Security — Docs

Setting Up ModSecurity WAF with Nginx
A comprehensive guide to modsecurity covering installation, configuration, and optimization for Linux VPS environments. 8 views
Configuring Automatic Security Updates on Ubuntu
Learn how to set up and configure unattended-upgrades on your VPS with step-by-step instructions, including security and best practices for production environments. 9 views
Rootkit Detection with rkhunter and chkrootkit
Learn how to set up and configure rkhunter on your VPS with step-by-step instructions, including chkrootkit and best practices for production environments. 8 views
Implementing Fail2Ban Advanced Jail Configuration
Step-by-step tutorial for fail2ban on Ubuntu/Debian servers, with practical code examples and troubleshooting tips. 8 views
Hardening SSH Beyond the Basics
Most guides stop at "disable password auth." Here's what comes next. 544 views
Setting Up CrowdSec Community IPS
Everything you need to know about crowdsec for your VPS, from initial setup to production-ready configuration with ips. 7 views
Implementing Certificate Pinning for Web Services
Guide to implementing certificate pinning for web services using Nginx, including best practices and backup key strategies. 8 views
Implementing CSP Headers for Web Security
A comprehensive guide to csp covering installation, configuration, and optimization for Linux VPS environments. 8 views
How to Set Up a PKI (Public Key Infrastructure) on Linux
Set up a private PKI on Linux to issue and manage internal TLS certificates, including root and intermediate CAs, server certificates, and certificate revocation. 175 views
How to Use Trivy to Scan Container Images for Vulnerabilities
Use Trivy to scan Docker container images, filesystems, and code repositories for vulnerabilities, misconfigurations, and secrets with CI/CD integration examples. 216 views
How to Set Up Automated Compliance Scanning with InSpec
Automate compliance scanning with Chef InSpec to verify CIS benchmarks, custom security controls, and infrastructure configurations with human-readable test code. 163 views
Understanding OAuth2 and OpenID Connect for Self-Hosted Apps
Understand OAuth2 and OpenID Connect protocols for implementing secure authentication in self-hosted applications, with guidance on Keycloak, Authentik, and security best practices. 251 views
How to Configure Linux Audit Framework (auditd) Rules
Configure the Linux Audit Framework (auditd) with essential rules for monitoring file changes, authentication events, privilege escalation, and system calls for compliance and forensics. 216 views
Understanding and Mitigating Spectre and Meltdown on VPS
Understand Spectre and Meltdown CPU vulnerabilities, check your VPS mitigation status, and learn why keeping your kernel updated is the most important defense. 183 views
How to Set Up TOTP Two-Factor Auth for Web Applications
Implement TOTP two-factor authentication in your web applications with PHP and Node.js examples, including QR code generation, verification, recovery codes, and security best practices. 251 views
How to Use GPG for File Encryption and Signing
Learn how to use GPG for file encryption, digital signatures, and encrypted backups, including key generation, management, and practical automation scripts. 207 views
How to Secure Your Server Against Cryptojacking
Detect, prevent, and remove cryptojacking malware from your server with CPU monitoring, process analysis, firewall rules, and incident response procedures. 182 views
How to Implement Rate Limiting at the OS Level with iptables
Implement OS-level rate limiting with iptables and hashlimit to protect against brute-force attacks, SYN floods, and connection abuse with minimal performance overhead. 275 views
How to Implement Content Security Policy (CSP) Headers in Depth
A deep dive into Content Security Policy headers for preventing XSS and code injection, with directive reference, common patterns, and testing strategies. 307 views
How to Audit SSH Access Logs for Suspicious Activity
Learn how to audit SSH access logs for brute-force attacks, unauthorized access, and suspicious patterns, with automated monitoring scripts and fail2ban configuration. 330 views
How to Secure Redis, MongoDB, and Elasticsearch from Unauthorized Access
Secure Redis, MongoDB, and Elasticsearch against unauthorized access with proper binding, authentication, TLS encryption, and firewall rules. 277 views
How to Set Up Mutual TLS (mTLS) Between Services
Learn how to set up mutual TLS (mTLS) for service-to-service authentication, including CA creation, certificate generation, Nginx configuration, and certificate rotation. 195 views
How to Respond to a Server Compromise: Incident Response Playbook
A step-by-step incident response playbook for handling a server compromise, covering detection, containment, evidence collection, eradication, and post-incident review. 364 views
How to Configure TLS 1.3 Only on Your Web Server
Configure your web server for TLS 1.3 only to get the strongest encryption and fastest handshakes, with Nginx and Apache examples and compatibility guidance. 288 views
