Security
Security does not begin only once something has already gone wrong. Many important decisions are made much earlier: during setup, in user permissions, services, updates, network exposure and the question of what should be reachable at all.
This page is therefore less about buzzwords and more about a practical, grounded approach to attack surface, logging, hardening and operational reality.
Security as part of operations
Security is not an extra layer added afterwards. It is part of operation: configuration, updates, permissions, logs and the way a system is actually used.
Reducing attack surface
A great deal of security comes not from exotic measures but from reduction: only necessary services, clear network boundaries, sensible permissions and as little unnecessary complexity as possible.
Logging, monitoring & visibility
What cannot be seen is difficult to assess. Logs, monitoring and audit information help make unusual behaviour visible before it becomes harder to reconstruct.
Tools such as auditd, Lynis or Wazuh are not magic answers. They become useful when their output is understood and interpreted properly.
Hardening & pragmatism
Hardening does not mean making a system unusable. It means taking known weaknesses seriously, improving defaults and aligning configuration with the actual purpose of the system.
Notes & entry points
- Leave only necessary services exposed
- Assign permissions deliberately
- Read logs rather than only collecting them