Linux articles

Last change: 2025-01-10

The uname command is a small utility on Linux systems to show system information. It is usually available by default and easy to use.

Last change: 2025-01-10

The head command is a small utility on Linux systems to show the first 10 or defined number of lines of a file or filter standard input.

Last change: 2025-01-06

The Linux kernel uses namespaces to isolate resources and make them available to one or more processes. A bit like The Matrix movie.

Last change: 2025-01-10

The lsns command on Linux can be used to show the namespaces that are in use on the system. It may be used for information gathering or troubleshooting.

Last change: 2025-01-10

The dmesg command shows available Linux kernel log entries from the kernel ring buffer, which include events about the boot, hardware, and processes.

Last change: 2025-01-06

The kernel ring buffer on Linux stores information about important kernel events that can be used by the system administrator to troubleshoot.

Last change: 2025-01-10

The lsfd command on Linux can be used to show opened file descriptors and apply filters such as by process or type to reduce the output.

Last change: 2025-01-10

The numactl command provides NUMA (Non-Uniform Memory Access) information and allows to make run commands with a specific NUMA policy.

Last change: 2025-01-06

The Linux kernel uses the Linux scheduler to decide which tasks to run and for how long. This setting defines if additional statics should be tracked.

Last change: 2025-01-06

The Linux kernel uses the scheduler to run tasks for processing by the CPU and stores statistics in /proc/PID/sched file. Learn about these details.

Last change: 2025-01-10

The renice command is a small utility on Linux systems and can be used to change the priority of a running process based on PID, process group ID, or user.

Last change: 2025-01-10

The nice command is a small utility on Linux systems and can be used to run a command with a specified scheduler priority.

Last change: 2025-01-10

The rev command on Linux can be used to reverse data such as a text string or lines in a file. It can use standard input and files.

Last change: 2025-01-10

The chrt command can be used to change the Linux scheduler class and a policy of a running process or start a command with the preferred scheduler settings.

Last change: 2025-01-06

The Linux kernel uses the Linux scheduler infrastructure to deal with tasks and assign them the right priority for processing by the CPU.

Last change: 2025-01-10

The blkid command helps locating and displaying block device information on Linux systems, such as hard disks and other devices.

Last change: 2025-01-10

The units command is a tool for Linux systems to convert one type or amount into another one. This can be a quantity, size, or currency.

Last change: 2025-01-10

The command pslog is a tool for Linux systems to show what log files a process has opened. If none, only the process ID will be displayed.

Last change: 2025-01-10

The command prtstat is a tool for Linux systems to show the process information such as process state, CPU and memory usage, and user and group information.

Last change: 2025-01-10

The command peekfd is a tool for Linux systems to monitor a process and see what file descriptor activity occurs, such as on open files and sockets.

Last change: 2025-01-10

The command pstree is a tool for Linux systems to show the processes and their children in a visual representation like a tree.

Last change: 2025-01-10

The whatis command helps system administrators to provide a one-line description of any matched manual page by looking in its local database.

Last change: 2025-01-10

The command apropos helps system administrators to quickly find manual pages on Linux by looking at their name and descriptions.

Last change: 2025-01-08

Dig is one of the primary tools when it comes to DNS. Resolve names, perform queries, troubleshooting any issues related to DNS. It's always DNS!

Last change: 2025-01-10

The slabtop command is a tool to how the slab usage of the Linux kernel, giving an idea on how fragmented the memory is.

Last change: 2025-01-10

The basename command is a small utility on Linux systems to strip the directory and suffix of a filename, to retrieve just the base of the name.

Last change: 2025-01-06

Linux systems using systemd can use the systemctl command to list all available and active service units. Learn how to use the command with these tips.

Last change: 2025-01-10

The pidwait command is a small utility on Linux that allows waiting for another process to stop, so the next task can be executed.

Last change: 2025-01-10

The pmap command is a tool to analyze a running process and show its process mapping, including the usage of libraries and memory usage.

Last change: 2025-01-10

The pwdx command is a tool on Linux to show the current working of a running process. This map help in troubleshooting issues with running programs.

Last change: 2025-01-10

All Linux commands that you might want to know about for system administration. For popular commands, there is also a cheat sheet available.

Last change: 2025-01-10

The uptime command is a small utility on Linux to provide the time that the system is running, the so-called uptime.

Last change: 2025-01-10

The watch command is a small utlity on Linux to monitor changes in output of a command. It can be used for monitoring changes and troubleshooting.

Last change: 2025-01-10

The lynis command runs a security audit on Linux systems to test for vulnerable packages, security issues, and possible improvements for system hardening.

Last change: 2025-01-10

The command fuser is a tool for Linux systems to show the process or processes that have a file or socket opened and can be used for troubleshooting.

Last change: 2025-01-10

The command lsusb is a tool for Linux systems to show the available USB devices, including USB hub devices and everything connected to them.

Last change: 2025-01-10

The command setcap is a tool for Linux to set or remove file capabilities. Learn how to use setcap and its syntax for Linux capabilities.

Last change: 2025-01-10

The command getpcaps is a small tool for Linux to show what the Linux capabilities of a running process, which might be useful for introspection of the system.

Last change: 2025-01-10

The command getcap is a tool for Linux to show what file capabilities are available to a given file, which might be useful for introspection of the system.

Last change: 2025-01-10

The Linux command capsh provides a capability shell wrapper to set, test, and assist in debugging issues related to Linux capabilities.

Last change: 2025-01-06

Harden Linux system services by restricting systemd units with the SecureBits setting, which enables special behavior related to Linux capabilities.

Last change: 2025-01-06

Harden Linux system services by restricting systemd units to remove any Inter-Process Communication (IPC) objects are a service is stopped.

Last change: 2025-01-06

Harden services on Linux with systemd unit setting PrivateUsers. It defines a new user namespace for the service and provides process capability isolation.

Last change: 2025-01-06

Harden services on Linux by using the systemd unit setting KeyringMode, which defines if the kernel session keyring information is available to the service.

