Capabilities

Linux capabilities define the implementation of privileged tasks. This area collect everything related to Linux capabilities and what they do.

Overview of Linux capabilities

An overview of the available Linux capabilities that allow processes to perform privileged actions.

ProtectHome setting

Harden system and user services by restricting systemd units to access data in home directories with the unit setting ProtectHome.

ProtectKernelLogs setting

Secure system and user services by restricting systemd units to read or write to the kernel log ring buffer with the unit setting ProtectKernelLogs.

ProtectKernelModules setting

Secure system and user services by restricting systemd units to load kernel modules with the ProtectKernelModules unit setting.

Docker Security: Best Practices for your Vessel and Containers

In-depth article about Docker security features, best practices and its history. With container technology evolving, Docker security can be challenging..

Linux capabilities 101

Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.

Linux Capabilities: Hardening Linux binaries by removing setuid

Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.

How and why Linux daemons drop privileges

By dropping privileges a process can be better protected against attacks. Learn how this applies to Linux systems and software.