Capabilities

Capabilities

Everything related to Linux capabilities, like articles and an overview of the available capabilities.

ProtectHome setting

Restrict systemd units to access data in home directories with the unit setting ProtectHome.

ProtectKernelLogs setting

Restrict systemd units to read or write to the kernel log ring buffer with the unit setting ProtectKernelLogs.

ProtectKernelModules setting

Restrict systemd units to load kernel modules with the ProtectKernelModules unit setting.

Docker Security: Best Practices for your Vessel and Containers

In-depth article about Docker security features, best practices and its history. With container technology evolving, Docker security can be challenging..

Linux capabilities 101

Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.

Linux Capabilities: Hardening Linux binaries by removing setuid

Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.

How and why Linux daemons drop privileges

By dropping privileges a process can be better protected against attacks. Learn how this applies to Linux systems and software.