Last change: 2025-01-06

Harden Linux system services by restricting systemd units to change the hostname or NIS domain name of the system with the unit setting ProtectHostname.

Last change: 2025-01-06

Harden system services on Linux by allowing systemd units to access only the specified paths with read permissions using the unit setting ReadOnlyPaths.

Last change: 2025-01-06

Harden Linux services using the systemd unit setting PrivateMounts, which gives the service the service its own mount namespace.

Last change: 2025-01-10

Harden the Dovecot IMAP and POP3 server configuration with the help of this predefined profile and leverage systemd sandboxing capabilities.

Last change: 2025-01-06

Harden Linux services by restricting systemd units to access the network interfaces of the host system using the PrivateNetwork unit setting.

Last change: 2025-01-06

Linux has multiple tools to process text files, including to search through files and filter out all unique words. Here is how to combine a few commands.

Last change: 2025-01-06

The version of systemd defines the available features and commands that is has to offer. Learn how to query the systemd version number.

Last change: 2025-01-06

Harden services on Linux by using the systemd unit setting PrivatePIDs, which allows running a service in its private PID namespace.

Last change: 2025-01-06

Harden systemd services with this step-by-step guide to gather the right information to define sandboxing features and secure and protect resources from misuse.

Last change: 2025-01-10

Firejail is a tool to sandbox applications to restrict what they can do. It is a useful tool to limit the risk on privilege escalation and exploits.

Last change: 2025-01-06

Looking for all DNS requests made on a Linux system? Tools like dnstop, firejail, and tcpdump can help to find what is being queried.

Last change: 2025-01-06

Harden the Apache web server configuration with the help of this predefined profile that implements systemd sandboxing capabilities and restricting resources.

Last change: 2025-01-10

The Linux command pscap shows an overview of running processes and what capabilities they have, or if they have the full set (unrestricted).

Last change: 2025-01-10

The Linux command netcap shows an overview of running processes and what capabilities they have. This applies to those that are using active network sockets.

Last change: 2025-01-10

The Linux command filecap shows what capabilities binaries have, such as from your PATH variable, or scanning a particular file system.

Last change: 2025-01-10

The captest command helps with testing Linux capabilities and includes by default a test to demonstrate to see if privilege escalation is possible.

Last change: 2025-01-06

Seccomp, or secure computing, is a security measure in the Linux kernel that allows processes to protect themselves against unexpected or unwanted behavior.

Last change: 2025-01-06

Systemd can track the number of network packets and data traffic of services with unit setting IPAccounting. See how to configure this setting for services.

Last change: 2025-01-06

Tighten the already secure OpenSMTPD software on Linux by using this predefined profile that uses the systemd sandboxing options.

Last change: 2025-01-06

Cheat sheet for using the pacman package manager on Linux systems, including common tasks that are to be performed with pacman.

Last change: 2025-01-06

Linux hardening security guides collected in one area, covering systems like AlmaLinux, Arch, Debian, Fedora, Ubuntu, and others.

Last change: 2025-01-06

Services that are controlled with systemd can be reloaded or restarted depending on their configuration. Use systemctl to perform the related restart tasks.

Last change: 2025-01-06

Systemd units can be enabled or disabled based on multiple factors, such as meeting specific dependencies. Learn how to see if a systemd service is enabled.

Last change: 2025-01-06

Systemd units can be configured to contain environment variables and passed along to the underlying application. Learn how to configure this unit setting.

Last change: 2025-01-07

The /etc/resolv.conf file is usually a regular file or a symbolic link to a regular file, defining which servers are used for DNS requests.

Last change: 2025-01-07

The /dev/random file is a special character file on Linux that provides random data from the Linux kernel random number generator.

Last change: 2025-01-06

Password hashing rounds refers to the number of iterations a particular hashing algorithm has to perform. Learn why and how to configure this on Linux systems.

Last change: 2025-01-06

Everything related to system hardening, from hardening guides to tools. Configure, test, and secure your system with these articles.

Last change: 2025-01-06

Everything related to iptables, one of the firewall solutions on Linux. Learn how to configure, tune, and monitor iptables.

Last change: 2025-01-06

SSH logs authentication attempts, but where? Find your SSH log file with these tips, such as in /var/log/auth.log or in the systemd journal.

Last change: 2025-01-06

This section covers articles related to the Linux nftables module, the replacement for iptables. Learn how to configure, tune, and monitor nftables.

Last change: 2025-01-06

The apt package manager can be used to download a package file without actually installing it. See how the download subcommand is used to achieve this.

Last change: 2025-01-06

Harden system and user services by configuring systemd units with more strict file permissions using the unit setting RuntimeDirectoryMode.

Last change: 2025-01-06

A healthy service should not have configuration issues. Perform a configuration test of the SSH daemon (sshd) by first running it using the '-t' option.

Last change: 2025-01-06

Learn how to see the dependencies of a package that is to be installed or already installed on the system using the apt package manager.

Last change: 2025-01-06

Learn how to remove previously installed packages on a Linux system using the apt package manager, such as Debian and Ubuntu.

Last change: 2025-01-06

Learn why and how packages may become unnecessary on Linux and how to remove them with the apt package manager on systems like Debian and Ubuntu.

Last change: 2025-01-06

Learn how to troubleshoot issues with systemd units by verifying the unit files for any errors. One of the tools to help is systemd-analyze.

Last change: 2025-01-06

Troubleshoot issues like units being marked as 'not-found' in the output of systemctl list-units. This articles help with the steps to take.

Last change: 2025-01-06

Systemd timers are scheduled tasks for Linux systems. Show timer information with the systemctl command such as status, last execution, and its schedule.

Last change: 2025-01-06

Learn how to use umask to set the default file permissions in Linux. We look at examples, including how and where to implement them.

Last change: 2025-01-06

Harden system and user services by configuring systemd units with a strict umask value using the unit setting UMask. Learn how to configure it in your units.

Last change: 2025-01-06

Harden system and user services on Linux by restricting systemd units to use realtime scheduling with the unit setting RestrictRealtime.

