp...
Drop Linux Capabilities to Minimize Container Privilege
Linux Capabilities are the most surprising way to manage container privilege, not by removing root, but by surgically removing specific root powers.
Build a Layered Firewall Defense on Linux
Linux firewalls aren't just about blocking ports; they're about building a multi-layered defense that inspects traffic at various levels.
Harden the Linux Kernel with sysctl Parameters
Linux kernel hardening is less about adding new security features and more about tuning existing ones to reduce the attack surface and mitigate common e.
Prevent Privilege Escalation Attacks on Linux Systems
Privilege escalation on Linux is less about a single vulnerability and more about exploiting a series of small oversights to gain root access.
Meet PCI-DSS and HIPAA Compliance on Linux Servers
PCI-DSS and HIPAA compliance on Linux servers isn't about adding security; it's about proving you already have it, in a way that makes sense to auditors.
Linux Server Security Best Practices: Hardening Checklist
Linux server security is less about a static checklist and more about a dynamic, ongoing process of understanding your attack surface and systematically.
Manage Linux User Accounts Securely: Groups, sudoers, and PAM
Linux user management is surprisingly fragile, and the biggest misconception is that useradd and passwd are all you need for secure access.
Set Up ClamAV to Scan for Malware on Linux
ClamAV, a surprisingly effective malware scanner, is often dismissed as too slow for modern Linux systems, but its real power lies in its deep integrati.
Enable ASLR and DEP on Linux to Prevent Memory Exploits
ASLR and DEP aren't just security features; they're fundamental shifts in how programs interact with memory, making the very act of predictable memory a.
Segment Linux Networks with VLANs for Security Isolation
VLANs don't actually isolate traffic at the hardware level; they're a Layer 2 trick that switches interpret to group traffic, but packets still flow ove.
Install and Configure OSSEC HIDS on Linux
OSSEC HIDS doesn't just detect intrusions; it actively rewrites your system's history to make them invisible to attackers.
Enforce Password Policies on Linux with PAM
The most surprising thing about enforcing password policies on Linux is that the system designed to handle it, PAM, is intentionally designed to be flex.
Detect and Prevent Port Scanning on Linux Servers
Port scanning is your server's unsolicited admirer, trying to find open doors to sneak through. Here’s how a port scan actually looks in practice, if yo.
Detect and Remove Rootkits from Linux Systems
Rootkits can be incredibly stealthy, but their presence often leaves subtle traces in how the operating system manages processes and files.
Set Up seccomp Filters to Restrict Linux Container Syscalls
Seccomp filters are a surprisingly effective way to lock down Linux containers, but they don't actually prevent your container from trying to execute di.
Enable and Verify Secure Boot on Linux
Secure Boot on Linux is often misunderstood as a simple on/off switch, but its true power lies in its ability to cryptographically verify the integrity .
Audit a Linux Server Security Posture Step by Step
Audit a Linux Server Security Posture Step by Step — practical guide covering cdk setup, configuration, and troubleshooting with real-world examples.
Apply the CIS Benchmark Baseline to Harden Linux Servers
Applying CIS Benchmarks to harden Linux servers isn't just about ticking boxes; it's about proactively defending against the most common and impactful a.
Linux Server Security Hardening Checklist for Production
Linux Server Security Hardening Checklist for Production — practical guide covering cdk setup, configuration, and troubleshooting with real-world examples.
Linux Security Incident Response Playbook
This playbook is for responding to security incidents on Linux systems, covering common attack vectors and remediation steps.
Set Up Security Logging and Monitoring on Linux
Linux systems can be surprisingly chatty about security events, but you have to know how to listen. Let's see what a Linux system is actually doing when.
Use Linux Namespaces to Isolate Container Security Boundaries
Linux namespaces are the fundamental building blocks that give containers their perceived isolation. Let's see them in action with a quick example
Deploy Security Onion for Network Security Monitoring
Deploy Security Onion for Network Security Monitoring — practical guide covering cdk setup, configuration, and troubleshooting with real-world examples.
