https://blog.serviciosrogeliowar.com/en/tags/devops/Recent content in Devops on Servicios RogeliowarHugo -- gohugo.ioen© 2026 Rogelio Guerra RiverónTue, 19 May 2026 00:00:00 +0000https://blog.serviciosrogeliowar.com/en/posts/como-limpiar-credenciales-expuestas-en-git-con-git-filter-repo-y-rotar-tokens/Tue, 19 May 2026 00:00:00 +0000https://blog.serviciosrogeliowar.com/en/posts/como-limpiar-credenciales-expuestas-en-git-con-git-filter-repo-y-rotar-tokens/<h2 class="relative group">The Real Problem <div id="the-real-problem" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#the-real-problem" aria-label="Anchor">#</a> </span> </h2> <p>I recently realized I had pushed a <code>.env</code> file with API credentials to a private repository. Even though it was private, that&rsquo;s no excuse. A compromised access, a repository that becomes public, or simply a security audit would have exposed my tokens. I learned that <strong>I can&rsquo;t rely on deleting files in subsequent commits</strong>—Git keeps all the history.</p>https://blog.serviciosrogeliowar.com/en/posts/restic-backups-cifrados-deduplicacion/Mon, 11 May 2026 00:00:00 +0000https://blog.serviciosrogeliowar.com/en/posts/restic-backups-cifrados-deduplicacion/<p>I already had <a href="https://blog.serviciosrogeliowar.com/en/posts/backups-automaticos-con-rsync-y-cron-para-docker-domestico/" >backups with rsync and cron</a>, but rsync copies files, not snapshots. If you accidentally delete a file and the backup syncs before you notice, you lose it. <a href="https://restic.net/" target="_blank" rel="noreferrer">Restic</a> solves that and adds something rsync will never provide: <strong>AES-256 encryption, deduplication, and snapshots with navigable history</strong>.</p> <h2 class="relative group">What makes Restic different <div id="what-makes-restic-different" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#what-makes-restic-different" aria-label="Anchor">#</a> </span> </h2> <table> <thead> <tr> <th>Feature</th> <th>rsync</th> <th>Restic</th> </tr> </thead> <tbody> <tr> <td>AES-256 encryption</td> <td>No</td> <td>Yes</td> </tr> <tr> <td>Deduplication</td> <td>No</td> <td>Yes (block-level)</td> </tr> <tr> <td>Navigable snapshots</td> <td>No</td> <td>Yes</td> </tr> <tr> <td>Multiple backends</td> <td>No</td> <td>SFTP, S3, Backblaze, rclone…</td> </tr> <tr> <td>Integrity checking</td> <td>No</td> <td><code>restic check</code></td> </tr> <tr> <td>Retention policy</td> <td>Manual</td> <td><code>restic forget --prune</code></td> </tr> </tbody> </table> <p>Deduplication is especially useful for database backups and configuration directories that change little: a Restic repository with 6 months of daily backups usually takes up much less space than 180 full copies.</p>https://blog.serviciosrogeliowar.com/en/posts/hardening-servidores-linux/Fri, 01 May 2026 00:00:00 +0000https://blog.serviciosrogeliowar.com/en/posts/hardening-servidores-linux/<h1 class="relative group">Server Security Hardening: Essential Steps <div id="server-security-hardening-essential-steps" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#server-security-hardening-essential-steps" aria-label="Anchor">#</a> </span> </h1> <p>Having a server exposed to the Internet without minimal security configuration is leaving the door wide open. In this article, I&rsquo;ve compiled the steps I apply on my own servers to reduce the attack surface without complicating day-to-day management.</p> <h2 class="relative group">SSH: the first line of defense <div id="ssh-the-first-line-of-defense" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#ssh-the-first-line-of-defense" aria-label="Anchor">#</a> </span> </h2> <p>The SSH service is the most attacked entry point on any Linux server. These are the most important settings in <code>/etc/ssh/sshd_config</code>:</p>