1. Home
  2. Detail

@chiarangelucci: #foryou #slice

chiarangelucci
chiarangelucci
Open In TikTok:
Region: IT
Friday 29 March 2024 16:29:42 GMT
22080
280
0
3

Music

Download

No Watermark .mp4 (1.59MB) No Watermark(HD) .mp4 (1.38MB) Watermark .mp4 (0MB) Music .mp3

Comments

There are no more comments for this video.
To see more videos from user @chiarangelucci, please go to the Tikwm homepage.

Other Videos

A perfectly roasted japanese sweet potato that tastes like dessert. Wash and pat dry the potato. Prick a few times with a knife and then roast on a sheet pan at 375F for 90 minutes or up to 2 hours for bigger taters. Serve with as much good butter and flaky salt as your heart tells you. #japanesesweetpotato #sweetpotato #EasyRecipe #simplerecipe
A perfectly roasted japanese sweet potato that tastes like dessert. Wash and pat dry the potato. Prick a few times with a knife and then roast on a sheet pan at 375F for 90 minutes or up to 2 hours for bigger taters. Serve with as much good butter and flaky salt as your heart tells you. #japanesesweetpotato #sweetpotato #EasyRecipe #simplerecipe
سکھر؛ مخدوم شاہ محمود قریشی کی رہائی کیلئے غوثیہ جماعت کا ڈنڈی شریف میں پرامن احتجاج۔ ریلی میں غوثیہ جماعت کے معتقدین کی بڑی تعداد میں شرکت۔ شرکاء نے مخدوم شاہ محمود قریشی پر تمام بے بنیاد مقدمات فوری طور پر ختم کرنے کا مطالبہ کیا۔ مخدوم شاہ محمود قریشی ایک ایماندار سیاستدان کے ساتھ ہمارے روحانی پیشوا بھی ہیں۔ انہیں ناحق قید سے فوری آزاد کیا جائے۔ شرکاء کا اظہار خیال۔ #ReleaseSMQ #FreeSMQ #ReleaseShahMahmoodQureshi #GhousiaJamait
سکھر؛ مخدوم شاہ محمود قریشی کی رہائی کیلئے غوثیہ جماعت کا ڈنڈی شریف میں پرامن احتجاج۔ ریلی میں غوثیہ جماعت کے معتقدین کی بڑی تعداد میں شرکت۔ شرکاء نے مخدوم شاہ محمود قریشی پر تمام بے بنیاد مقدمات فوری طور پر ختم کرنے کا مطالبہ کیا۔ مخدوم شاہ محمود قریشی ایک ایماندار سیاستدان کے ساتھ ہمارے روحانی پیشوا بھی ہیں۔ انہیں ناحق قید سے فوری آزاد کیا جائے۔ شرکاء کا اظہار خیال۔ #ReleaseSMQ #FreeSMQ #ReleaseShahMahmoodQureshi #GhousiaJamait
Nonna Pia’s Delicious Farfalle with Ham and Peas! #nonnapia #paidpartner #ShopRite #ShopItalywithShopRite #homecooking #MadeWithLove
Nonna Pia’s Delicious Farfalle with Ham and Peas! #nonnapia #paidpartner #ShopRite #ShopItalywithShopRite #homecooking #MadeWithLove
🔒 Cybersecurity Reality Check: Your Linux Server Isn’t “Secure by Default” — Harden It or Lose It If you still believe Linux servers are naturally secure because “hackers target Windows,” it’s time to retire that myth. Hardening is not optional — it’s survival. Here’s a practical, engineering-focused guide to fortifying your Linux environment against real-world attacks. 🧩 1. Start With the Fundamentals: System Updates & Patch Hygiene * Always update before deploying a new system: `sudo apt update && sudo apt upgrade -y` * Automate security patches with unattended-upgrades or cron. * Enable kernel live patching (Canonical Livepatch / kpatch / ksplice) for critical infrastructure. Why? Unpatched services remain the #1 Linux attack vector — especially on internet-facing hosts. 