Build a Security Patching Strategy for Linux Systems
The most surprising truth about Linux security patching is that it’s less about the patches themselves and more about when and how you apply them to mai.
Scan Linux Security Compliance with OpenSCAP
OpenSCAP is a powerful tool for checking Linux systems against security compliance standards, but its output can feel like a black box if you don't know.
Set Up SELinux and Write Custom Policies on Linux
SELinux doesn't just label files; it orchestrates a complex dance of permissions that can, and often does, prevent even root from doing what you think i.
Harden SSH on Linux Servers: Keys, Configs, and Fail2Ban
Harden SSH on Linux Servers: Keys, Configs, and Fail2Ban — SSH is surprisingly fragile for how much we rely on it. Let's get your SSH server locked down...
Configure sudo Securely: Least Privilege and Audit Logging
Configure sudo Securely: Least Privilege and Audit Logging — practical guide covering cdk setup, configuration, and troubleshooting with real-world exam...
Secure the Linux Package Supply Chain: Signing and Verification
Secure the Linux Package Supply Chain: Signing and Verification — practical guide covering cdk setup, configuration, and troubleshooting with real-world...
Threat Model Your Linux Infrastructure to Find Attack Vectors
Linux infrastructure is a surprisingly flexible attack surface, often because we assume security is a solved problem once the OS is installed.
Set Up Two-Factor Authentication for SSH on Linux
SSH can be secured with two-factor authentication, but it's not just about adding a second code; it's about layering cryptographic trust on top of somet.
Set umask and File Permissions to Lock Down Linux Security
When you create a new file or directory on a Linux system, it comes with default permissions that might be too permissive for a secure environment.
Manage Vulnerabilities in Linux Systems from Detection to Patch
Manage Vulnerabilities in Linux Systems from Detection to Patch — practical guide covering cdk setup, configuration, and troubleshooting with real-world...
Implement Rollback Strategies for Safe CDK Deployments
CDK deployments are atomic by default, meaning they either succeed entirely or fail entirely, leaving your infrastructure in its previous state.
Safely Destroy a CDK Stack and All Its Resources
You can't just delete a CDK stack and expect all its resources to vanish cleanly. The CDK deployment process creates a CloudFormation stack, and CloudFo.
Preview Infrastructure Changes with cdk diff Before Deploying
cdk diff is the closest thing you'll get to a "dry run" for your AWS CDK deployments, but its real power lies in showing you exactly what AWS CloudForma.
Build and Push Docker Images as CDK Assets
Build and Push Docker Images as CDK Assets — practical guide covering cdk setup, configuration, and troubleshooting with real-world examples.
Deploy EKS Clusters with CDK Blueprints
CDK Blueprints let you define your EKS cluster infrastructure as code, but they’re not just glorified CloudFormation templates; they’re opinionated, reu.
Manage Environment-Specific Config in CDK Without Hardcoding
CDK applications often end up with environment-specific configurations like database credentials or API endpoints sprinkled throughout the code, making .
Override CloudFormation Properties in CDK with Escape Hatches
CDK's "escape hatches" let you directly manipulate the CloudFormation resources it generates, but they're a powerful tool that can easily break your inf.
Get Started with AWS CDK: First Stack in 10 Minutes
The AWS Cloud Development Kit CDK lets you define your cloud infrastructure using familiar programming languages, but its real magic is in how it synthe.
Deploy CDK Stacks Automatically with GitHub Actions
Deploy CDK Stacks Automatically with GitHub Actions — practical guide covering cdk setup, configuration, and troubleshooting with real-world examples.
Get Started with AWS CDK in Go
AWS CDK in Go is a way to define your cloud infrastructure using familiar Go code, which then synthesizes into AWS CloudFormation templates.
Enforce Least Privilege IAM in CDK with cdk-nag
cdk-nag is a CDK construct that helps enforce least privilege IAM policies by auditing your CDK CloudFormation templates for common security misconfigur.
