When STIG Guidance Breaks Linux

When STIG Guidance Breaks Linux

Sometimes the most dangerous security advice is the kind that looks perfectly official. A DISA STIG remediation for Ubuntu 22.04 suggests setting systemd-journal directories to mode 2640 — a value that quietly removes execute permissions and can cripple logging entirely. Is this really “hardening,” or a subtle documentation bug waiting to break production systems? This post digs into what went wrong, how to spot it, and why blindly following compliance guidance can be riskier than questioning it.

Keeping UFW Updated with Cloudflare Networks

Keeping UFW Updated with Cloudflare Networks

Keeping your origin server properly locked down is an important step when running behind Cloudflare. This post explains how to automatically maintain Cloudflare’s constantly changing IP ranges using `ipset`, and how to integrate them with UFW so that only Cloudflare’s proxy network can reach your web ports. With boot-time restoration and scheduled updates, you can prevent direct-to-origin access, strengthen your firewall setup, and ensure all traffic continues to benefit from Cloudflare’s protection layer.

Write-up: Initial Access Pot

Write-up: Initial Access Pot

“We sell hundreds of DeceptiPots to the world every month, but we don’t even use them in our network. Show me the value of our product, test it well, and schedule the demo. Deadline – next Monday!”

This is the task Emily Ross received from the company CEO. As a newly hired junior IT personnel at DeceptiTech, Emily didn’t really know what to do but still decided to prepare for the demo: Configure DeceptiPot to replicate a corporate WordPress blog, deploy the machine in the corporate DMZ, expose it to the Internet, and see what it captures over the weekend. Little did she know, threat actors around the globe enjoyed testing the DeceptiPot, too! Can you find out how the attack on DeceptiTech started?