Linux

Set default file permissions on Linux with umask

Learn how to use umask to set the default file permissions in Linux. We look at examples, including how and where to implement them.

UMask setting

Harden services by configuring systemd units with a strict umask value using the unit setting UMask.

RestrictRealtime setting

Harden services by restricting systemd units to use realtime scheduling with the unit setting RestrictRealtime.

RestrictSUIDSGID setting

Harden services by restricting systemd units to set the set-user-ID (suid) or set-group-ID (sgid) bit on files with the unit setting RestrictSUIDSGID.

RestrictNamespaces setting

Harden services by restricting systemd units to only specified namespaces with the unit setting RestrictNamespaces.

CapabilityBoundingSet setting

Define if systemd units are allowed to use specific Linux capabilities the unit setting CapabilityBoundingSet.

Sysctl: ipe.success_audit

The sysctl key ipe.success_audit key is used to define if an audit event should be created when using the Linux security module IPE (Integrity Policy Enforcement). Learn about the possible values of this key and their meaning.

Sysctl: ipe.enforce

The sysctl key ipe.enforce key is used to define the mode of the Linux security module IPE (Integrity Policy Enforcement). Learn about the possible values of this key and their meaning.

Ipe

Learn about the sysctl command and the values related to the IPE (Integrity Policy Enforcement) module.

What is the difference between /dev/random and /dev/urandom?

Learn the difference between the Linux kernel random sources /dev/random and /dev/urandom and when to use which one.

ProtectKernelTunables setting

Restrict systemd units to access information from the kernel tunables in the /proc and /sys directories with the unit setting ProtectKernelTunables.

LockPersonality setting

Learn how to harden systemd unit by preventing processes and their children from switching their personality, a kernel execution domain, with the LockPersonality setting.

NoNewPrivileges setting

Learn how to harden systemd unit by preventing processes and their children from obtaining new privilege with the NoNewPrivileges setting.

SystemCallArchitectures setting

Harden Linux services using the systemd unit setting SystemCallArchitectures, to restrict access to files in /dev and limit those to common pseudo-devices.

PrivateDevices setting

Harden Linux services using the systemd unit setting PrivateDevices, to restrict access to files in /dev and limit those to common pseudo-devices.

PrivateTmp setting

Learn how to harden systemd units by giving processes their own view on temporary directories /tmp and /var/tmp, preventing possible misuse.

NoExecPaths setting

Harden system services by using the systemd unit settings such as NoExecPaths to disable program execution from specified paths.

ExecPaths setting

Harden system services by using the systemd unit settings such as ExecPaths and NoExecPaths to allow program execution from only specified paths.

ProtectControlGroups setting

Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectControlGroups unit setting.

ProtectSystem setting

Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectSystem unit setting.

ProtectClock setting

Learn how to harden systemd units by limiting access to clock information with the ProtectClock unit setting.

How to clear systemd journal logs by time

Learn how to use the journalctl command to query the disk usage of the journal logs and how to clean or trim them by number, size, or age.

How to monitor disk activity (I/O) on Linux

Learn how to monitor a Linux system and focus on disk activity with tools like iotop, sar, vmstat, or iostat.

How to see the file type on Linux

Learn how to see the file type of normal and special files on a Linux system by using the file command.

How to see the size of a file

Learn how to see the size of a file on Linux systems using the ls or stat command.

How to display directory contents sorted by modification time

Learn how to sort the output of the ls command to list a directory contents by its modification time.

How to schedule a periodic task with systemd

Schedule a repeating task via systemd by using a timer. Learn how to configure and use it.

Systemd-analyze

The command systemd-analyze helps analyzing systemd components to optimize the system including performance and security.

How to check if systemd is being used or active

Learn how to quickly confirm that systemd is being used as your system and service manager.

How to add a SSH key to the SSH agent

Learn how to load and use your SSH key together with a SSH agent.

How to see all enabled services with systemctl

The systemctl command can be used to show all service units and filter those that are enabled.

Nginx hardening profile

Harden the nginx configuration with the help of systemd sandboxing capabilities and restricting resources.

SocketBindAllow setting

Allow systemd units to use system call bind() on sockets specified with the unit setting SocketBindAllow.