Last change: 2025-01-06

Harden services by restricting systemd units to set the set-user-ID (suid) or set-group-ID (sgid) bit on files with the unit setting RestrictSUIDSGID.

Last change: 2025-01-06

Harden system and user services on Linux by restricting systemd units to only use specified namespaces with the unit setting RestrictNamespaces.

Last change: 2025-01-06

Improve the security of services by defining what Linux capabilities are allowed with the help of systemd unit setting CapabilityBoundingSet.

Last change: 2025-01-06

Sysctl key ipe.success_audit key is used to define if audit events should be created when using the Linux security module IPE (Integrity Policy Enforcement).

Last change: 2025-01-06

The sysctl key ipe.enforce defines the mode of the Linux security module IPE (Integrity Policy Enforcement). Learn about the possible values and their meaning.

Last change: 2025-01-06

The sysctl settings starting with ipe define the configuration of IPE (Integrity Policy Enforcement) module. Learn about the settings and possible values.

Last change: 2025-01-06

Learn the difference between Linux kernel random sources /dev/random and /dev/urandom, and when to use which one. Spoiler: probably /dev/urandom.

Last change: 2025-01-06

Restrict systemd units to access information from the kernel tunables in the /proc and /sys directories with the unit setting ProtectKernelTunables.

Last change: 2025-01-06

The file /proc/kallsysm contains a symbol table from the kernel with function and variable names. Learn about its purpose and security implications.

Last change: 2025-01-06

Learn how to harden systemd units by preventing processes from switching their personality (kernel execution domain) with the LockPersonality setting.

Last change: 2025-01-06

Learn how to harden systemd unit by preventing processes and their children from obtaining new privilege with the NoNewPrivileges setting.

Last change: 2025-01-07

Harden Linux services using the systemd unit setting SystemCallArchitectures, to restrict access to files in /dev and limit those to common pseudo-devices.

Last change: 2025-01-06

Harden Linux services using the systemd unit setting PrivateDevices, to restrict access to files in /dev and limit those to common pseudo-devices.

Last change: 2025-01-06

Learn how to harden systemd units by giving processes their own view on temporary directories /tmp and /var/tmp, preventing possible misuse.

Last change: 2025-01-06

Harden system services by using the systemd unit settings such as NoExecPaths to disable program execution from specified paths.

Last change: 2025-01-07

Harden system services by using the systemd unit settings such as ExecPaths and NoExecPaths to allow program execution from only specified paths.

Last change: 2025-01-06

Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectControlGroups unit setting.

Last change: 2025-01-06

Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectSystem unit setting.

Last change: 2025-01-06

Harden system and user services by restricting systemd units to access clock information with the ProtectClock unit setting.

Last change: 2025-01-06

Learn how to use the journalctl command to query the disk usage of the journal logs and how to clean or trim them by number, size, or age.

Last change: 2025-01-06

Got a busy Linux systems and wondering what the culprit is? Learn how to monitor them and focus on disk activity with tools like iotop, sar, vmstat, or iostat.

Last change: 2025-01-06

The file command is a powerful tool for Linux users. Learn how to see the file type of normal and special files on a Linux system.

Last change: 2025-01-06

File systems on Linux store a lot more than just the data itself. Learn how to see the size of a file on Linux systems using the ls or stat command.

Last change: 2025-01-06

Learn how to sort the output of the ls command and list a directory contents by its modification time. Here is which options to use.

Last change: 2025-01-06

Linux systems using systemd, use timers to schedule a repeating task. Learn how to configure these systemd timer units and fine-tune them.

Last change: 2025-01-10

The command systemd-analyze helps analyzing systemd components to optimize the system including performance and security.

Last change: 2025-01-06

Want to know if systemd is used on your Linux distribution? Learn how to quickly confirm that systemd is being used as your system and service manager.

Last change: 2025-01-06

Learn how to load and use your SSH key together with a SSH agent. This frequently asked question will explain the usage of ssh-add and ssh-agent.

Last change: 2025-01-06

Linux systems using systemd have the systemctl command available that can be used to show all service units, including a filter for only those that are enabled.

Last change: 2025-01-06

Harden the nginx configuration with the help of this predefined profile that implements systemd sandboxing capabilities and restricting resources.

Last change: 2025-01-06

Harden system and user services by allowing systemd units to only use system call bind() on sockets specified with the unit setting SocketBindAllow.

Last change: 2025-01-06

Harden system and user services by restricting systemd units to use system call bind() on sockets specified with the unit setting SocketBindDeny.

Last change: 2025-01-07

Harden system and user services on Linux by restricting systemd units to access devices in the /dev directory with the unit setting DevicePolicy.

Last change: 2025-01-06

Restrict systemd units to access devices in the /dev directory with the unit setting DeviceAllow. Learn how to configure it for your services.

Last change: 2025-01-07

Linux capabilities define the implementation of privileged tasks. This area collect everything related to Linux capabilities and what they do.

Last change: 2025-01-06

Linux capabilities provide a way to separate privileged actions. This overview shows the available Linux capabilities and their purpose.

Last change: 2025-01-06

Systemd units may be shown in a failed state if something goes wrong. Learn how to troubleshoot these failed units, possible causes, and how to resolve them.

Last change: 2025-01-06

When making changes to systemd unit files, you may need to use systemctl daemon-reload. This article explains why and what happens next.

Last change: 2025-01-06

When systemd units are changed, a 'systemctl daemon-reload' might be needed. Need to know why? We can find the relevant units with some scripting.

Last change: 2025-01-06

Systemd units can be filtered using the SystemCallFilter setting. Learn how to see what syscalls are part of a particular syscall filter set.

Last change: 2025-01-06

Harden system and users services, by defining if they are allowed to use specific syscalls or groups, with the use of systemd unit setting SystemCallFilter.

Last change: 2025-01-06

An overview of the available Linux syscalls, or system calls, that allows communication between user space processes and the Linux kernel.

Last change: 2025-01-06

Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.

Last change: 2025-01-06

Want to disable a systemd service unit, but wondering the difference between systemctl disable and systemctl mask? This article explains the differences.

