Kernel articles

Last change: 2025-01-10

The uname command is a small utility on Linux systems to show system information. It is usually available by default and easy to use.

Last change: 2025-01-06

The Linux kernel uses namespaces to isolate resources and make them available to one or more processes. A bit like The Matrix movie.

Last change: 2025-01-06

The kernel ring buffer on Linux stores information about important kernel events that can be used by the system administrator to troubleshoot.

Last change: 2025-01-06

The Linux kernel uses the Linux scheduler to decide which tasks to run and for how long. This setting defines if additional statics should be tracked.

Last change: 2025-01-06

The Linux kernel uses the scheduler to run tasks for processing by the CPU and stores statistics in /proc/PID/sched file. Learn about these details.

Last change: 2025-01-06

The Linux kernel uses the Linux scheduler infrastructure to deal with tasks and assign them the right priority for processing by the CPU.

Last change: 2025-01-10

The command lsusb is a tool for Linux systems to show the available USB devices, including USB hub devices and everything connected to them.

Last change: 2025-01-10

The command setcap is a tool for Linux to set or remove file capabilities. Learn how to use setcap and its syntax for Linux capabilities.

Last change: 2025-01-10

The command getpcaps is a small tool for Linux to show what the Linux capabilities of a running process, which might be useful for introspection of the system.

Last change: 2025-01-10

The command getcap is a tool for Linux to show what file capabilities are available to a given file, which might be useful for introspection of the system.

Last change: 2025-01-10

The Linux command capsh provides a capability shell wrapper to set, test, and assist in debugging issues related to Linux capabilities.

Last change: 2025-01-06

Harden Linux system services by restricting systemd units with the SecureBits setting, which enables special behavior related to Linux capabilities.

Last change: 2025-01-10

Firejail is a tool to sandbox applications to restrict what they can do. It is a useful tool to limit the risk on privilege escalation and exploits.

Last change: 2025-01-10

The Linux command pscap shows an overview of running processes and what capabilities they have, or if they have the full set (unrestricted).

Last change: 2025-01-10

The Linux command netcap shows an overview of running processes and what capabilities they have. This applies to those that are using active network sockets.

Last change: 2025-01-10

The Linux command filecap shows what capabilities binaries have, such as from your PATH variable, or scanning a particular file system.

Last change: 2025-01-10

The captest command helps with testing Linux capabilities and includes by default a test to demonstrate to see if privilege escalation is possible.

Last change: 2025-01-06

Seccomp, or secure computing, is a security measure in the Linux kernel that allows processes to protect themselves against unexpected or unwanted behavior.

Last change: 2025-01-06

Sysctl key ipe.success_audit key is used to define if audit events should be created when using the Linux security module IPE (Integrity Policy Enforcement).

Last change: 2025-01-06

The sysctl key ipe.enforce defines the mode of the Linux security module IPE (Integrity Policy Enforcement). Learn about the possible values and their meaning.

Last change: 2025-01-06

The sysctl settings starting with ipe define the configuration of IPE (Integrity Policy Enforcement) module. Learn about the settings and possible values.

Last change: 2025-01-06

Learn the difference between Linux kernel random sources /dev/random and /dev/urandom, and when to use which one. Spoiler: probably /dev/urandom.

Last change: 2025-01-07

Linux capabilities define the implementation of privileged tasks. This area collect everything related to Linux capabilities and what they do.

Last change: 2025-01-06

Linux capabilities provide a way to separate privileged actions. This overview shows the available Linux capabilities and their purpose.

Last change: 2025-01-06

An overview of the available Linux syscalls, or system calls, that allows communication between user space processes and the Linux kernel.

Last change: 2025-01-06

Linux systems using systemd store kernel events in the journal logs. Show these entries with the '--dmesg' or '-k' option, optionally with a date.

Last change: 2025-01-06

The kernel has a wide range of network settings. Learn about the sysctl command and the values related to the network class.

Last change: 2025-01-06

The sysctl key net.ipv4.ip_forward key is used to define IP forwarding of IPv4 network packets. Learn about the possible values of this key and their meaning.

Last change: 2025-01-06

Secure the Linux kernel with the help of the sysctl kernel.perf_event_paranoid key, including the possible values and their meaning.

Last change: 2025-01-06

The Linux kernel is marked tainted when a specific event happened that could impact reliable troubleshooting of kernel issues. Learn about the relevant events.

Last change: 2025-01-06

The Linux kernel can mark itself as being 'tainted'. Learn what it means when the Linux kernel is tainted and in particular the underlying cause.

Last change: 2025-01-06

Frequently asked questions about the Linux kernel and kernel security.

Last change: 2025-01-06

Learn about the sysctl command and how it can help with kernel tunables to alter the system configuration and perform additional security hardening.

Last change: 2025-01-06

The Linux kernel has a range of settings that influence the behavior of the kernel itself. Learn about sysctl settings and values related to the kernel class.

Last change: 2025-01-06

Improve the Linux security by understanding and configuring the sysctl kernel.tainted key, including the possible values and their meaning.

Last change: 2025-01-06

The Linux kernel consists of many components. Learn from topics related to kernel itself, its configuration, up to security and querying information.

Last change: 2025-01-06

The Linux kernel can be secured with the help of kernel tunables called sysctl keys. Learn how system hardening principles can be applied using sysctl.

Last change: 2025-01-06

The Linux kernel provides modular support to allow loading kernel modules during runtime. To prevent security issues, learn how to disable or blacklisting.

Last change: 2025-01-06

The Linux kernel can be configured to disallow loading new kernel modules. Learn how this may help and how to configure this behavior in the sysctl settings.

Last change: 2025-01-06

Want to check if a reboot of the system is needed on Arch Linux? Here is how that can be done including the relevant commands.

Last change: 2025-01-06

Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.

Last change: 2025-01-06

By dropping privileges a process can be better protected against attacks. Learn how this applies to Linux systems and software.

Last change: 2025-01-06

Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.