How to increase the security of Systemd services

How to increase the security of systemd services

Nowadays all major Linux distributions adopted Systemd as their init system/service manager. Creating a systemd service is just a matter of writing a “.service” unit in the appropriate directory, and manage it using the systemctl utility. When starting a service, or launching a process in general, we want to make sure it runs with the lowest possible set of privileges it needs to accomplish the task. Systemd provides a series of options we can be use to fine-tune the behavior of a service, granting or denying privileges in a granular way, and ensuring a certain level of isolation from the rest of the system.

Read more

How to self host an Ntfy server on Linux

How to install and self host an Ntfy server on Linux

Ntfy is a free and open source notification service written in Go which lets us easily send and receive push notifications on smartphones or desktop computers via simple POST or PUT requests. The basic online service is publicly available free of charge and, on Linux, it is also possible to self-host an Ntfy instance.

Read more

How to bind an ssh public key to a specific command

How to bind an SSH public key to a specific command

In the client-server architecture used by the SSH protocol, a client can authenticate by providing a tunneled clear text password or by using a public/private key pair: this is called public key authentication. A user who logs in via a public key on a remote machine has complete access to the command line; in certain situations, however, it may be useful to associate a public key to a single specific command, for security reasons.

Read more


How to define a custom Firewalld zone

Firewalld is the default high-level firewall manager on the Red Hat family of distributions. One of its peculiarities is that it defines a series of so called firewall zones: each zone can be considered like a different level of trust and can be configured to allow traffic through a specific set of ports. While Firewalld comes with some predefined zones which can be easily examined and modified, sometimes we may want to create our custom zones from scratch.

Read more