Last change: 2025-01-06

Systemd allows customizing services with overrides. Learn how to edit an existing systemd service unit with the systemctl edit command.

Last change: 2025-01-06

Linux systems using systems may use the systemctl command to query services. Use a filter to reduce its output and only show all running services.

Last change: 2025-01-06

Systemd version 256 introduced the run0 command to run privileged commands. Learn how to get everything out of run0 tool and replace sudo.

Last change: 2025-01-06

Learn how to use the run0 command part of systemd, its purpose, and how to use it for elevating privileges to run privileged tasks.

Last change: 2025-01-06

The background color of run0, part of systemd, can be changed with the '--background' option. This way another color can be configured instead of its default.

Last change: 2025-01-06

Block the ability for systemd units to create or alter memory segments to become writable and executable as well with the unit setting MemoryDenyWriteExecute.

Last change: 2025-01-06

Harden system and user services on Linux by limiting systemd units to access specified paths with the unit setting InaccessiblePaths.

Last change: 2025-01-06

Linux has a wide range of tools to do data processing and text manipulation. Learn how to remove trailing whitespace from a file using the sed command.

Last change: 2025-01-06

Learn how to insert a line of text at the beginning of a file using the sed command. Great to automate repeating tasks and do data processing.

Last change: 2025-01-06

Frequently asked questions about data and text processing are covered in this section with focus on Linux tools and systems.

Last change: 2025-01-06

The systemctl command can be used to show the memory usage of a service managed by systemd. Use the subcommand 'status' to find the details about a unit.

Last change: 2025-01-06

Linux systems using systemd can use the systemctl command to show the all applied unit settings. This can be used on units like a service.

Last change: 2025-01-06

Systemd units have their own configuration file. The systemctl 'edit' command can be used to override settings of a systemd unit, including services.

Last change: 2025-01-06

Harden system and user services on Linux by allowing systemd units access to only the specified paths to read or write with the unit setting ReadWritePaths.

Last change: 2025-01-07

Secure your nginx service by using security features provided by systemd. We have a look at the available options that systemd units can offer.

Last change: 2025-01-06

Systemd has a wide set of unit settings available that can be used to secure units and system services. Learn which ones and how to implement them.

Last change: 2025-01-06

Harden system and user services by restricting systemd units to access information from the /proc directory with the unit setting ProcSubset.

Last change: 2025-01-06

Harden system and user services on Linux by restricting systemd units using only the specified socket address families with setting RestrictAddressFamilies.

Last change: 2025-01-06

Harden system and user services by restricting systemd units to access information from the /proc directory with the unit setting ProtectProc.

Last change: 2025-01-06

Harden system and user services by restricting systemd units to access data in home directories with the unit setting ProtectHome.

Last change: 2025-01-06

Secure system and user services by restricting systemd units to read or write to the kernel log ring buffer with the unit setting ProtectKernelLogs.

Last change: 2025-01-06

Secure system and user services by restricting systemd units to load kernel modules with the ProtectKernelModules unit setting.

Last change: 2025-01-06

Control groups allocate resources to a set of processes. Learn how to find the control group (cgroup) of a process by using /proc, pidof, or ps.

Last change: 2025-01-06

Want to see the control group in the output of the ps command? Here is how to tune your command options to include that.

Last change: 2025-01-06

Linux systems running systemd can use the timedatectl command to show time synchronization details. Learn how to use it, including its subcommands.

Last change: 2025-01-06

Linux systems using systemd store an unique identifier called the machine ID. Find this value using the hostnamectl command that comes with systemd.

Last change: 2025-01-06

The systemctl command has the list-dependencies option to show dependencies between units. But there are more options to query a little bit more information.

Last change: 2025-01-06

The systemctl command can be used to show all available systemd unit types. Here is how to find the available types and to select them.

Last change: 2025-01-06

Linux systems using systemd have the systemctl command available to show all active systemd units of one particular type using the '--type' option.

Last change: 2025-01-06

Learn how to define the maximum size that the systemd journal daemon may use on Linux systems for storing journals and limit its disk usage.

Last change: 2025-01-06

Use the journalctl command to show the size of the systemd journal logs. In this article we look how journalctl vacuuming works.

Last change: 2025-01-06

Linux systems using systemd store kernel events in the journal logs. Show these entries with the '--dmesg' or '-k' option, optionally with a date.

Last change: 2025-01-06

Systemd units define resources, such as a service, path, socket, or timer. They are usually managed with the systemctl command.

Last change: 2025-01-06

Linux systems with systemd use journal to store log entries. Learn how to filter these journal entries by specifying a date or time interval.

Last change: 2025-01-06

Learn how to continuously show new log entries on Linux systems using systemd with the journalctl command. The behavior will be like the 'tail -f' command.

Last change: 2025-01-06

Linux systems with systemd store log entries in a journal. Limit the number of log entries from the journal by filtering journalctl output by unit.

Last change: 2025-01-06

When changes are made to systemd unit files, such as service files, the systemd daemon needs to be reloaded. Use the daemon-reload subcommand to reload.

Last change: 2025-01-06

Systemd is a system and service manager on Linux distributions to start, stop, and monitor system services. Learn about systemd is and the main components.

Last change: 2025-01-06

Systemd units that are in a masked state are administratively disabled. While being in this state, they can not be started until they are unmasked.

Last change: 2025-01-10

Running a Linux system with systemd? All relevant systemd commands in one overview, their purpose, and when they were first introduced.

Last change: 2025-01-06

Learn about the SSH client option ProxyJump, that allows using a bastion host or jump server to connect to other systems.

Last change: 2025-01-06

Secure SSH connections and learn about the ForwardAgent option, the available values, relevant security risks, and how to configure it.

Last change: 2025-01-06

The agent forwarding feature in SSH allows using your local SSH agent to be reached through an existing SSH connection. Learn when and how to use it.

Last change: 2025-01-06

The OpenSSH agent helps with authentication by making SSH keys available. Learn how to start the SSH agent when it is not running on your Linux system.

