Kernel
Pscap command
The Linux command pscap shows an overview of running processes and what capabilities they have, or if they have the full set (unrestricted).
Netcap command
The Linux command netcap shows an overview of running processes and what capabilities they have. This applies to those that are using active network sockets.
Filecap command
The Linux command filecap shows what capabilities binaries have, such as from your PATH variable, or scanning a particular file system.
Captest command
The Linux command captest helps with testing capabilities and in particular to see if privilege escalation is possible.
Seccomp (secure computing)
Seccomp, or secure computing, is a security measure in the Linux kernel that allows processes to protect themselves against unexpected or unwanted behavior.
Sysctl: ipe.success_audit
Sysctl key ipe.success_audit key is used to define if audit events should be created when using the Linux security module IPE (Integrity Policy Enforcement).
Sysctl: ipe.enforce
The sysctl key ipe.enforce defines the mode of the Linux security module IPE (Integrity Policy Enforcement). Learn about the possible values and their meaning.
Ipe
The sysctl settings starting with ipe define the configuration of IPE (Integrity Policy Enforcement) module. Learn about the settings and possible values.
What is the difference between /dev/random and /dev/urandom?
Learn the difference between Linux kernel random sources /dev/random and /dev/urandom, and when to use which one. Spoiler: probably /dev/urandom.
Linux capabilities
Linux capabilities define the implementation of privileged tasks. This area collect everything related to Linux capabilities and what they do.
Overview of Linux capabilities
Linux capabilities provide a way to separate privileged actions. This overview shows the available Linux capabilities and their purpose.
Overview of Linux syscalls
An overview of the available Linux syscalls, or system calls, that allows communication between user space processes and the Linux kernel.
How to see kernel messages with journalctl
Linux systems using systemd store kernel events in the journal logs. Show these entries with the '--dmesg' or '-k' option, optionally with a date.
Sysctl net.*
The kernel has a wide range of network settings. Learn about the sysctl command and the values related to the network class.
Sysctl: net.ipv4.ip_forward
The sysctl key net.ipv4.ip_forward key is used to define IP forwarding of IPv4 network packets. Learn about the possible values of this key and their meaning.
Sysctl: kernel.perf_event_paranoid
Secure the Linux kernel with the help of the sysctl kernel.perf_event_paranoid key, including the possible values and their meaning.
What is a tainted kernel
The Linux kernel is marked tainted when a specific event happened that could impact reliable troubleshooting of kernel issues. Learn about the relevant events.
How to find the specific cause of a tainted kernel
The Linux kernel can mark itself as being 'tainted'. Learn what it means when the Linux kernel is tainted and in particular the underlying cause.
Kernel: Frequently Asked Questions
Frequently asked questions about the Linux kernel and kernel security.
Sysctl
Learn about the sysctl command and how it can help with kernel tunables to alter the system configuration and perform additional security hardening.
Sysctl kernel.*
The Linux kernel has a range of settings that influence the behavior of the kernel itself. Learn about sysctl settings and values related to the kernel class.
Kernel.tainted
Improve the Linux security by understanding and configuring the sysctl kernel.tainted key, including the possible values and their meaning.
Kernel
The Linux kernel consists of many components. Learn from topics related to kernel itself, its configuration, up to security and querying information.
Linux hardening with sysctl settings
The Linux kernel can be secured with the help of kernel tunables called sysctl keys. Learn how system hardening principles can be applied using sysctl.
Kernel hardening: Disable and blacklist Linux modules
The Linux kernel provides modular support to allow loading kernel modules during runtime. To prevent security issues, learn how to disable or blacklisting.
Increase kernel integrity with disabled Linux kernel modules loading
The Linux kernel can be configured to disallow loading new kernel modules. Learn how this may help and how to configure this behavior in the sysctl settings.
How to check if your Arch Linux system needs a reboot
Want to check if a reboot of the system is needed on Arch Linux? Here is how that can be done including the relevant commands.
Protect against ptrace of processes: kernel.yama.ptrace_scope
Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.
How and why Linux daemons drop privileges
By dropping privileges a process can be better protected against attacks. Learn how this applies to Linux systems and software.
Linux kernel security and how to improve it
Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.