How to Perform a Penetration Test on Your Own Server
A practical guide to penetration testing your own server, covering legal requirements, reconnaissance, vulnerability scanning, manual testing, and remediation workflows. 206 views
How to Set Up Certificate Pinning for HTTPS
Learn modern certificate pinning alternatives including Certificate Transparency, CAA DNS records, and application-level pinning to protect against fraudulent certificates. 175 views
Understanding and Preventing Server-Side Request Forgery (SSRF)
Understand Server-Side Request Forgery (SSRF) attacks and learn prevention strategies including input validation, IP blocking, proxy routing, and WAF configuration. 252 views
How to Set Up a SIEM System
Set up a Security Information and Event Management system using open-source tools like Grafana Loki or Wazuh to collect, correlate, and analyze security events across your infrastructure. 195 views
How to Secure GRUB Bootloader with a Password
Protect your GRUB bootloader with a password to prevent unauthorized boot modifications, single-user mode access, and kernel parameter tampering. 140 views
How to Implement Mandatory Access Control with SELinux
Learn how to implement mandatory access control with SELinux to confine services, prevent lateral movement, and add defense-in-depth security to your server. 250 views
How to Use CIS Benchmarks to Harden Ubuntu
Follow CIS Benchmarks to systematically harden your Ubuntu server with automated auditing via Lynis, covering filesystem, network, logging, and authentication security. 294 views
How to Set Up Centralized Authentication with LDAP
Set up centralized authentication with OpenLDAP for multi-server environments, including user management, client configuration, TLS security, and FreeIPA as a modern alternative. 162 views
How to Encrypt Data at Rest with dm-crypt
Learn how to encrypt data at rest using dm-crypt and LUKS on Linux, including partition encryption, key management, auto-mounting, and performance considerations. 213 views
How to Set Up HIDS with Wazuh on Your VPS
A comprehensive guide to setting up Wazuh HIDS on your VPS for intrusion detection, file integrity monitoring, log analysis, and automated threat response. 253 views
How to Implement Network Segmentation on a Single Server
Learn how to implement network segmentation on a single VPS using iptables, Docker networks, systemd restrictions, and service binding to limit the blast radius of security breaches. 308 views
How to Configure Automatic Vulnerability Scanning with OpenVAS
Set up automated vulnerability scanning with OpenVAS/Greenbone to identify security issues, with a lightweight Lynis alternative for smaller servers. 213 views
How to Set Up a Honeypot to Detect Intrusions
Deploy a honeypot on your VPS using Cowrie, Artillery, or Dionaea to detect intrusion attempts, capture attack data, and receive early warning alerts. 187 views
Understanding CVE Databases and Patch Management
Understand CVE databases, CVSS severity scoring, and how to implement automated patch management to stay protected against known vulnerabilities. 272 views
Hardening SSH: Disabling Root and Password Auth
A comprehensive guide to ssh covering installation, configuration, and optimization for Linux VPS environments. 7 views
Security Scanning with Lynis on Linux
A comprehensive guide to lynis covering installation, configuration, and optimization for Linux VPS environments. 6 views
How to Set Up WireGuard VPN on Your Breeze
How to Set Up WireGuard VPN on Your Breeze WireGuard is a modern, high-performance VPN protocol that offers simplicity, speed, and strong cryptography. Runni... 31 views
How to Configure SELinux on AlmaLinux
How to Configure SELinux on AlmaLinux Security-Enhanced Linux (SELinux) is a mandatory access control system built into the Linux kernel. On AlmaLinux-based ... 26 views
How to Set Up OSSEC Intrusion Detection System
How to Set Up OSSEC Intrusion Detection System OSSEC is an open-source host-based intrusion detection system (HIDS) that performs log analysis, integrity che... 29 views
How to Implement Zero Trust Networking on Your Server
How to Implement Zero Trust Networking on Your Server Zero Trust Networking is a security model built on the principle of "never trust, always verify." Inste... 29 views
How to Scan for Rootkits with rkhunter and chkrootkit
How to Scan for Rootkits with rkhunter and chkrootkit Rootkits are stealthy malware that hide deep within the operating system to maintain persistent unautho... 27 views
How to Set Up OpenVPN Access Server
How to Set Up OpenVPN Access Server OpenVPN Access Server is a full-featured SSL VPN solution that provides secure remote access to your Breeze instance and ... 27 views
How to Configure AppArmor on Ubuntu
How to Configure AppArmor on Ubuntu AppArmor is a mandatory access control framework for Linux that restricts programs to a limited set of resources. On Ubun... 29 views
How to Harden SSH with Certificate-Based Authentication
How to Harden SSH with Certificate-Based Authentication SSH certificate-based authentication is a more scalable and secure alternative to traditional public ... 26 views