🔐 2. Lock Down SSH — Your First Line of Defense Your SSH configuration determines whether your server is yours… or the attacker’s. Critical SSH hardening: * Disable password authentication → *keys only* `PasswordAuthentication no` * Change the default port (not security, but reduces noise) * Disable root login: `PermitRootLogin no` * Use Fail2Ban to block brute-force attempts * Enforce strong key types: ed25519 or rsa 4096 🧱 3. Firewall & Network Hardening Expose only what you must. For Ubuntu/Debian: * Allow only whitelisted ports `ufw default deny incoming` `ufw default allow outgoing` * Enable UFW logging for visibility For enterprise/production environments: * Use **iptables/nftables** with explicit policy rules * Implement **port knocking** or **single-packet authorization** for stealth access * Enforce **segmentation** using VLANs + dedicated subnets 🔍 4. Service Minimization: Disable What You Don’t Need Every running service is another potential vulnerability. * Stop and disable unused daemons `systemctl disable --now <service>` * Remove unnecessary packages (cups, avahi, bluetooth, rpcbind, etc.) * Run `netstat -tulnp` to confirm only intended ports are open 🔐 5. Strengthen Authentication & Password Policies Even in 2025, weak passwords still compromise servers daily. * Enforce password complexity with PAM * Lock accounts after repeated failures * Use `/etc/login.defs` to set expiration and reuse policies * Implement system-wide sudo auditing Better option: Adopt centralized identity management (FreeIPA, OpenLDAP, Active Directory integration). 🛡️ 6. Mandatory Access Controls (MAC): SELinux / AppArmor MAC systems stop attackers even *after* they gain access. SELinux: * Enforcing mode on production servers * Use targeted policies for high-risk apps (Apache, Nginx, Docker) AppArmor (Debian/Ubuntu): * Restrict apps to least-privilege profiles * Prevent unauthorized filesystem, network, and process actions MAC = last-line defense against privilege escalation. --- 📦 7. File System Hardening Protect the OS itself. * Make `/boot` read-only * Mount `/tmp`, `/var/tmp`, and `/home` with `noexec`, `nodev`, `nosuid` * Enable disk encryption (LUKS) for sensitive data * Use `chattr +i` on critical files like `/etc/passwd`, `/etc/shadow` 🕵️ 8. Logging, Monitoring & Intrusion Detection You can’t defend what you can’t see. * Enable auditd for deep system visibility * Centralize logs to Splunk, ELK, or Wazuh * Deploy host-based IDS/IPS (OSSEC, Wazuh, Falco, Tripwire) * Configure real-time alerting for suspicious events ⚙️ 9. Container & Virtualization Security If you're running Docker, Kubernetes, or VMs on Linux: * Never run containers as root * Use seccomp, AppArmor, or SELinux profiles * Regularly scan images for vulnerabilities * Harden hypervisors (KVM, Xen, VMware) with minimal host exposure 🛠️ 10. Backup, Recovery & Incident Response A hardened server still needs redundancy. * Implement automated, versioned backups (rsync, Borg, Veeam, Restic) * Test restore procedures monthly * Use immutable storage for critical backups * Maintain a Linux IR playbook 🚀 Final Thoughts Linux hardening is not a one-time action — it’s a continuous discipline.
🔒 Cybersecurity Reality Check: Your Linux Server Isn’t “Secure by Default” — Harden It or Lose It If you still believe Linux servers are naturally secure because “hackers target Windows,” it’s time to retire that myth. Hardening is not optional — it’s survival. Here’s a practical, engineering-focused guide to fortifying your Linux environment against real-world attacks. 🧩 1. Start With the Fundamentals: System Updates & Patch Hygiene * Always update before deploying a new system: `sudo apt update && sudo apt upgrade -y` * Automate security patches with unattended-upgrades or cron. * Enable kernel live patching (Canonical Livepatch / kpatch / ksplice) for critical infrastructure. Why? Unpatched services remain the #1 Linux attack vector — especially on internet-facing hosts. 