Linux Security

Introduction to Log Rotation

I’ve seen log files grow out of control and bring down entire systems, so log rotation is something I take seriously. It’s a crucial aspect of Linux system maintenance, ensuring that log files don’t consume all available disk space. On busy systems, logs can fill up quickly, leading to issues with system performance and even causing services to fail.

Understanding Log Rotation

Log rotation involves periodically switching out log files, typically by renaming the current log file and starting a new one. This process can be configured to occur at set intervals, such as daily or weekly, and can also be triggered by the size of the log file. Most Linux distributions come with a log rotation system pre-configured, often using the logrotate utility. Don’t bother with manual log rotation unless you have a specific reason to do so - logrotate is a well-tested and reliable tool.

Introduction to systemd Service Restart Behavior

I’ve seen this go wrong when a service is not properly configured - systemd, the core component of most modern Linux distributions, is responsible for managing system services. One of its key features is the ability to automatically restart services that fail or terminate unexpectedly, controlled by the Restart directive in the service unit file. However, I’ve found that the Restart directive alone may not be sufficient to handle all scenarios, which is where the Retry and Timeout options come into play.

Introduction to Shared Directory Permissions

When working with shared directories in Linux, permissions can quickly become a complex issue. I’ve seen this go wrong when multiple users need to collaborate on the same project, and suddenly, nobody can access the files they need. The setgid bit and Access Control Lists (ACLs) are two powerful tools for managing these permissions. In this article, we’ll explore how to troubleshoot broken permissions on shared directories using setgid and ACLs.

Introduction to systemd-resolved

I’ve been using systemd-resolved for a while now, and I have to say, it’s a game-changer when it comes to managing DNS resolution on Linux systems. As of 2026, it’s become a crucial component in many Linux distributions, including Ubuntu, Debian, and Fedora. In this article, I’ll walk you through how to use systemd-resolved with multiple DNS servers and split horizon DNS, including some practical examples and troubleshooting notes.

Introduction to Dependency Management

As someone who’s spent years running Linux systems, I can tell you that dependency management is crucial for maintaining a healthy and stable system. You’re probably already familiar with keeping your packages up to date, but sometimes you need to pin specific packages to prevent them from being updated. This can help maintain system stability or prevent potential security issues. In this article, I’ll walk you through how to use apt-mark to pin packages in Debian-based systems.

Introduction to systemd Restart Policies

I’ve seen systemd restart policies go wrong when not properly configured, leading to a never-ending cycle of restarts without resolving the underlying issue. To avoid this chaos, it’s essential to understand how systemd manages system services, including starting, stopping, and restarting them as needed. The key to taming these restart policies lies in understanding how systemd service files work and how to configure them effectively.

Introduction to Troubleshooting Local Port Conflicts

When dealing with a Linux server that’s running multiple services, I’ve seen this go wrong when two or more services try to bind to the same port - it’s a recipe for disaster. This is where people usually get burned, as one or more of the services will fail to start. To avoid this, we can use the ss command and nftables to troubleshoot local port conflicts.

Introduction to DNS Leaks

I’ve seen DNS leaks become a major concern for Linux users who care about their online privacy. Essentially, a DNS leak happens when your system’s DNS queries slip outside a secure tunnel - think VPN - and potentially expose your browsing history to prying eyes. Given the current online security landscape, being able to troubleshoot these leaks is more important than ever.

Understanding systemd-resolved

Systemd-resolved is a key system service in Linux that handles DNS resolution. It’s part of the systemd suite and is widely used in modern distributions like Ubuntu, Debian, and Fedora. One of the benefits of systemd-resolved is that it can be configured to use DNS over TLS (DoT) or DNS over HTTPS (DoH), which encrypts DNS queries and reduces the risk of leaks.

Introduction to DNS Resolution

When setting up a home network, DNS resolution is one of those critical components that can be a real pain to troubleshoot. I’ve seen this go wrong when people are new to Linux, so let’s dive into how to use resolvectl to resolve DNS issues with systemd-resolved.

Understanding systemd-resolved

systemd-resolved is a system service that handles DNS resolution, among other network-related tasks. It’s part of the systemd suite and is widely used in many Linux distributions, including Ubuntu, Debian, and Fedora. The real trick is that systemd-resolved provides improved DNS security and better support for modern DNS protocols like DNS over TLS (DoT) and DNS over HTTPS (DoH). Don’t bother with trying to use it without understanding these benefits, as they’re a key part of what makes systemd-resolved so useful.

Introduction to Network Troubleshooting

I’ve seen my fair share of slow network connectivity issues on Linux, and having the right tools at your disposal can make all the difference. Two tools that I rely on are ss and resolvectl, which can help you diagnose and troubleshoot network issues. In this article, we’ll explore how to use these tools to identify and potentially fix slow network connectivity problems.

Understanding ss

The ss command is a replacement for the traditional netstat command, and it provides more detailed information about network connections, including TCP, UDP, and Unix domain sockets. To get started with ss, you can use the following command to display all active connections: