Linux Audit

Linux security and system management blog

Linux Audit is one of the few blogs dedicated to Linux security. We aim for high-quality articles to explain security concepts and how they apply to Linux systems.

Interested in a particular subject or want to look around? The glossary might be a great start.

Did you know?

You can monitor ongoing and new connections linked to a process

Also 💙 the command-line or terminal? Have a look at the command-line tips.

Latest articles

Set default file permissions on Linux with umask

Learn how to use umask to set the default file permissions in Linux. We look at examples, including how and where to implement them.

UMask setting

Harden services by configuring systemd units with a strict umask value using the unit setting UMask.

RestrictRealtime setting

Harden services by restricting systemd units to use realtime scheduling with the unit setting RestrictRealtime.

RestrictSUIDSGID setting

Harden services by restricting systemd units to set the set-user-ID (suid) or set-group-ID (sgid) bit on files with the unit setting RestrictSUIDSGID.

RestrictNamespaces setting

Harden services by restricting systemd units to only specified namespaces with the unit setting RestrictNamespaces.

Using a RSS feed reader? See links in footer to stay up-to-date!

Recent changes

• Systemd: Frequently Asked Questions » How to use systemctl edit to change a service?
• Hardening profiles for systemd » Nginx hardening profile
• Settings for systemd units » UMask setting
• Linux file permissions » Set default file permissions on Linux with umask
• Linux file permissions » Introduction in Linux file permissions
• Settings for systemd units » RestrictRealtime setting
• Settings for systemd units » RestrictSUIDSGID setting
• Settings for systemd units » RestrictNamespaces setting
• Settings for systemd units » CapabilityBoundingSet setting
• Linux Audit » How and why Linux daemons drop privileges
• Capabilities » Overview of Linux capabilities
• Linux Audit » Increase kernel integrity with disabled Linux kernel modules loading
• Linux Audit » Perform NetBSD security audit with pkg_admin
• Linux Audit » Security Integration: Configuration Management and Auditing
• Linux Audit » In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
• Linux Audit » Livepatch: Linux kernel updates without rebooting
• Linux Audit » Determine which processes need a restart with checkrestart/needrestart
• Linux Audit » Do NOT use Linux hardening checklists for your servers
• Linux Audit » Linux Security Scanning for Dummies
• Linux Audit » Kernel hardening: Disable and blacklist Linux modules
• Linux Audit » How to Disable “System program problem detected”
• Linux Audit » Automatic Security Updates with DNF
• Linux Audit » What is the ‘toor’ user on FreeBSD?
• Linux Audit » Linux hardening with sysctl settings
• Linux Audit » Using encrypted documents with vim

Topics