Nowadays all major Linux distributions adopted Systemd as their init system/service manager. Creating a systemd service is just a matter of writing a “.service” unit in the appropriate directory, and manage it using the systemctl utility. When starting a service, or launching a process in general, we want to make sure it runs with the lowest possible set of privileges it needs to accomplish the task. Systemd provides a series of options we can be use to fine-tune the behavior of a service, granting or denying privileges in a granular way, and ensuring a certain level of isolation from the rest of the system.
service
How to install and configure Fail2ban on Linux
Fail2ban is a free and open source software we can use to mitigate brute force and DoS/DDoS attacks: it scans log files for multiple failed authentication attempts and bans related IP addresses by creating ad-hoc firewall rules.
How to install and self host an Ntfy server on Linux
Ntfy is a free and open source notification service written in Go which lets us easily send and receive push notifications on smartphones or desktop computers via simple POST or PUT requests. The basic online service is publicly available free of charge and, on Linux, it is also possible to self-host an Ntfy instance.
How to bind an SSH public key to a specific command
In the client-server architecture used by the SSH protocol, a client can authenticate by providing a tunneled clear text password or by using a public/private key pair: this is called public key authentication. A user who logs in via a public key on a remote machine has complete access to the command line; in certain situations, however, it may be useful to associate a public key to a single specific command, for security reasons.
How to define a custom Firewalld zone
Firewalld is the default high-level firewall manager on the Red Hat family of distributions. One of its peculiarities is that it defines a series of so called firewall zones: each zone can be considered like a different level of trust and can be configured to allow traffic through a specific set of ports. While Firewalld comes with some predefined zones which can be easily examined and modified, sometimes we may want to create our custom zones from scratch.