Linux Security

Introduction to systemd-resolved

I’ve worked with Linux systems for years, and one thing that’s become increasingly important is DNS resolution. systemd-resolved is a DNS resolver component of the systemd suite, designed to provide a flexible and secure way to resolve domain names. It was introduced in systemd version 216, released in 2015, and has since become a standard component in many Linux distributions. By default, systemd-resolved uses a split DNS configuration, which can sometimes lead to DNS leaks and unexpected behavior. I’ve seen this go wrong when a system has multiple network interfaces or connections, each with its own DNS resolver configuration.

Introduction to Log Rotation with systemd

I’ve seen log files consume entire disks, bringing systems to a grinding halt. That’s why log rotation is crucial - it ensures your logs don’t get out of control. With systemd, you’ve got a robust mechanism for managing and rotating logs. In this article, I’ll dive into using systemd for log rotation, covering its benefits, configuration, and some practical examples.

Understanding systemd’s Role in Log Rotation

systemd’s journald is a game-changer for log management. It collects and stores log messages from various sources, including systemd services, kernel messages, and other system components. This centralized logging system makes it easier to manage and rotate logs. By leveraging systemd’s capabilities, you can configure log rotation to suit your specific needs, keeping your system stable and secure.

Introduction to systemd-resolved

I’ve been using systemd-resolved for a while now, and I have to say, it’s a big improvement over traditional DNS resolvers. As of 2026, many Linux distributions, including Ubuntu, Debian, and Fedora, have adopted systemd-resolved as the default DNS resolver. While it offers several benefits, including improved security and performance, some users may encounter issues or require customization to suit their specific needs. Don’t bother with trying to disable it, though - it’s usually worth the effort to get it working right.

Introduction to Automated Offsite Backups

As a Linux user, you’ve probably learned the hard way how important it is to protect your configuration files and user data from loss or corruption. I’ve seen this go wrong when a disk fails or a configuration change goes awry. One way to ensure the integrity of this data is to set up automated offsite backups. In this article, we’ll explore how to use rsync and systemd to create a reliable and efficient backup system.

Introduction to Dependency Troubleshooting

I’ve seen this go wrong when adding third-party repositories to a Linux system - it’s a great way to get the latest software, but it can also lead to broken dependencies and a whole lot of frustration. In this article, I’ll walk you through the practical steps to troubleshoot and resolve broken dependencies after adding a third-party repository.

Understanding Dependencies

Before we dive into troubleshooting, let’s take a step back and understand how dependencies work in Linux. Dependencies are packages that a particular package requires to function correctly. When you install a package, the package manager (such as apt or dnf) will automatically install any required dependencies. However, when adding third-party repositories, the package manager may not always be able to resolve dependencies correctly, leading to broken packages. Don’t bother with trying to manually resolve these dependencies - it’s a recipe for disaster.

Introduction to jq and systemd-journald

I’ve found that working with Linux systems often involves digging through logs to troubleshoot issues. systemd-journald is a key component in this process, collecting and storing log messages from various sources. Since these logs are often in JSON format, tools like jq become incredibly useful for parsing and manipulation. In this article, I’ll walk you through how to use jq to parse and manipulate JSON logs from systemd-journald.

Introduction to systemd Service Troubleshooting

I’ve seen this go wrong when services fail to start due to complex dependency ordering and logging issues. systemd, with its powerful tools for diagnosing problems, makes it easier to identify and fix these issues. In this article, we’ll focus on practical examples of using dependency ordering and journalctl to troubleshoot systemd service startup failures.

Understanding systemd Dependencies

systemd services are defined in unit files, typically located in /etc/systemd/system/ or /usr/lib/systemd/system/. These files specify the service’s dependencies, which are crucial for determining the order in which services start. Dependencies are defined using directives like Requires, Wants, Before, and After. For instance, a web server service might require the network service to be started before it can start itself.

Introduction to Log Rotation

I’ve seen this go wrong when log files grow out of control, filling up the disk and causing system instability. That’s why log rotation is a crucial aspect of Linux system maintenance. With many Linux distributions, including Debian and Arch Linux, adopting systemd as their default init system, understanding how to manage log rotation in a systemd environment is essential. In practice, this means getting familiar with systemd-journald, the component responsible for collecting and storing log messages.

Introduction to systemd Service Restart Behavior

I’ve seen this go wrong when a service fails and systemd keeps restarting it, causing more harm than good. To avoid this, it’s essential to understand how systemd handles service restarts. Systemd is a core component of most modern Linux distributions, responsible for managing system services, including their startup, runtime, and shutdown. One of the key aspects of systemd service management is its ability to automatically restart services that fail or terminate unexpectedly. However, this behavior can sometimes lead to unintended consequences, such as a service restarting indefinitely in a failed state. To mitigate this, systemd provides two important directives: RestartSec and TimeoutStartSec.

Introduction to Dependency Hell

I’ve seen this go wrong when you’re in the middle of a critical project and a package update breaks a dependency, causing system instability. In Debian-based systems, apt-mark is a useful tool for pinning packages and avoiding this kind of chaos. It’s not a silver bullet, but it can help prevent packages from being automatically removed or upgraded, which can cause conflicts.

What is apt-mark?

apt-mark is a command-line tool that allows you to mark packages as automatically installed or manually installed. This can be a lifesaver when you need to prevent a package from being automatically upgraded to a newer version that may cause conflicts. Don’t bother with trying to manually manage dependencies - apt-mark makes it easy to pin packages to a specific version.