Kernel
The Linux kernel consists of a massive code base including device internals up to external interfaces. Not surprisingly that the kernel also needs attention to security principles to avoid common programming or configuration flaws. In this section the kernel is covered, from tuning it via sysctl, up to frameworks that may help improving the security of the kernel itself.
Capabilities
Linux capabilities define the implementation of privileged tasks. This area collect everything related to Linux capabilities and what they do.
Increase kernel integrity with disabled Linux kernel modules loading
The Linux kernel can be configured to disallow loading new kernel modules. Learn how this may help and how to configure this behavior in the sysctl settings.
Kernel hardening: Disable and blacklist Linux modules
The Linux kernel provides modular support to allow loading kernel modules during runtime. To prevent security issues, learn how to disable or blacklisting.
Linux kernel security and how to improve it
Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.
Overview of Linux syscalls
An overview of the available Linux syscalls, or system calls, that allow processes to communicate with the kernel.
Sysctl
Learn about the sysctl command and how it can help with kernel tunables to alter the system configuration and perform additional security hardening.
Frequently Asked Questions
What is the difference between /dev/random and /dev/urandom?
The quality of random data from /dev/random is much higher than /dev/urandom, at the cost of availability of random data, especially early at the boot. Typically /dev/urandom is the preferred source to retrieve random data.
What is a tainted kernel?
The Linux kernel is marked tainted when a specific event happened that could impact reliable troubleshooting of kernel issues.
How to find the cause of a tainted Linux kernel?
Run the dmesg or journalctl command and search for 'tainted'.