The latest articles on DEV Community by Max Müller (@mmvonnseek). https://dev.to/mmvonnseek https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F737632%2Fe3a74dc4-13b8-40b7-a5f4-28a7fe170bde.jpeg https://dev.to/mmvonnseek en Max Müller Thu, 28 May 2026 23:27:04 +0000 https://dev.to/mmvonnseek/i-left-a-linux-security-guide-half-finished-for-months-copilot-helped-me-wrap-it-up-13hh https://dev.to/mmvonnseek/i-left-a-linux-security-guide-half-finished-for-months-copilot-helped-me-wrap-it-up-13hh <h1> I left a Linux security guide half-finished for months — Copilot helped me wrap it up (and taught me something I didn't expect) </h1> <h2> The project that sat there collecting dust </h2> <p>I'm a teacher at SENAI in Taguatinga, Brazil. I teach Systems Development and Fullstack. A few months ago I created the <a href="https://github.com/MMVonnSeek/linux-security-guide" rel="noopener noreferrer">linux-security-guide</a> — a practical Linux guide focused on security, born directly from my classroom.</p> <p>The reason I started it was simple and honest: I was tired of 2-hour YouTube videos teaching things wrong, and course materials that just make students memorize commands. I had about 15 students fail job interviews because they couldn't answer "how do you secure a Linux server in practice?" — and that made me angry. So I put together everything I teach in class and use day-to-day so nobody would go through the same frustration I went through when I started.</p> <p>The project grew well. Fundamentals, networking, hardening, practical labs. But at some point it stopped. It just sat there with a nice structure, half-finished modules, and labs that didn't show students what they should actually see in the terminal.</p> <p>This challenge was the push I needed.</p> <h2> What I added with Copilot </h2> <p>Three fronts:</p> <p><strong>1. Lab 04 — Suspicious process detection</strong></p> <p>This lab didn't exist. I knew what I wanted: something practical, with real commands (<code>ps</code>, <code>top</code>, <code>lsof</code>, <code>netstat</code>, <code>/proc</code>), defensive focus, and expected output for each step. I gave Copilot the context and it put together a solid structure I wouldn't have written that quickly on my own. I still had to review every block — the technical content was correct, but some sections needed the adjustment of someone who's actually worked with this in a classroom.</p> <p><strong>2. Automated hardening script</strong></p> <p>Module 03 of the guide teaches secure SSH, auditd, suspicious crontab. But there was no script to automate all of that. Copilot generated a <code>hardening.sh</code> with dependency checking, automatic backup of files it modifies, logging everything to <code>/var/log/hardening.log</code>, and decent error handling. Good enough to show students as a production script example.</p> <p><strong>3. Expected output in existing labs</strong></p> <p>The three existing labs had the commands but didn't show what students should see after running them. That sounds like a detail, but it isn't — beginner students get stuck exactly because they don't know if what appeared in the terminal is right or wrong. I used Copilot to review each lab and add those output examples. Repetitive work I always kept putting off.</p> <h2> The moment I didn't expect </h2> <p>While working on the suspicious crontab module (<code>03-hardening/crontab-suspeito.md</code>), I was listing the basic commands to check scheduled tasks. Standard stuff.</p> <p>Copilot suggested creating a lab where the student finds a cron job running a hidden script at <code>/var/tmp/.cache/.systemd-fix.sh</code> and has to trace where it came from.</p> <p>I laughed out loud. Because that's exactly the kind of dirty trick an attacker would use in the real world. A name that looks legitimate, a hidden directory inside <code>/var/tmp</code>, a path that slips past a quick listing. I wouldn't have thought of that level of "dirty detail" on my own — at least not at that moment. It was smart because it helped me turn a boring "look at the crontab" lesson into a treasure hunt that students loved.</p> <h2> What I had to fix </h2> <p>Copilot is useful, but stubborn like a student who thinks they know everything.</p> <p>In the SSH hardening lab (<code>lab-03-ssh-hardening.md</code>), it generated a correct command to disable password authentication — it put <code>PasswordAuthentication no</code> just fine. But it forgot to mention <code>ChallengeResponseAuthentication</code>. If a student followed only that, the server would still accept some older authentication methods. A guaranteed vulnerability.</p> <p>I had to add three more configuration lines and an explicit warning in the text. Copilot helps, but it doesn't replace someone who's already been burned trying to fix a server at 3am.</p> <h2> What changed in the project </h2> <p>Before: organized structure, incomplete content, labs with no visual feedback for whoever runs them.</p> <p>After: new lab on process detection, functional hardening script, and existing labs with expected output at each step.</p> <p>The guide still isn't perfect. But now it's in a state where I can recommend it to a student without having to apologize for any unfinished part.</p> <h2> Repository </h2> <p><a href="https://github.com/MMVonnSeek/linux-security-guide" rel="noopener noreferrer">github.com/MMVonnSeek/linux-security-guide</a></p> <p>Created and maintained by Professor Max — SENAI Taguatinga, Brazil.</p> githubfinishupathon github devchallenge githubchallenge