Last change: 2025-01-06

The SSH agent is a helper utility to temporarily store private keys when using public key authentication. Learn more about how this helps during daily tasks.

Last change: 2025-01-06

The SSH agent can be used to simplify authentication. As that is not always preferred behavior, we can disable the SSH agent when authenticating.

Last change: 2025-01-06

OpenSSH can be configured to use an alternative SSH agent, or even none. Learn about the IdentityAgent option, available values, and how to configure it.

Last change: 2025-01-07

The configuration file /etc/ssh/ssh_config contains settings related to the OpenSSH client. Learn more about this file its configuration.

Last change: 2025-01-06

Linux systems are usually managed remotely with SSH. Learn how to configure and optimize the SSH client and improve its security.

Last change: 2025-01-06

OpenSSH can be configured on the server and client. Learn about the locations where SSH client settings are configured and what precedence they take.

Last change: 2025-01-06

On Linux systems such as Arch Linux, pacman is the default package manager. Query the pacman package manager to show all installed packages.

Last change: 2025-01-06

Secure your OpenSSH configuration and learn about the StrictHostKeyChecking option, available values, and how to configure it.

Last change: 2025-01-06

Secure SSH connections and learn about the PasswordAuthentication option, its available values, and how to configure it.

Last change: 2025-01-06

What is security through obscurity? This article explains this term including examples relevant to Linux security and system hardening.

Last change: 2025-01-06

Learn how to stop all processes of a single user using the killall command. To make this work, use the --user option and specify the username.

Last change: 2025-01-06

OpenSSH performs a host authenticity check when connecting to a system. Learn how to disable the check with the SSH option StrictHostKeyChecking.

Last change: 2025-01-06

Learn common security concepts that also will apply when securing Linux environments, like system hardening and implementing security measures.

Last change: 2025-01-06

Learn how to make changes to your SSH configuration to have it running on a different port. Change it from port 22 to something like 2222.

Last change: 2025-01-06

Configure a welcome message or banner for users to see before or after logging in via SSH. Here are the instructions to change the relevant configuration files.

Last change: 2025-01-06

OpenSSH has escape sequences available to initiate special commands during an active SSH session. Learn about the available escape sequences with this overview.

Last change: 2025-01-06

Learn about SSH escape sequences and how they can help with terminating a SSH connection that does not respond to CTRL+C.

Last change: 2025-01-06

While protecting SSH keys is typically advised, it is not always feasible in automated processes. Learn how to remove the password or passphrase from a SSH key.

Last change: 2025-01-06

The SSH agent can load stored SSH keys into memory for authentication purposes. Use the ss-add command to show the available SSH keys that are loaded.

Last change: 2025-01-06

Frequently asked questions about SSH, such as SSH keys, configuration, and usage.

Last change: 2025-01-10

The kill command can be used on Linux systems to send a defined signal to a process. Learn how to use it and what signals are available.

Last change: 2025-01-06

A zombie process, or defunct process, has completed execution, but has still an entry in the process table. Learn more about a zombie process on Linux.

Last change: 2025-01-06

How to kill a zombie process on Linux if it no longer responds to kill -9? Learn about zombie processes, including a few last steps that you can try.

Last change: 2025-01-06

When running a Linux system, you may need to find the process ID (PID) and process name. On Linux we can do this with the help of the pgrep command.

Last change: 2025-01-06

Each process on Linux has its own number. Discover this number is called the process ID (PID). Learn how to find the PID for a running process by name.

Last change: 2025-01-06

Want to know the difference between SIGHUP, SIGKILL, and SIGTERM? Learn about Linux process signals, including a list and description.

Last change: 2025-01-06

Linux administrators can interact in multiple ways with running processes. Learn how to find and stop a running process on Linux by searching for its name.

Last change: 2025-01-06

Frequently asked questions about running processes on a Linux systems, such as starting and stopping processes, query information, and monitoring them.

Last change: 2025-01-06

The kernel has a wide range of network settings. Learn about the sysctl command and the values related to the network class.

Last change: 2025-01-06

The sysctl key net.ipv4.ip_forward key is used to define IP forwarding of IPv4 network packets. Learn about the possible values of this key and their meaning.

Last change: 2025-01-06

Show IP address information on Linux with the help of the ip command. Learn which subcommands to use to query the relevant details.

Last change: 2025-01-06

Show the IP address of your internet connection using the dig or the curl command. Learn which options can be used to find out this information.

Last change: 2025-01-06

Find the active DNS server being used by reviewing the network configuration, including common commands to query this information.

Last change: 2025-01-06

Use the find command to search for any files on Linux that are writable. To make this work, the -perm option of find can be used.

Last change: 2025-01-10

The command apt-file can help with discovering which files belong to a package or what package installed or provides them. Learn which options to use.

Last change: 2025-01-06

The cheat sheet for the apt package manager to cover the most used options. Learn how to get more out of the apt command.

Last change: 2025-01-06

Disks will eventually fill up. Learn how to quickly see the size of a directory or folder on Linux systems using the du command.

Last change: 2025-01-06

Files starting with a dot are usually hidden on Linux. Learn how to see any hidden files on the command line or in the terminal using the ls command.

Last change: 2025-01-06

Learn how to see files smaller or bigger than a specific defined size on Linux, using the du command. Or use the find command to achieve a similar result.

Last change: 2025-01-06

Linux filesystems typically store file modification timestamps. Learn how to find the last modification time of a file or subdirectory in a specified directory.

Last change: 2025-01-06

Linux file systems use inodes, unique references to link to a file or directory. Learn how to see inode usage on a Linux file system or mount point.

Last change: 2025-01-06

Learn how to see used and remaining disk space on Linux systems by gathering the statistics of file systems and mount points using the df command.

Last change: 2025-01-06

The Linux kernel controls hardware access, including for USB. Learn how to monitor USB devices with the usbmon kernel module, together with Wireshark or Tshark.

Last change: 2025-01-07

An overview of common Linux files and directories and their purpose. Learn why these files exist, file permissions, and other details about them.