How to Set Up Suricata Network Intrusion Detection
How to Set Up Suricata Network Intrusion Detection Suricata is a high-performance network intrusion detection and prevention system (IDS/IPS) capable of real... 24 views
How to Implement IP Geoblocking on Your Server
How to Implement IP Geoblocking on Your Server IP geoblocking restricts access to your Breeze instance based on the geographic origin of incoming connections... 25 views
How to Audit System Security with Lynis
How to Audit System Security with Lynis Lynis is an open-source security auditing tool that performs an extensive scan of your Linux system, checking for sec... 27 views
How to Encrypt Disk Partitions with LUKS
How to Encrypt Disk Partitions with LUKS Linux Unified Key Setup (LUKS) is the standard for disk encryption on Linux. Encrypting partitions on your Breeze in... 26 views
How to Set Up a SOCKS5 Proxy with SSH Tunneling
How to Set Up a SOCKS5 Proxy with SSH Tunneling A SOCKS5 proxy over SSH creates an encrypted tunnel between your local machine and your Breeze instance, rout... 28 views
How to Configure Content Security Policy Headers
How to Configure Content Security Policy Headers Content Security Policy (CSP) is a security header that helps prevent cross-site scripting (XSS), clickjacki... 27 views
GDPR Compliance Considerations for VPS Hosting
GDPR Compliance Considerations for VPS Hosting If your Breeze hosts data from EU residents, you must comply with the General Data Protection Regulation (GDPR... 32 views
How to Perform a Basic Security Audit on Your Server
How to Perform a Basic Security Audit on Your Server Regular security audits help identify vulnerabilities before attackers exploit them. Run these checks on... 27 views
How to Set Up OSSEC Host-Based Intrusion Detection
How to Set Up OSSEC Host-Based Intrusion Detection OSSEC is a powerful open-source host-based intrusion detection system (HIDS) that monitors file integrity,... 25 views
How to Configure HSTS and Security Headers for Nginx
How to Configure HSTS and Security Headers for Nginx HTTP security headers protect your Breeze-hosted applications from common attacks like clickjacking, XSS... 27 views
How to Create an Incident Response Plan for Server Breaches
How to Create an Incident Response Plan for Server Breaches Having a documented incident response plan ensures you react quickly and methodically when your B... 25 views
How to Set Up Suricata IDS on Linux
How to Set Up Suricata IDS on Linux Suricata is a high-performance intrusion detection and prevention system (IDS/IPS) that monitors network traffic for mali... 23 views
How to Set Up ModSecurity with Apache
How to Set Up ModSecurity with Apache ModSecurity is an open-source web application firewall (WAF) module for Apache that protects your Breeze from SQL injec... 27 views
How to Implement Zero Trust Networking on a VPS
How to Implement Zero Trust Networking on a VPS Zero Trust assumes no user or device is inherently trusted, even inside your network. This guide covers key p... 26 views
How to Harden Nginx Against Common Attacks
How to Harden Nginx Against Common Attacks Securing Nginx on your Breeze prevents common web attacks such as clickjacking, XSS, and information disclosure. H... 24 views
Web Application Firewall Best Practices for VPS
Web Application Firewall Best Practices for VPS A web application firewall (WAF) inspects HTTP traffic and blocks malicious requests before they reach your a... 24 views
How to Set Up WireGuard for Site-to-Site VPN
How to Set Up WireGuard for Site-to-Site VPN WireGuard provides a lightweight, high-performance VPN tunnel between two Breeze instances or between a Breeze a... 24 views
How to Set Up Vault for Secrets Management
How to Set Up Vault for Secrets Management Vault provides centralized secrets management, allowing your Breeze applications to securely access API keys, data... 22 views
How to Set Up Wazuh Security Platform
How to Set Up Wazuh Security Platform Wazuh is an open-source security platform providing threat detection, integrity monitoring, and compliance reporting fo... 26 views
Setting Up Wireguard with 2FA Authentication
Everything you need to know about wireguard for your VPS, from initial setup to production-ready configuration with 2fa. 8 views
Implementing Zero Trust Network Access
A comprehensive guide to zero-trust covering installation, configuration, and optimization for Linux VPS environments. 8 views
File Integrity Monitoring with AIDE 101 views
Understanding and Preventing DDoS Attacks 195 views
How to Audit and Remove Unnecessary Services 199 views
Setting Up Two-Factor Authentication for SSH 170 views
Linux Security Audit Checklist for VPS Servers 42 views
How to Set Up Let's Encrypt SSL Certificates 151 views
Securing Your VPS with CrowdSec 133 views
Hardening SSH Access on Your VPS 79 views
Setting Up WireGuard VPN on a VPS 141 views
Understanding and Configuring nftables Firewall 93 views
Implementing IP Whitelisting for Admin Panels 26 views
Setting Up Automatic Malware Scanning with ClamAV 28 views
