maxuru ~ % cat about
About Maxuru
Maxuru is a hardening reference for servers, services and databases — SSH, the common web servers, the databases, the message brokers, the container platforms. It exists because the answers to “how do I actually secure this” are usually scattered across mailing-list threads, half-right blog posts, and vendor docs that assume you already know the answer.
How every page is built
Section titled “How every page is built”Each control on this site carries the same three things, because a hardening instruction is not much use without them:
- The fix — the exact directive or command, in the file it belongs in. If you already know what you’re doing, you copy it and leave.
- Verification — the command that proves the change actually took effect in the running service, not just that you edited a file. Setting a directive and having it apply are different claims.
- The way back out — what to check before you apply it, so a hardening step doesn’t lock you out of your own host. This is the part most write-ups skip.
The aim is a page you can act on at 2am mid-incident, not an article you read.
How the facts are kept current
Section titled “How the facts are kept current”Security defaults move. Authentication methods get deprecated, cipher lists age out, ports get renamed, and “best practice” from a few years ago is sometimes actively wrong today. Every page is written against the current upstream documentation and release notes for the software it covers, and version-specific behaviour is called out explicitly rather than assumed.
Where a widely-repeated recommendation has expired — a header that’s now deprecated, a feature that’s been removed, a setting that no longer does anything — the page says so, and says what replaced it.
Scope, and what this isn’t
Section titled “Scope, and what this isn’t”Maxuru is a technical reference, not a guarantee. Systems differ, versions differ, and the only configuration that matters is the one running on your host. Every page includes a verification step precisely so you can confirm the result on your own system rather than trusting a checklist. Test changes somewhere safe before you apply them to something you care about.