Last change: 2025-01-07

The configuration file /etc/ssh/sshd_config contains settings related to the OpenSSH server daemon. Learn more about this file its configuration.

Last change: 2025-01-06

Everything related to networking, from the network configuration up to DNS resolving. Test and configure your system with these articles.

Last change: 2025-01-06

Linux has in-depth details, including about network connections. Show the number of open connections using the ss command on Linux.

Last change: 2025-01-06

Linux has in-depth process information. Learn more about processes, such as when a process was started, using the ps tool.

Last change: 2025-01-06

There are multiple ways to see when a Linux system was started, such as using the uptime command, but also with commands like ps.

Last change: 2025-01-10

The command smem can help showing memory usage, including the usage of swap. Here are the most common options explained.

Last change: 2025-01-10

The command iftop shows ongoing bandwidth usage on one or more network interfaces and is a great tool for troubleshooting network issues.

Last change: 2025-01-06

Show the bandwidth usage and active connections by using the iftop tool on Linux. Learn how to use the tool to quickly find out this information.

Last change: 2025-01-10

Linux systems may use the pidstat command to retrieve system information such as details about CPU, memory, and disk activity by processes.

Last change: 2025-01-06

Articles and information about troubleshooting system performance issues on Linux systems with focus on CPU (central processing unit) usage.

Last change: 2025-01-06

How to check if a directory or file exists within a shell script? This can be achieved by using an operator of the test command.

Last change: 2025-01-06

This section has all articles and information about troubleshooting network performance issues and monitoring network statistics.

Last change: 2025-01-10

The lscpu command reports information about the CPU, such as architecture, vendor identification, virtualization features, cache, and even CPU vulnerabilities.

Last change: 2025-01-06

Articles and information about how memory, such as RAM, is being used on Linux systems. Great for system administration and troubleshooting purposes.

Last change: 2025-01-10

The command nstat provides network interface statistics on Linux and can be used for monitoring and troubleshooting. Learn about the available nstat options.

Last change: 2025-01-06

Articles and tools to troubleshoot Linux system performance issues. Learn more about the available tools and good one-liners.

Last change: 2025-01-06

Memory pages might need to be swapped to disk if the physical memory is full. Troubleshoot Linux system performance issues with focus on swap memory.

Last change: 2025-01-06

Secure the Linux kernel with the help of the sysctl kernel.perf_event_paranoid key, including the possible values and their meaning.

Last change: 2025-01-06

Learn how to find the Linux distribution and version of a system. Use the right tool or file to find the relevant details.

Last change: 2025-01-06

Everything related to managing Linux systems, from discovering what Linux distribution is running, up to full configuration and automation.

Last change: 2025-01-10

All common Linux commands available in one overview, categorized, and complemented with a short description about it's main purpose.

Last change: 2025-01-06

Want to see all hardware details of a system? Then dmidecode is your friend, helping to decode all information from the SMBIOS specification.

Last change: 2025-01-06

Linux systems have a wide range of supporting utilities available. Show memory information such as memory type, the number of banks in use, and speed.

Last change: 2025-01-06

Need to delete the contents of a sensitive file on Linux? Instead of just deleting it with rm, have a look at some other options for a more secure deletion.

Last change: 2025-01-06

Linux may store the initial creation of a file. Learn how to use the stat command to find this initial creation time of a file, also known as its birth time.

Last change: 2025-01-06

All Linux cheat sheets to simplify your system administration and Linux security efforts. Something missing? Let it know.

Last change: 2025-01-06

The Linux kernel is marked tainted when a specific event happened that could impact reliable troubleshooting of kernel issues. Learn about the relevant events.

Last change: 2025-01-06

The Linux kernel can mark itself as being 'tainted'. Learn what it means when the Linux kernel is tainted and in particular the underlying cause.

Last change: 2025-01-06

Frequently asked questions about the Linux kernel and kernel security.

Last change: 2025-01-06

Learn about the sysctl command and how it can help with kernel tunables to alter the system configuration and perform additional security hardening.

Last change: 2025-01-06

The Linux kernel has a range of settings that influence the behavior of the kernel itself. Learn about sysctl settings and values related to the kernel class.

Last change: 2025-01-06

Improve the Linux security by understanding and configuring the sysctl kernel.tainted key, including the possible values and their meaning.

Last change: 2025-01-06

The Linux kernel consists of many components. Learn from topics related to kernel itself, its configuration, up to security and querying information.

Last change: 2025-01-06

Want to see or configure every piece of information about networking, including routing on Linux? Forget tools like netstat and learn using the ip command.

Last change: 2025-01-06

Show the network link details using the ip command to find out if a network has errors or dropped packets on a Linux system.

Last change: 2025-01-06

Get information about open files on Linux using the lsof command. This cheat sheet covers many common uses for using lsof and how to use it.

Last change: 2025-01-06

If you want to learn more about network connections on Linux, then ss is the tool to get the job done. Learn how to use it with this cheat sheet.

Last change: 2025-01-06

Frequently asked questions about networking, such as DNS, IP configuration, TCP/UDP details, and more.

Last change: 2025-01-06

Query the package manager to show installed packages on Ubuntu systems including version details. This can be done with the dpkg command and --list option.

Last change: 2025-01-06

Frequently asked questions about software and in particular the package manager. Learn how to install packages, query package versions, and more.

Last change: 2025-01-06

Learn how to show installed packages on Linux systems. This overview covers common package managers including those for AlmaLinux, Debian, openSUSE, and Ubuntu.

Last change: 2025-01-06

The BIOS details can be displayed from within Linux itself. Learn how to query these details and where to find more information.

Last change: 2025-01-06

Frequently asked questions about hardware information on Linux systems, such as BIOS details, hard disks, USB devices, memory, and other details.

Last change: 2025-01-06

Systemd units can be configured with a lot of fine-grained settings. This overview shows which settings are available and what they do.

Last change: 2025-01-06

Systemd can be configured and fine-tuned beyond imagination. This section covers what and where you can configure them, such as the many unit settings.

Last change: 2025-01-06

Find the biggest directories and files on disk by using the du command. The output can be sorted using numeric values to find the biggest entries.

