Skip to content
View crisis1er's full-sized avatar

Block or report crisis1er

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
crisis1er/README.md
Typing SVG

Blog Email GDSA Visitors

About me

Independent security and digital privacy specialist with 35 years of hands-on IT experience, primarily self-taught. I focus on hardening Linux systems, building privacy-preserving network stacks, and evaluating the real-world security posture of Linux distributions.

Every configuration in this GitHub has been deployed and validated in a live production environment. This is not theory — it runs on my machines.

My approach aligns with GIAC GDSA principles — defensible security architecture, network segmentation, reverse proxies, protocol hardening, and Zero Trust.

I write about security, privacy, and Linux infrastructure on my bilingual blog → safeitexperts.com

Focus areas

🔒 System hardening — sysctl, kernel parameters, auditd, file permissions
🌐 Network privacy — DNS-over-TLS, DoH, ECH, proxy anonymization, VPN
🦑 Proxy & caching — Squid 6.x, ACL management, ad blocking, TLS policy
🔍 DNS security — Unbound, DNSSEC, local DoH (Caddy)
🧪 OS security auditing — testing Linux ISOs for security and privacy compliance
📊 Monitoring — Prometheus, Grafana, Loki, Alertmanager

Linux

Primary platform: openSUSE Tumbleweed (rolling — daily driver and test bench)

Also tested: Debian · Fedora · Arch · Ubuntu · Qubes OS · Tails · and others

Stack

openSUSE Linux Bash Squid Unbound Caddy Prometheus Grafana Loki KVM firewalld systemd

GitHub stats


All configurations are tested in production on real hardware before being published. Review before deploying — your environment may differ.

Pinned Loading

  1. Device-Security-Vulnerability-Analysis Device-Security-Vulnerability-Analysis Public

    Analysis of device vulnerabilities when stolen, with risk levels and mitigation strategies.

    1

  2. squid-tumbleweed-config squid-tumbleweed-config Public

    Squid 6.x proxy for openSUSE Tumbleweed — HTTPS bump, ACL, ad-blocking, delay pools, multimedia caching

  3. unbound-tumbleweed-config unbound-tumbleweed-config Public

    Production Unbound configuration for openSUSE Tumbleweed — DoT (Quad9), DNSSEC, local DoH, ad blocking, systemd automation

  4. firewalld-tumbleweed-config firewalld-tumbleweed-config Public

    Hardened firewalld configuration for openSUSE Tumbleweed — nftables backend, zone-based design, KVM, monitoring stack, Squid and privacy stack

  5. sysctlconf sysctlconf Public

    Hardened sysctl drop-in for openSUSE Tumbleweed — memory tuning, BBR, TCP hardening, kernel security, KVM and fibre optimized

  6. Zypper-Package-History-Logs Zypper-Package-History-Logs Public

    Zypper history viewer for openSUSE — audit package installs and removals from the command line

    Shell