SocketBindDeny setting

Restrict systemd units to use system call bind() on sockets specified with the unit setting SocketBindDeny.

DevicePolicy setting

Restrict systemd units to access devices in the /dev directory with the unit setting DevicePolicy.

DeviceAllow setting

Restrict systemd units to access devices in the /dev directory with the unit setting DeviceAllow.

Capabilities

Everything related to Linux capabilities, like articles and an overview of the available capabilities.

Overview of Linux capabilities

An overview of the available Linux capabilities that allow processes to perform privileged actions.

Troubleshooting a failed systemd unit (with examples)

Learn how to troubleshoot failed systemd units, examples, possible causes, and how to resolve them.

What does systemctl daemon-reload do?

When making changes to systemd unit files, you may need to use systemctl daemon-reload. This article explains what happens next.

How to check if 'systemctl daemon-reload' is needed

When systemd units are changed, a 'systemctl daemon-reload' might be needed. Need to know if this is the case? Let's test for that.

How to see which syscalls are part of a systemd syscall filter set

Learn how to see what syscalls are part of a particular syscall filter set in systemd.

SystemCallFilter setting

Define if systemd units are allowed to use specific syscalls or groups with the unit setting SystemCallFilter.

Overview of Linux syscalls

An overview of the available syscalls, or system functions, that allow processes to communicate with the kernel.

Systemd syscall filtering

Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.

What is the difference between systemctl disable and systemctl mask?

Want to disable a service, but wondering the difference between systemctl disable and systemctl mask? This article shows the differences between the two.

How to use systemctl edit to change a service?

Learn how to edit an existing systemd service unit with the systemctl edit command.

How to see only running services with systemctl

The systemctl command can be used to filter its output and only show all running services.

Run0 cheat sheet

Learn how to get everything out of the run0 tool to increase your privilege level.

Run0: introduction and usage

Learn the goal and purpose of run0 and how to use it for elevating privileges.

How to disable the background color of run0

Learn how to disable the change of the background color when using run0.

MemoryDenyWriteExecute setting

Block the ability for systemd units to create or alter memory segments to become writable and executable as well with the unit setting MemoryDenyWriteExecute.

InaccessiblePaths setting

Block systemd units to access specified paths with the unit setting InaccessiblePaths.

How to remove trailing whitespace from a file

Learn how to remove trailing whitespace from a file using the sed command.

How to insert a line at the beginning of a file

Learn how to insert a line of text at the beginning of a file using the sed command.

Data processing: Frequently Asked Questions

Frequently asked questions about data and text processing.

How to see memory usage of a service with systemctl?

The systemctl command can be used to show the memory usage of a service managed by systemd.

How to see the active settings of a systemd unit

The systemctl command can be used to show the settings of a systemd unit, like a service.

How to override the settings of a systemd unit

The systemctl command can be used to override settings of a systemd unit, like a service.

ReadWritePaths setting

Grant systemd units to specified paths to read from and write to new or existing files with the unit setting ReadWritePaths.

Hardening nginx with systemd security features

Secure your nginx service by using security features provided by systemd.

Systemd features to secure units and services

Learn more about systemd features that help in securing units and services.

ProcSubset setting

Restrict systemd units to access information from the /proc directory with the unit setting ProcSubset.

RestrictAddressFamilies setting

Restrict systemd units using only specified socket address families with the unit setting RestrictAddressFamilies.

ProtectProc setting

Restrict systemd units to access information from the /proc directory with the unit setting ProtectProc.

ProtectHome setting

Restrict systemd units to access data in home directories with the unit setting ProtectHome.

ProtectKernelLogs setting

Restrict systemd units to read or write to the kernel log ring buffer with the unit setting ProtectKernelLogs.

ProtectKernelModules setting

Restrict systemd units to load kernel modules with the ProtectKernelModules unit setting.

How to see the cgroup of a process

Learn how to find the control group (cgroup) of a process by using /proc, pidof, or ps.

How to see cgroup in ps output

Want to see the control group in the output of the ps command? Here is how to tune your command options to include that.

How to see the time synchronization details with timedatectl

Show time synchronization details with the systemd timedatectl command and related subcommands.

How to show the systemd machine ID

Find the machine ID that was generated by systemd.