Integration Test CDK Stacks with integ-tests-alpha
The integ-tests-alpha module is designed to simplify the process of writing integration tests for AWS CDK applications, particularly for testing the dep.
Get Started with AWS CDK in Java
The most surprising thing about AWS CDK is that it's not actually about writing AWS infrastructure code; it's about writing applications that generate A.
Bundle Node.js Lambda Functions in CDK with esbuild
Bundle Node.js Lambda Functions in CDK with esbuild — esbuild, when bundling Node.js Lambda functions in AWS CDK, can sometimes lead to surprisingly large.
Bundle Python Lambda Functions in CDK with Docker
CDK can bundle Python Lambda functions using Docker, but it often feels like magic because the underlying mechanism isn't immediately obvious.
Migrate Existing CloudFormation Templates to CDK
CDK is a framework for defining cloud infrastructure in familiar programming languages, and it doesn't actually "migrate" CloudFormation templates; it l.
Add Automatic Monitoring to CDK Stacks with cdk-watchful
cdk-watchful turns your CDK deployment into a self-reporting system, alerting you when things go sideways after the deploy.
Enforce Security Best Practices in CDK with cdk-nag
cdk-nag acts as a security linter for your AWS CDK applications, catching common misconfigurations before they hit production.
Build a Full CI/CD Pipeline for CDK with CDK Pipelines
CDK Pipelines can build a fully functional CI/CD pipeline for your AWS CDK applications, but its internal workings are often misunderstood, leading to u.
Scaffold and Manage CDK Projects with Projen
Projen is a project management tool that generates and manages your project configuration files, offering a programmatic way to handle infrastructure as.
AWS CDK Python Best Practices for Production Stacks
AWS CDK Python Best Practices for Production Stacks The most surprising thing about AWS CDK for production is that the "best practices" often involve le.
Snapshot Test CDK Stacks to Catch Unintended Infrastructure Changes
Snapshot testing your CDK stacks is the most effective way to catch unintended infrastructure changes before they hit production.
CDK Stack vs Nested Stack: When Nesting Helps and When It Hurts
Nesting stacks in AWS CDK isn't just about code organization; it fundamentally changes how CloudFormation resources are deployed and updated, often in w.
Inspect the CloudFormation Template Generated by cdk synth
The cdk synth command doesn't just show you the CloudFormation template; it's the final, crucial step where your CDK code is translated into the declara.
Tag Every CDK Resource Automatically with Aspects
CDK Aspects are a powerful mechanism to inject common logic across your entire CDK stack, and a common use case is automatically tagging resources for c.
Understand CDK Tokens and Lazy Values to Avoid Resolve Errors
Understand CDK Tokens and Lazy Values to Avoid Resolve Errors — practical guide covering cdk setup, configuration, and troubleshooting with real-world e...
Run Code After Deployment with CDK Triggers
Run Code After Deployment with CDK Triggers — practical guide covering cdk setup, configuration, and troubleshooting with real-world examples.
AWS CDK TypeScript Best Practices for Production
AWS CDK in TypeScript is a powerful tool for defining your cloud infrastructure as code, but deploying it to production requires more than just writing .
Build Production-Ready VPCs with CDK VPC Construct Patterns
The most surprising thing about building VPCs with CDK is that you're not actually building VPCs directly; you're orchestrating infrastructure code that.
CDK vs CloudFormation: When to Use Each
CDK and CloudFormation are both ways to define your infrastructure as code, but they operate at vastly different levels of abstraction.
CDK vs SAM: Choose the Right IaC Tool for Serverless
CDK and SAM are both powerful Infrastructure as Code IaC tools for serverless development, but they approach the problem from fundamentally different an.
CDK vs Terraform: Infrastructure as Code Compared
CDK and Terraform, both powerful infrastructure-as-code IaC tools, are often compared, but the most surprising truth is that they aren't direct competit.
