Author

Xiao Liu Lab

An operations lab passionate about server tinkering 🔬 Sharing automation scripts, high-availability architecture, alert optimization, and incident reviews. Using technology to reduce overtime and experience to avoid major pitfalls. Follow me for easier, more reliable operations!

Articles

Likes

339

Views

Comments

Latest from Xiao Liu Lab

82 recent articles

Xiao Liu Lab

Nov 3, 2025 · Information Security

13 Essential Tomcat Security Baselines to Harden Your Server

Learn how to secure Apache Tomcat by applying a 13‑item baseline that covers account permissions, root‑less operation, strong passwords, disabling manager apps, preventing directory listing, restricting HTTP methods, enabling HTTPS, changing default ports, configuring access logs, custom error pages, hiding server banners, and limiting connections.

HardeningJavaSecurity

0 likes · 12 min read

13 Essential Tomcat Security Baselines to Harden Your Server

Xiao Liu Lab

Nov 2, 2025 · Information Security

Automate Linux Password Expiration for GB/T 22239 Compliance (90‑Day Policy)

This guide presents a complete, compliance‑ready solution for enforcing the GB/T 22239 (等保2.0) requirement that Linux user passwords be changed every 90 days, including a safe Bash script, audit logging, crontab scheduling, permission hardening, and evidence collection for security assessments.

Information Securitybashcompliance automation

0 likes · 8 min read

Automate Linux Password Expiration for GB/T 22239 Compliance (90‑Day Policy)

Xiao Liu Lab

Nov 1, 2025 · Databases

How to Fake MySQL 8 Version to Trick Vulnerability Scanners (Step‑by‑Step)

This guide shows how to modify the MySQL 8 binary to change its reported version, letting vulnerability scanners misidentify the server and bypass patching, while providing a quick, temporary defense for internal or compliance‑driven environments.

MySQLVersion Spoofingdatabase security

0 likes · 5 min read

How to Fake MySQL 8 Version to Trick Vulnerability Scanners (Step‑by‑Step)

Xiao Liu Lab

Oct 31, 2025 · Cloud Native

How to Hide Multiple Docker Apps Behind a Single Nginx Gateway

This guide shows how to containerize five services, expose only ports 80/443 via an Nginx reverse‑proxy container, route traffic by sub‑domain, secure everything with HTTPS, and simplify deployment and maintenance using Docker‑Compose.

containerdevopsreverse proxy

0 likes · 11 min read

How to Hide Multiple Docker Apps Behind a Single Nginx Gateway

Xiao Liu Lab

Oct 31, 2025 · Databases

Why Redis Exits on ARM64: Fix the THP COW Bug and Prevent Data Loss

Redis on ARM64 platforms may abort startup with a warning about a kernel COW bug when Transparent Huge Pages are enabled, risking RDB corruption; this guide explains the underlying issue, when it’s safe to ignore the warning, and provides two solutions—disabling THP or configuring ignore‑warnings—to ensure safe operation.

ARM64COW bugLinux

0 likes · 7 min read

Why Redis Exits on ARM64: Fix the THP COW Bug and Prevent Data Loss

Xiao Liu Lab

Oct 30, 2025 · Information Security

Essential Linux Security Baseline for Tier‑3 Compliance: Step‑by‑Step Guide

This article provides a comprehensive, step‑by‑step Linux security baseline for Tier‑3 compliance, covering password policies, login controls, access restrictions, audit logging, intrusion prevention, patch management, and resource limits, complete with executable commands for major distributions.

LinuxPassword PolicySecurity

0 likes · 9 min read

Essential Linux Security Baseline for Tier‑3 Compliance: Step‑by‑Step Guide

Xiao Liu Lab

Oct 30, 2025 · Operations

Why systemd Timers Outperform crontab and How to Migrate Your Jobs

This article explains why the built‑in systemd timer engine is a more reliable, observable, and feature‑rich replacement for traditional crontab, and provides a step‑by‑step guide to rewrite, configure, and manage your scheduled tasks on Linux.

Automationcrontaboperations

0 likes · 9 min read

Why systemd Timers Outperform crontab and How to Migrate Your Jobs

Xiao Liu Lab

Oct 29, 2025 · Information Security

Secure MySQL 8 in 30 Minutes with 6 Production‑Ready Scripts

Learn how to transform a vulnerable MySQL 8 instance into a militarized, audit‑ready database in just half an hour by applying six ready‑to‑run shell and SQL scripts that disable high‑risk accounts, enable enterprise audit logging, enforce SSL, prune privileges, rotate root passwords, and generate compliance reports.

Audit LoggingAutomationMySQL

0 likes · 7 min read

Secure MySQL 8 in 30 Minutes with 6 Production‑Ready Scripts

Xiao Liu Lab

Oct 29, 2025 · Databases

5 Underrated MySQL Security Settings That Block 90% of Attacks

Even if your database appears functional and backed up, a single SQL injection can expose all data; this article reveals five often‑overlooked MySQL security configurations—disabling remote root login, turning off dangerous functions, enabling audit logs, enforcing SSL, and cleaning ghost accounts—to dramatically harden your database in under 30 minutes.

Audit LogMySQLSQL Injection

0 likes · 6 min read

5 Underrated MySQL Security Settings That Block 90% of Attacks

Xiao Liu Lab

Oct 29, 2025 · Operations

How to Diagnose and Fix High Swap Usage on Linux Servers

Learn step‑by‑step how to identify why your Linux server’s swap is consuming over 90% of space, understand the performance impact, and apply three safe optimization techniques—including process analysis, swappiness tuning, and cache clearing—to restore smooth operation without rebooting.

LinuxMemorySwap

0 likes · 6 min read

How to Diagnose and Fix High Swap Usage on Linux Servers