🔐 2. Lock Down SSH — Your First Line of Defense Your SSH configuration determines whether your server is yours… or the attacker’s. Critical SSH hardening: * Disable password authentication → *keys only* `PasswordAuthentication no` * Change the default port (not security, but reduces noise) * Disable root login: `PermitRootLogin no` * Use Fail2Ban to block brute-force attempts * Enforce strong key types: ed25519 or rsa 4096 🧱 3. Firewall & Network Hardening Expose only what you must. For Ubuntu/Debian: * Allow only whitelisted ports `ufw default deny incoming` `ufw default allow outgoing` * Enable UFW logging for visibility For enterprise/production environments: * Use **iptables/nftables** with explicit policy rules * Implement **port knocking** or **single-packet authorization** for stealth access * Enforce **segmentation** using VLANs + dedicated subnets 🔍 4. Service Minimization: Disable What You Don’t Need Every running service is another potential vulnerability. * Stop and disable unused daemons `systemctl disable --now ` * Remove unnecessary packages (cups, avahi, bluetooth, rpcbind, etc.) * Run `netstat -tulnp` to confirm only intended ports are open 🔐 5. Strengthen Authentication & Password Policies Even in 2025, weak passwords still compromise servers daily. * Enforce password complexity with PAM * Lock accounts after repeated failures * Use `/etc/login.defs` to set expiration and reuse policies * Implement system-wide sudo auditing Better option: Adopt centralized identity management (FreeIPA, OpenLDAP, Active Directory integration). 🛡️ 6. Mandatory Access Controls (MAC): SELinux / AppArmor MAC systems stop attackers even *after* they gain access. SELinux: * Enforcing mode on production servers * Use targeted policies for high-risk apps (Apache, Nginx, Docker) AppArmor (Debian/Ubuntu): * Restrict apps to least-privilege profiles * Prevent unauthorized filesystem, network, and process actions MAC = last-line defense against privilege escalation. --- 📦 7. File System Hardening Protect the OS itself. * Make `/boot` read-only * Mount `/tmp`, `/var/tmp`, and `/home` with `noexec`, `nodev`, `nosuid` * Enable disk encryption (LUKS) for sensitive data * Use `chattr +i` on critical files like `/etc/passwd`, `/etc/shadow` 🕵️ 8. Logging, Monitoring & Intrusion Detection You can’t defend what you can’t see. * Enable auditd for deep system visibility * Centralize logs to Splunk, ELK, or Wazuh * Deploy host-based IDS/IPS (OSSEC, Wazuh, Falco, Tripwire) * Configure real-time alerting for suspicious events ⚙️ 9. Container & Virtualization Security If you're running Docker, Kubernetes, or VMs on Linux: * Never run containers as root * Use seccomp, AppArmor, or SELinux profiles * Regularly scan images for vulnerabilities * Harden hypervisors (KVM, Xen, VMware) with minimal host exposure 🛠️ 10. Backup, Recovery & Incident Response A hardened server still needs redundancy. * Implement automated, versioned backups (rsync, Borg, Veeam, Restic) * Test restore procedures monthly * Use immutable storage for critical backups * Maintain a Linux IR playbook 🚀 Final Thoughts Linux hardening is not a one-time action — it’s a continuous discipline.
หมวกโม่งกันแดด #หมวกโม่งกันแดด #หมวกโม่งคลุมหัว #หมวกโม่ง #โม่งคลุมหัว #โม่งคลุมหัวกันแดด
หมวกโม่งกันแดด #หมวกโม่งกันแดด #หมวกโม่งคลุมหัว #หมวกโม่ง #โม่งคลุมหัว #โม่งคลุมหัวกันแดด
Khi chúng ta sắp có T0 rồi mọi người nhé, chính thức áp dụng thì sẽ thu hút kha khá QDT nước ngoài vào!
Khi chúng ta sắp có T0 rồi mọi người nhé, chính thức áp dụng thì sẽ thu hút kha khá QDT nước ngoài vào!

About

Legal