Audit Logging with auditd on Linux 30 views
Scanning for Rootkits with rkhunter and chkrootkit 27 views
Hardening Linux with CIS Benchmarks 29 views
Securing Nginx with Security Headers 30 views
Two-Factor Authentication for SSH with Google Authenticator 31 views
Setting Up Fail2Ban to Protect SSH 29 views
SSH Hardening Best Practices 27 views
Configuring UFW Firewall on Ubuntu 29 views
SSL Certificate Installation with Certbot 29 views
How to Audit Your Server with Lynis
Lynis is an open-source security auditing tool that checks your system configuration.Installapt install lynis -yRun Auditlynis audit systemReview ResultsLynis p... 116 views
How to Configure SSH Idle Timeout
Automatically disconnect idle SSH sessions to reduce security risk.Server-Side ConfigurationEdit /etc/ssh/sshd_config:# Disconnect after 10 minutes of inactivit... 436 views
How to Set Up Automatic Malware Scanning with ClamAV
ClamAV is a free, open-source antivirus engine for Linux.Installapt install clamav clamav-daemon -yUpdate Definitionssystemctl stop clamav-freshclam\nfreshclam\... 212 views
Understanding Linux File Immutable Attribute
The immutable attribute prevents a file from being modified, deleted, or renamed — even by root.Set Immutablechattr +i /etc/resolv.confRemove Immutablechattr -i... 221 views
How to Secure Your Linux Server: Essential Checklist
Follow this checklist to harden your Breeze against common threats.1. Update Everythingapt update && apt upgrade -y2. Create a Non-Root Useradduser admin usermo... 249 views
How to Disable Root SSH Login
Disabling root SSH login is one of the most effective security hardening steps.PrerequisitesBefore disabling root login, make sure you have:A non-root user with... 418 views
How to Set Up Fail2Ban on Linux
Fail2Ban monitors log files and bans IP addresses that show malicious behavior like repeated failed login attempts.Install# Ubuntu/Debian apt install fail2ban -... 304 views
How to Set Up SSH Key Authentication
SSH keys are more secure than passwords and prevent brute-force attacks.Generate a Key Pair (on your local machine)ssh-keygen -t ed25519 -C "your-email@example.... 416 views
How to Install and Configure an SSL Certificate with Let's Encrypt
Let's Encrypt provides free SSL certificates. Use Certbot to automate the process.Install Certbot# Ubuntu/Debian with Nginx apt install certbot python3-certbot-... 450 views
How to Change the SSH Port
Changing the default SSH port from 22 reduces automated brute-force attacks.Choose a PortPick an unused port number between 1024 and 65535 (e.g., 2222).Configur... 517 views
How to Scan for Rootkits with rkhunter
rkhunter scans your system for rootkits, backdoors, and other malware.Installapt install rkhunter -yUpdate and Scanrkhunter --update rkhunter --checkAutomated S... 357 views
How to Set Up Two-Factor Authentication for SSH
Adding 2FA to SSH provides an extra layer of security beyond keys or passwords.Install Google Authenticatorapt install libpam-google-authenticator -yConfigure f... 199 views
Setting Up Let's Encrypt SSL Certificates
SSL/TLS encrypts traffic between your users and your server. Without it: 754 views
CrowdSec: Community-Powered Threat Detection
CrowdSec is an open-source, community-powered security engine. It detects attacks on your server and shares threat intelligence with the community — like a collaborative Fail2Ban. 192 views
Setting Up OSSEC Host Intrusion Detection
Step-by-step tutorial for ossec on Ubuntu/Debian servers, with practical code examples and troubleshooting tips. 9 views
Automated Security Scanning with Lynis
Lynis is an open-source security auditing tool that scans your Linux system for misconfigurations, missing patches, and hardening opportunities. 158 views
SSH Key Management and Best Practices
Practical guide to ssh-keys featuring real-world examples, performance tuning tips, and security best practices. 6 views
Linux Capability-Based Security Model
Step-by-step tutorial for capabilities on Ubuntu/Debian servers, with practical code examples and troubleshooting tips. 6 views
Seccomp Profiles for Container Hardening
Practical guide to seccomp featuring real-world examples, performance tuning tips, and security best practices. 6 views
ClamAV Antivirus Setup for Mail Servers
Everything you need to know about clamav for your VPS, from initial setup to production-ready configuration with antivirus. 6 views
SELinux Practical Configuration for Web Servers
Practical guide to selinux featuring real-world examples, performance tuning tips, and security best practices. 5 views
Linux Audit System Configuration with auditd
Practical guide to auditd featuring real-world examples, performance tuning tips, and security best practices. 7 views
Implementing AppArmor Profiles for Services
Step-by-step tutorial for apparmor on Ubuntu/Debian servers, with practical code examples and troubleshooting tips. 8 views
Web Application Firewall with ModSecurity
ModSecurity is an open-source WAF (Web Application Firewall) that inspects HTTP requests and blocks attacks like SQL injection, XSS, and file inclusion. 562 views