Linux on Mi&Bee Blog

From Compliance to Real-Time Defense: The Evolution of security-collector-exporter

Thu, 21 May 2026 00:00:00 +0000

The Origin: Compliance Check Hassles

Anyone in operations knows there’s no escaping one hurdle for domestic servers: Cybersecurity Level Protection (GB/T 22239-2019, commonly known as “Level Protection 2.0”). Whether you’re Level 3 or Level 2, auditors come asking about these things:

Is SSH root login disabled? Are password policies compliant?
Is the firewall on? Is SELinux enforcing?
Are there expired accounts? What’s the password validity period?
Which ports are open? Are there high-risk services running?
Are audit logs enabled? How long are they retained?

There are plenty of compliance check tools on the market—search GitHub and you’ll find a bunch: Golin, EvaluationTools, Linux-Security-Compliance-Check, etc. But they all share one limitation: Run once, get a report, done. You check compliance today, and someone changes sshd_config tomorrow, turns off the firewall, installs a backdoor service—you’d never know.

security-collector-exporter v0.3.0: Real-Time Security Monitoring with eBPF

Tue, 19 May 2026 00:00:00 +0000

From Static to Real-Time

The previous article introduced security-collector-exporter v0.1.0 — turning Linux security configuration states into Prometheus metrics. But v0.1.0 is essentially “snapshot-based”: periodically reading /etc, /proc, capturing the static configuration at a single point in time.

There’s an area of security operations that snapshots can’t cover: real-time security events. Someone running a reverse shell, a process escalating privileges, an abnormal network connection, someone loading a kernel module — these events happen and pass; you’d never see them at your next scrape.

security-collector-exporter: Monitoring Linux Security Auditing

Thu, 14 May 2026 00:00:00 +0000

Why This Was Built

Anyone managing servers has probably had this experience: compliance audit comes, SSH into machines one by one to check—SSH config correct, SELinux enabled, firewall running, any expired accounts, password policies compliant. A few machines are fine; dozens or hundreds becomes purely manual grunt work.

And the more painful part: none of this has continuous monitoring. You check compliance today, someone changes a config tomorrow, and you’d never know.

A Casual Talk About CPU Timing and Modern Operating Systems

Fri, 20 Jan 2023 00:00:00 +0000

First, let’s review time-sharing systems. The time-sharing system is a very important operating system concept that maximizes computer utilization and is a crucial means of implementing multi-program concurrency.

The Linux kernel we use daily also adopts the time-sharing system philosophy, mainly reflected in the following aspects:

Time Slice:

Linux uses a time slice mechanism to divide CPU time. Each process can only execute for one time slice before yielding the CPU to other processes. This achieves CPU time sharing and fair allocation.

Linux High Availability and Load Balancing in Practice — From Keepalived to Performance Tuning

Tue, 19 Jun 2018 00:00:00 +0000

Introduction

In modern enterprise application architectures, high availability and load balancing are key technologies for ensuring stable system operation. This article provides a detailed introduction to achieving dual-machine hot standby with Keepalived, building internal network service load balancing with HAProxy, and resolving NIC soft interrupt issues for network performance optimization. Through real-world cases and detailed configuration explanations, this article helps readers understand the core principles and practical applications of these technologies.

Advanced Bash Programming Techniques — Handling Message Queue Backlog with the Producer-Consumer Pattern

Wed, 05 Jul 2017 00:00:00 +0000

Introduction

In message system operations, queue backlog is a common and tricky problem. Especially during malicious attacks or system anomalies, the delivery queue may accumulate a large number of messages, severely impacting normal system operation. Traditional single-process processing is not only inefficient but may also cause problems to worsen due to delayed handling.

This article shares a set of advanced Bash programming techniques based on the producer-consumer pattern. Through core technologies including multi-process concurrency, pipe communication, and efficient awk parsing, we achieve fast and effective handling of message queue backlog issues. This solution has been validated in multiple production environments, capable of improving processing efficiency several times over while ensuring system stability.

ARM Board Notes and Experiences

Mon, 27 Feb 2017 00:00:00 +0000

Raspberry Pi

I originally got into Raspberry Pi to set up a Docker cluster environment — mainly because they were cheap and power-efficient. Bought 3 Raspberry Pi 2 boards for around 600+ yuan. Back then, running Docker on ARM was still a novel concept.

I used Raspberry Pi to build a Docker cluster environment, following the Hypriot blog.

CubieBoard

Getting Docker running on ARM was a major challenge back then — official support was poor, community documentation was sparse, and it required a lot of trial and error.

Monitoring Collection Notes

Mon, 20 Feb 2017 00:00:00 +0000

MySQL Monitoring

MySQL Privilege Best Practices

Privilege control is primarily for security reasons, so follow these best practices:

Grant only the minimum privileges needed to prevent users from doing harm. For example, if a user only needs to query, just grant SELECT privileges, not UPDATE, INSERT, or DELETE.
Restrict the login host when creating users, typically to a specific IP or internal network IP range.
Delete users without passwords after initializing the database. The installation automatically creates some users with no passwords by default.
Set passwords that meet complexity requirements for each user.
Periodically clean up unnecessary users. Revoke privileges or delete users.

Example:

Boosting Development Efficiency — Linux Development Environment Setup Guide

Wed, 07 Dec 2016 00:00:00 +0000

In modern software development, having an efficient and convenient development environment can significantly improve productivity. This article provides a detailed guide on setting up a complete development environment on Linux, including configuration and usage of the tmux terminal multiplexer, vim code editor, enhanced zsh shell, and git version control.

Prerequisites

Before you begin, make sure your system meets the following minimum requirements:

tmux: version >= 2.1
vim: version >= 7.3
zsh: oh-my-zsh recommended
git: latest version

1. TMUX Terminal Multiplexer Configuration

TMUX is an excellent terminal multiplexer that allows you to create multiple sessions and windows within a single terminal window, making it ideal for developers who need to handle multiple tasks simultaneously.

Linux on Mi&Bee Blog

From Compliance to Real-Time Defense: The Evolution of security-collector-exporter

The Origin: Compliance Check Hassles

security-collector-exporter v0.3.0: Real-Time Security Monitoring with eBPF

From Static to Real-Time

security-collector-exporter: Monitoring Linux Security Auditing

Why This Was Built

A Casual Talk About CPU Timing and Modern Operating Systems

Time-Sharing Systems and Linux

Time Slice:

Linux High Availability and Load Balancing in Practice — From Keepalived to Performance Tuning

Introduction

Advanced Bash Programming Techniques — Handling Message Queue Backlog with the Producer-Consumer Pattern

Introduction

ARM Board Notes and Experiences

Raspberry Pi

CubieBoard

Monitoring Collection Notes

MySQL Monitoring

MySQL Privilege Best Practices

Boosting Development Efficiency — Linux Development Environment Setup Guide

Prerequisites

1. TMUX Terminal Multiplexer Configuration