Posted on Sun 20 April 2025 in DevSecOps • Tagged with elasticsearch, snapshot, security, observability, prometheus, minimal-permissions
Learn how to securely verify Elasticsearch snapshots without using manage_snapshot, using a minimal API key, Prometheus-compatible script, and hardened monitoring practices. Includes a GitHub tools repo for automation.
Posted on Fri 18 April 2025 in DevSecOps • Tagged with linux, oomkiller, memory, system-administration, devsecops, process-management, hardening
In memory-constrained environments, the Linux OOM Killer decides what lives and what gets killed. This guide shows how to protect critical processes like sshd and mysqld using oom_score_adj values, with a script that applies them reliably and securely. Make memory pressure predictable and survivable.
Posted on Wed 16 April 2025 in DevSecOps • Tagged with kernel, bug, Linux, uptime, overflow, devsecops, integer-overflow
A 2012 Linux kernel bug caused CPU lockups after 208.5 days of uptime due to an integer overflow in sched_clock(). Affecting RHEL 5 and 6, it exposed the risks of long uptimes, underscoring the importance of timely patching, uptime observability, and operational risk management in DevSecOps.