Last change: 2025-01-06

Want to find all masked unit files on a Linux system running systemd? In this article we show how to do this with systemctl and query those units.

Last change: 2025-01-06

Limit the output from journalctl by defining the number of lines you want to see by using the '-n' option, optionally with the service itself.

Last change: 2025-01-06

Want to disable a service or specific systemd unit? Use the systemctl command to configure units and disable it on boot or completely.

Last change: 2025-01-06

Systemd can start and enable a unit, such as a service at the same time. Learn how to use systemctl more efficiently to achieve this this action.

Last change: 2025-01-06

Want to check the system for failed systemd units? In this article we show how to do this with systemctl and query the units with a failure state.

Last change: 2025-01-06

Frequently asked questions about systemd, systemctl, and journalctl. Learn by practical examples how to use these tools.

Last change: 2025-01-06

Frequently asked questions about file systems, file permissions, directories and files.

Last change: 2025-01-06

Which systemd unit types are available and what is their goal? In this article we cover them and show some useful commands related to these units.

Last change: 2025-01-06

Learn how to get every piece of information from systemd units, such as services and timers, including its configuration and status.

Last change: 2025-01-06

Want to improve caching on your nginx web server? Learn how to set the Expires header and enhance your nginx configuration.

Last change: 2025-01-06

Want to delete one or more characters from a variable or piped output? There are multiple ways to achieve this using standard system utilities.

Last change: 2025-01-06

When it comes to a powerful tools on Linux, AWK is definitely one to know. This cheat sheet explains the basics and shows many useful one-liners

Last change: 2025-01-06

Learn the basics of how a Linux system applies file permissions. We look at examples to demystify the permissions mean and learn to troubleshoot common issues.

Last change: 2025-01-06

All articles about the purpose of a file system and how it works. Learn how to become a specialist to further secure your system.

Last change: 2025-01-06

When you create a shell script, many things can go wrong. With a few basics you can catch errors easier and at the same time make your scripts (more) fail-safe.

Last change: 2025-01-06

How to prompt users in your shell script, like asking answer Yes or No? In this article we look at options to achieve this.

Last change: 2025-01-06

Want to rename files in bulk, but looking for a good tool that can be used on Linux? This article has your covered, with several options.

Last change: 2025-01-06

An step-by-step introduction into ELF files. Learn the structure and format, to understand how binaries and libraries on Linux systems work.

Last change: 2025-01-06

Livepatch is a feature to do live kernel patching for Linux systems. It allows applying security updates without rebooting the system. Learn how it works!

Last change: 2025-01-06

Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.

Last change: 2025-01-06

Demand for Linux security experts has risen over the last years. This article shows the relevant Linux security topics and required skills. Do you master them?

Last change: 2025-01-06

The year 2017 is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments.

Last change: 2025-01-06

So what is true about Linux security and what isn't? In this article we look at common security myths when it comes to Linux.

Last change: 2025-01-06

An insight in the technical aspects and requirements for Linux systems when it comes to compliance with the GDPR, the General Data Protection Regulation.

Last change: 2025-01-06

One of the options to improve password security is by setting a minimum password length. This article explains how to configure and test this security step.

Last change: 2025-01-06

The replacement of iptables is known as nftables. In this article, we learn to install nftables and configure it, to secure your Linux systems.

Last change: 2025-01-06

Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file and show some configuration.

Last change: 2025-01-06

Linux malware, research, and more in this interview with unixfreaxjp, te is the leader and founder of the malware research group MalwareMustDie.

Last change: 2025-01-06

Oracle Linux is based on Red Hat Enterprise Linux. At first, it may be confusing to determine what specific Oracle version of the operating system is used.

Last change: 2025-01-06

With the right Linux software tools, it is easy to find to which package a file belongs. Or the opposite, what files are part of an installed package.

Last change: 2025-01-06

Grep is a powerful utility on Linux. Want to get more out of the tool? This article will show you how to use it including many practical examples.

Last change: 2025-01-06

Software updates and package management is easy, until you get a KEYEXPIRED message. In this article we should how it happens and the way to solve it.

Last change: 2025-01-06

System hardening is the process of improving security defenses of desktop and servers. It is usually time-consuming, so let's decide when enough is enough.

Last change: 2025-01-06

With so many Linux distributions, one might ask what the differences between CentOS, Fedora, and RHEL. In this article we cover these three.

Last change: 2025-01-06

The availability of ransomware on Linux is growing. This is the story behind how things started and what we can expect to be next in the near future.

Last change: 2025-01-06

The Linux kernel can be secured with the help of kernel tunables called sysctl keys. Learn how system hardening principles can be applied using sysctl.

Last change: 2025-01-06

Linux Security Should be Simple, Right? Why that is not a reality, and we might never achieve it is discussed in this article.

Last change: 2025-01-06

The best way to defend a system is by understanding how attackers work. Learn about privilege escalation on Linux and discover the measures and tools.

Last change: 2025-01-06

The dnf package manager and dnf-automatic tool can be used for automated security patching on Linux systems. It requires only a few steps to set it up.

Last change: 2025-01-06

Malicious software plague computers for more than 40 years and most likely this threat will never stop. What should you know about it to protect yourself?

Last change: 2025-01-06

An overview of the differences between firewall technologies iptables and nftables. We highlight the major differences like simplicity and management.

Last change: 2025-01-06

Use iptables and ipset to create a blocklist and block one or more IP addresses on Linux. This guide will explain how to use and configure blocklists.

Last change: 2025-01-06

Linux systems running Ubuntu might show the message 'System program problem detected'. This article shows how to deal with the message.

Last change: 2025-01-06

How to deal with Linux vulnerabilities? This article shares the insights, methods, and tools to help with detection and prevention on Linux systems.

Last change: 2025-01-06

Show the available network interfaces and information on Linux with the right tools. We cover common replacements for iptables and netstat, with examples.

Last change: 2025-01-06

This is the technical Linux guide to achieve compliance with the PCI DSS standard. Become compliant, with Linux tips for configuration and auditing.