How to see the dependencies of a systemd unit

The systemctl command has the list-dependencies option to show dependencies between units. But there are more options to query a little bit more information.

How to see the available systemd unit types

The systemctl command can be used to show all available systemd unit types.

How to see all active systemd units of one type

The systemctl command can be used to show all active systemd units of one particular type with the --type option.

How to limit the disk usage of the systemd journal

Learn how to define the maximum size that the systemd journal daemon may use for storing journals.

How to see the size of the systemd journal

Use the journalctl command to show the size of the systemd journal logs. In this article we look how journalctl vacuuming works.

How to see kernel messages with journalctl

Learn how to show all kernel events by using journalctl and filter out the kernel entries in the journal.

What is a systemd unit?

Learn more about systemd units and what they do.

How to see only recent journal entries

Learn how to filter journal entries by specifying a date or time interval.

How to see new log entries automatically with journalctl

Learn how to continuously show new log entries with journalctl like the tail -f command.

How to see logging for a specific unit or service

Limit the number of log entries from the systemd journal by filtering journalctl output by unit.

How to reload the systemd configuration

How can systemd be instructed to reload its configuration?

What is systemd?

Learn what systemd is and the main components of this system and service manager.

What is a masked systemd unit?

What does it mean when a systemd unit is masked? Learn about this state.

Systemd commands

All commands related to systemd in one overview. Learn about their purpose and when to use them.

SSH ProxyJump option

Learn about the SSH client option ProxyJump, that allows using a bastion host or jump server to connect to other systems.

SSH ForwardAgent option

Learn about the ForwardAgent option, available values, the security risks, and how to configure it.

What is SSH agent forwarding?

Learn more about the SSH agent forwarding feature and what problems it tries to resolve.

How to start the SSH agent?

When the SSH agent is not running, how can you start it? In this article we will have a look at the options.

What is the purpose of the SSH agent?

What is the purpose of the SSH agent and when to use it?

How to disable the usage of the SSH agent

Learn how to disable the usage of the SSH agent when authenticating.

SSH IdentityAgent option

Learn about the IdentityAgent option, available values, and how to configure it.

/etc/ssh/ssh_config

The configuration file /etc/ssh/ssh_config contains settings related to the OpenSSH client. Learn more about this file its configuration.

SSH client configuration

Linux systems are usually managed remotely with SSH. Learn how to configure and optimize the SSH client and improve its security.

SSH configuration files

Learn about the locations where SSH client settings are configured and what precedence they take.

How to show all installed packages with pacman

Query the pacman package manager on systems like Arch to show installed packages.

SSH StrictHostKeyChecking option

Learn about the StrictHostKeyChecking option, available values, and how to configure it.

SSH PasswordAuthentication option

Learn about the PasswordAuthentication option, available values, and how to configure it.

Security Through Obscurity (STO)

What is security through obscurity and what are examples when it comes to Linux security and system hardening?

How to stop all processes of a single user

Learn how to stop all processes of a single user using the killall command.

How to disable the SSH host key check?

Learn how to disable the SSH check of host authenticity and key fingerprint with ssh option StrictHostKeyChecking.

Security concepts

Learn common security concepts that also will apply when securing Linux environments, like system hardening and implementing security measures.

Change SSH server port number

Learn how to make changes to your SSH configuration to have it running on a different port than its default 22/TCP.

Configure a SSH welcome message or banner

Learn how to configure a welcome messages for users before or after logging in via SSH.

SSH escape sequences

Learn about the escape sequences that can be used with OpenSSH to initiate special commands.

How to terminate a SSH connection that does not respond to CTRL+C

Learn about SSH escape sequences and how they can help with terminating a SSH connection that does not respond to CTRL+C.

How to remove the passphrase from a SSH key

Remove the password or passphrase from a SSH key using the ssh-keygen command.

How to see the available SSH keys in the OpenSSH authentication agent

Show the available SSH keys that are loaded in the SSH authentication agent.

SSH: Frequently Asked Questions

Frequently asked questions about SSH, such as SSH keys, configuration, and usage.

Kill

The kill command can be used on Linux systems to send a defined signal to a process. Learn how to use it and what signals are available.

What is a zombie process?

