Written on 1. August 2023

Basic Security on Debian Server

One of my favorite server systems is Debian. After installing a Debian server system, there are a few security measures I always take as a first step.

Before we dive in, I want to make it clear that this article is not meant to be an exhaustive guide to Debian server security. These are just the initial steps I take to secure a new Debian server. Security is a vast and complex field, and it’s crucial to continually learn, adapt, and fortify your systems as best as you can. With that said, let’s get started!

Install Uncomplicated Firewall (ufw)

Uncomplicated Firewall, or ufw, is an interface to iptables that is geared towards simplifying the process of configuring a firewall.

Read more…
Written on 14. January 2023

Apache2 as reverse proxy with ModSecurity and OWASP Ruleset on Debian

Here I will describe as mentioned in article https://stangneth.com/2022/12/27/nginx-as-reverse-proxy-with-waf-modsecurity-on-debian/ how to install a reverse proxy with WAF based on Apache2.


To install Apache2 on Debian, use the following command:

apt install apache2 -y

Next, we need to enable the necessary modules. We will be using the proxy and proxy_http modules to configure reverse proxy functionality and the headers module to add custom headers to the proxied traffic:

Read more…
Written on 27. December 2022

NGINX as reverse proxy with ModSecurity and OWASP Ruleset on Debian

I have divided my home network into three separate areas: a datacenter, a DMZ (demilitarized zone), and an internal client network. To prevent my clients from having direct access to the datacenter, I have set up an NGINX reverse proxy in the DMZ. This allows both clients within the network and those from the WAN (wide area network) to connect. It is great to be able to secure all sites with a Let’s Encrypt certificate.

In the coming days, I plan to publish an article on configuring Apache2 as a reverse proxy with ModSecurity and the OWASP ruleset.


To install NGINX and Certbot from the default repository on a debian-based operating system, you can use the package manager apt:

apt update 
apt install nginx certbot python3-certbot-nginx
Read more…
Written on 1. March 2022

FreeRadius, LDAP and dynamic VLAN assignment

A long time ago I was interested in find out how I can use my installed FreeRadius to dynamically assign a VLAN based on an Actice Directory Group. First I’ll show my current setup:

  1. Microsoft Active Directory Domain Controller (Windows Server 2012 R2)
  2. FreeRadius (openSUSE Leap 15.3) – Installation instruction https://stangneth.com/2021/05/26/freeradius-on-opensuse/
  3. HP ProCurve 2810-24G
  4. Client (Windows 10 21H2)

Active Directory group

After creating a local security group in Active Directory I assigned it to a User.

Read more…
Written on 26. May 2021

FreeRadius on openSUSE

I changed my private wifi from WPA2 to WPA2-Enterprise. I no longer have to enter a one-time password, but can enable authentication using a username and password. For this scenario I’m using my MS Active Directory and a FreeRadius Server. Following you can find my configuration. Feel free to write comments or corrections in the comment-section.


  • Static IP
  • /etc/hosts is showing to the Hostname /etc/HOSTNAME
  • DNS Server is an Active Directory Domain Controller or can dissolve all Active Directory entries
  • Chrony configured

Read more…