Last change: 2025-01-06

The strace utility is diverse and helpful in performance tuning, troubleshooting, and monitoring process activity. Get the most out of this powerful tool!

Last change: 2025-01-06

Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.

Last change: 2025-01-06

The Linux kernel provides modular support to allow loading kernel modules during runtime. To prevent security issues, learn how to disable or blacklisting.

Last change: 2025-01-06

The Linux kernel can be configured to disallow loading new kernel modules. Learn how this may help and how to configure this behavior in the sysctl settings.

Last change: 2025-01-06

Docker Inc. is one of the pioneers in the world of DevOps and known for its toolkit around Linux container technology. Will Docker make things more secure?

Last change: 2025-01-06

Configuration management and system auditing go hand in hand. In this article we cover both and learn why this combination is so powerful.

Last change: 2025-01-06

Linux systems are usually managed remotely with SSH, often still using passwords. Time to switch over to SSH keys and here is how to do that.

Last change: 2025-01-06

Linux systems are usually managed remotely with SSH. Learn how to configure the SSH server daemon and improve its security.

Last change: 2025-01-06

With five basic security principles we can improve system security of almost any Linux system. Start here your journey to learn them.

Last change: 2025-01-06

Learn the structure of the /etc/shadow file and what the fields mean. After reading, the file should be less cryptic than it was before.

Last change: 2025-01-06

The PCI DSS standard defines Creation and deletion of system-level objects. For Linux systems this might be handled with the Linux audit framework.

Last change: 2025-01-06

Security frameworks like SELinux, AppArmor, and SMACK, provide protection to Linux. Learn about these Linux security modules (LSM).

Last change: 2025-01-06

In-depth article about Docker security features, best practices and its history. With container technology evolving, Docker security can be challenging..

Last change: 2025-01-06

PCI DSS compliance control 10.2.4 mandates to monitor invalid logical access attempts. For Linux we can use the Linux audit framework to monitor for this event.

Last change: 2025-01-06

PCI DSS requires logging of administrative actions, including commands executed by the root user or using sudo. Learn how to set up accounting and auditing.

Last change: 2025-01-06

Want to check if a reboot of the system is needed on Arch Linux? Here is how that can be done including the relevant commands.

Last change: 2025-01-06

Nftables has an export subcommand available to make it easier to export firewall rules via the nft command line utility. Let's discover the options.

Last change: 2025-01-06

Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.

Last change: 2025-01-06

Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.

Last change: 2025-01-06

Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.

Last change: 2025-01-06

PCI compliance demands that no write access is allowed to shared system binaries. Let's use several tools to determine if write access is allowed.

Last change: 2025-01-06

Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.

Last change: 2025-01-06

Security scanning can be boring and time consuming. In this article we have a look at how simple it can be, when it comes to security scans.

Last change: 2025-01-06

Shell scripting doesn't have to be boring. Let's look at a few common things that many don't know about about shell scripts.

Last change: 2025-01-06

Debian based systems, like Ubuntu, need sometimes a reboot as well. We have a look on determining if a required reboot is needed and due to what packages.

Last change: 2025-01-06

We have a look at implementing Linux security in IT environments and the related success criteria. Let's plan for success and get those measures implemented!

Last change: 2025-01-06

The solution to avoid using Linux hardening checklists for your servers is simple. With proper automation and regular checks, checklists could be avoided.

Last change: 2025-01-06

With security getting more and more attention, we focus on Linux security for DevOps. Also DevOps will need hardening, auditing and dealing with compliance.

Last change: 2025-01-06

Linux rootkits are malicious components to maintain unauthorized access. In this article about intrusion detection we have a look at rootkits and detection.

Last change: 2025-01-06

Protecting computer networks consists of implementing preventative measures, including system auditing. Let's have a look how this relates to Linux.

Last change: 2025-01-06

Stay up-to-date with security patching is part of a decent security management process. This article looks into vulnerable packages on OpenSuSE.

Last change: 2025-01-06

The root account is a special account for Unix based systems. Protecting it with the right measures, secures the system and decreases system compromises.

Last change: 2025-01-06

In-depth article about auditing Linux processes. Determination of running processes, memory and on-disk structure and the proper tools for analyzing them.

Last change: 2025-01-06

One of the myths is that Linux systems are secure by default. Learn what kind of measures you can implement and which security tools help with that.

Last change: 2025-01-06

Tips for people who would like to perform audits on Linux and become a Linux auditor in particular. Including hints regarding certifications and tools.

Last change: 2025-01-06

When auditing a Linux system, it might be hard to determine what to audit actually. This article will provide some guidance and tips.

Last change: 2025-01-06

Guide to become a Linux auditor in just a matter of minutes. Focus on how to determine running processes, installed software or possible vulnerabilities.

Last change: 2025-01-06

Article about Linux server security and guidance for securing your Linux systems. Focus on auditing, hardening and compliance, to improve security defenses.

Last change: 2025-01-06

Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.

Last change: 2025-01-06

Performing a Linux server security audit can be a time consuming process. In this article the most important parts are explained including automation.

Last change: 2025-01-06

Learn more about vulnerability scanning on Linux systems using the Lynis auditing tool. Check for weaknesses and security measures that can be implemented.

Last change: 2025-01-06

Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.

Last change: 2025-01-06

Article about a tool within CAATTs for Linux: Lynis. Helping auditors with computer-assisted audit tools and techniques, with focus on Linux and Unix scans.

Last change: 2025-01-06

Is antivirus really needed on Linux systems? The honest answer is that it depends on your situation and what you are running. Let's have a look why.

Last change: 2025-01-06

Is your Linux system compromised or does it run suspicious processes? Learn how to investigate the system and create an action plan.

Last change: 2025-01-06

Article about how to audit and check installed software packages and their security by using the related package managers.

Last change: 2025-01-06

Introduction article into securing Linux based systems by performing a scan with Lynis. After this first audit it will be much easier to harden the system!

Last change: 2025-01-06

This article describes how to audit the network configuration of Unix and Linux based systems, with useful tips for auditors and system administrators.