https://www.pistack.xyz/tags/server-hardening/ Recent content in Server-Hardening on Pi Stack Hugo en-us Tue, 02 Jun 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-06-02-devsec-hardening-vs-ansible-vs-puppet-cis-server-hardening-guide/ Tue, 02 Jun 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-06-02-devsec-hardening-vs-ansible-vs-puppet-cis-server-hardening-guide/ <h2 id="introduction">Introduction</h2> <p>Server hardening is the systematic process of reducing a server&rsquo;s attack surface by disabling unnecessary services, applying secure configurations, and enforcing least-privilege principles. The CIS (Center for Internet Security) benchmarks define hundreds of specific controls for each operating system — a manual implementation takes days and is error-prone.</p> https://www.pistack.xyz/posts/2026-06-01-self-hosted-pam-authentication-modules-google-authenticator-pam-u2f-pam-oath-pam-duo/ Mon, 01 Jun 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-06-01-self-hosted-pam-authentication-modules-google-authenticator-pam-u2f-pam-oath-pam-duo/ <h2 id="introduction">Introduction</h2> <p>Pluggable Authentication Modules (PAM) form the backbone of Linux authentication. Every SSH login, <code>sudo</code> invocation, and system service authentication flows through PAM&rsquo;s modular stack. While the default <code>pam_unix</code> module handles basic password authentication, modern security requirements demand multi-factor authentication (MFA), hardware token support, and push-based verification.</p>