Last change: 2025-01-10
The command setcap is a tool for Linux to set or remove file capabilities. Learn how to use setcap and its syntax for Linux capabilities.
Capabilities articles
Last change: 2025-01-10
The command getpcaps is a small tool for Linux to show what the Linux capabilities of a running process, which might be useful for introspection of the system.
Last change: 2025-01-10
The command getcap is a tool for Linux to show what file capabilities are available to a given file, which might be useful for introspection of the system.
Last change: 2025-01-10
The Linux command capsh provides a capability shell wrapper to set, test, and assist in debugging issues related to Linux capabilities.
Last change: 2025-01-06
Harden Linux system services by restricting systemd units with the SecureBits setting, which enables special behavior related to Linux capabilities.
Commands:
- capsh
- ps
- sudo
- systemd-run
Last change: 2025-01-06
Harden systemd services with this step-by-step guide to gather the right information to define sandboxing features and secure and protect resources from misuse.
Commands:
- auditctl
- ausearch
- grep
- journalctl
- strace
- strings
- systemctl
- which
Last change: 2025-01-10
Firejail is a tool to sandbox applications to restrict what they can do. It is a useful tool to limit the risk on privilege escalation and exploits.
Last change: 2025-01-10
The Linux command pscap shows an overview of running processes and what capabilities they have, or if they have the full set (unrestricted).
Last change: 2025-01-10
The Linux command netcap shows an overview of running processes and what capabilities they have. This applies to those that are using active network sockets.
Last change: 2025-01-10
The Linux command filecap shows what capabilities binaries have, such as from your PATH variable, or scanning a particular file system.
Last change: 2025-01-10
The captest command helps with testing Linux capabilities and includes by default a test to demonstrate to see if privilege escalation is possible.
Last change: 2025-01-06
Improve the security of services by defining what Linux capabilities are allowed with the help of systemd unit setting CapabilityBoundingSet.
Last change: 2025-01-07
Linux capabilities define the implementation of privileged tasks. This area collect everything related to Linux capabilities and what they do.
Last change: 2025-01-06
Linux capabilities provide a way to separate privileged actions. This overview shows the available Linux capabilities and their purpose.
Last change: 2025-01-06
Secure system and user services by restricting systemd units to read or write to the kernel log ring buffer with the unit setting ProtectKernelLogs.
Last change: 2025-01-06
Secure system and user services by restricting systemd units to load kernel modules with the ProtectKernelModules unit setting.
Last change: 2025-01-06
In-depth article about Docker security features, best practices and its history. With container technology evolving, Docker security can be challenging..
Last change: 2025-01-06
Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.
Last change: 2025-01-06
Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.
Last change: 2025-01-06
By dropping privileges a process can be better protected against attacks. Learn how this applies to Linux systems and software.