Wait for Resource Readiness After CDK Deploy
The most surprising thing about waiting for resources to be ready after a CDK deploy is that the CDK itself often doesn't know they're ready, even when .
Set Up a chroot Jail to Isolate Linux Processes
A chroot jail is less about security and more about a specific kind of filesystem isolation that simplifies dependency management for applications.
Secure Cron Jobs on Linux: Permissions and Least Privilege
Cron jobs, those trusty schedulers on Linux, can become security holes faster than you can say sudo. The real risk isn't just that a script runs at a ce.
Compare CVE Scanning Tools for Linux in 2024
The most surprising true thing about CVE scanning tools for Linux in 2024 is that the "best" tool often depends more on your existing infrastructure and.
Set Up AppArmor Profiles to Confine Linux Application Behavior
AppArmor profiles are surprisingly not about preventing privilege escalation, but about enforcing least privilege for already running processes.
Deploy CDK Apps Across Environments with Stages
CDK Stages are the closest thing AWS CloudFormation has to a built-in, first-class primitive for managing application deployments across multiple enviro.
Apply Security and Compliance Rules with CDK Aspects
CDK Aspects let you enforce security and compliance guardrails across your entire AWS CDK application without modifying individual constructs.
Unit Test CDK Infrastructure with the Assertions Library
The CDK Assertions library lets you test your CloudFormation templates generated by AWS CDK code before deploying them to AWS, catching errors early and.
Bundle Lambda Assets in CDK with Docker and Custom Commands
CDK's bundling option can feel like a black box, but it's essentially a way to run arbitrary Docker commands to prepare your Lambda assets.
Bootstrap CDK Environments Before Your First Deploy
Bootstraping your CDK environment is the foundational step before you can deploy any infrastructure. Imagine you've written your first CDK app, you're r.
Configure CDK Apps with cdk.json Context and Feature Flags
Configure CDK Apps with cdk.json Context and Feature Flags — The cdk.json file is more than just a configuration dump; it's the primary mechanism for in...
Pass CloudFormation Parameters to CDK Stacks at Deploy Time
You can pass CloudFormation parameters to CDK stacks at deploy time, but the way you're likely thinking about it is wrong.
Build a Self-Mutating CDK Pipeline with CodePipeline
This is how you make your AWS CDK pipeline build and deploy itself, and it's way more powerful than just updating your app.
Publish a CDK Construct Library to npm
Publishing a CDK construct library to npm is surprisingly straightforward once you understand how the AWS CDK packaging system uses standard Node.
Share CDK Constructs on Constructs Hub with Projen
Projen is a project management tool that lets you manage your CDK project's configuration as code. This means you can version control, test, and reuse y.
CDK Construct Levels: L1 vs L2 vs L3 Explained
CDK constructs aren't just abstractions; they're a tiered system of control, with L3 constructs often acting as opinionated, pre-configured solutions th.
Use CDK Context Values for Environment-Specific Config
CDK context values are not just for parameterizing deployments; they are the primary mechanism for structuring your multi-environment CDK application.
Set Up CDK Custom Resources with the CR Framework
The most surprising thing about CDK custom resources is that they don't actually run code within your CloudFormation stack.
Deploy CDK Stacks to Multiple AWS Accounts
CDK Stacks to Multiple AWS Accounts Deploying a single CDK application to multiple AWS accounts isn't just about repeating cdk deploy; it's about master.
Deploy CDK Stacks Across AWS Regions
Deploy CDK Stacks Across AWS Regions — practical guide covering cdk setup, configuration, and troubleshooting with real-world examples.
Get Started with AWS CDK in C#
AWS CDK in C# is a powerful way to define your cloud infrastructure as code, but it doesn't directly compile to CloudFormation.
Build Custom Resource Providers in CDK for Missing CloudFormation
CDK lets you define infrastructure as code, but sometimes CloudFormation doesn't support the exact AWS resource you need, or it doesn't support the spec.