What is a zombie process on Linux and how to deal with it? In this article we will have a look at the details.

How to kill a zombie process

How to kill a zombie process if it does not respond to kill -9? Here are a few last steps that you can try.

How to show a running process name and its process ID (PID)

Find the process ID (PID) and process name on Linux with the help of the pgrep command.

How to find all process IDs by its process name

Discover the process ID (PID) on Linux for a running process by searching for its process name.

Linux process signals and their meaning

Want to know the difference between SIGHUP, SIGKILL, and SIGTERM? Learn about Linux process signals, including a list and description.

How to kill a running process by its name

Find and stop a running process on Linux by searching for its name using the killall or pkill command.

Processes: Frequently Asked Questions

Frequently asked questions about start and stop processes, discover information, and monitoring them.

Net

Learn about the sysctl command and the values related to the network class.

Sysctl: net.ipv4.ip_forward

The sysctl key net.ipv4.ip_forward key is used to define IP forwarding of IPv4 network packets. Learn about the possible values of this key and their meaning.

How to see the the network IP address of your system

Show the IP address of your system with the help of the ip command.

How to see the IP address of your internet connection

Show the IP address of your internet connection using the dig command.

How to see which DNS server is used

Find the active DNS server being used by reviewing the network configuration, including common commands to query this information.

How to find writable files

Learn how to the use the find command to find any files that are writable.

Apt-file

The command apt-file can help with discovering which files belong to a package or what package installed or provides them.

Apt cheat sheet

The package manager apt gots much more options than one could think. In this cheat sheet they get uncovered.

How to see the size of a directory

Learn how to see the size of a directory or folder on Linux systems using the du command.

How to see hidden files

Learn how to see any hidden files on the command line or in the terminal using the ls command.

How to see files great than a specific size

Learn how to see files smaller or bigger than a specific defined size on Linux, using the du command.

How to find when the last modification happened in a directory

Learn how to find the last modification time of a file or subdirectory in a specified directory on Linux.

How to see inode usage

Learn how to see inode usage on a Linux file system or mount point.

How to see used and free disk space

Learn how to see used and disk space of file systems or mount point on Linux systems.

Monitoring USB communications using usbmon interface

Learn how to monitor USB devices by using the usbmon kernel module together with Wireshark or Tshark.

/etc/ssh/sshd_config

The configuration file /etc/ssh/sshd_config contains settings related to the OpenSSH server daemon. Learn more about this file its configuration.

Networking

Everything related to networking, from the network configuration up to DNS resolving. Test and configure your system with these articles.

How to see the number of open connections on Linux

Show the number of open connections using the ss command on Linux.

How to see when a process was started

Show process details to learn more about when a process was started using the ps tool.

How to see when the system was started (uptime)

When did a system start? Learn how to query the boot time (uptime) of a system using commands like uptime and ps.

Smem

The command smem can help showing memory usage, including the usage of swap.

Iftop

The command iftop shows ongoing bandwidth usage on one or more network interfaces and is a great tool for troubleshooting network issues.

How to see active connections and bandwidth usage on Linux

Show actual bandwidth usage and active connections using the iftop tool on Linux.

Pidstat

The command pidstat provides details about CPU, memory, and disk activity by processes.

Troubleshooting CPU usage

Articles and information about troubleshooting system performance issues with focus on CPU usage.

Check if a directory or file exists

How to check if a directory or file exists within shell script?

Network

Articles and information about troubleshooting network performance issues and monitoring network statistics

Lscpu

The lscpu command reports information about the CPU, such as architecture, vendor identification, virtualization features, cache, and even CPU vulnerabilities.

Memory

Articles and information about how memory, such as RAM, is being used on Linux systems. Great for system administration and troubleshooting purposes.

Nstat

The command nstat provides network interface statistics and can be used for monitoring and troubleshooting.

System performance

Articles and tools to troubleshoot Linux system performance issues.

Swap memory information

Articles and tools to troubleshoot Linux system performance issues with focus on swap memory and its usage.

Sysctl: kernel.perf_event_paranoid

Understand and configure the sysctl kernel.perf_event_paranoid key, including the possible values and their meaning.

Methods to find the Linux distribution and version

Learn how to find the Linux distribution and version of a system. Use the right tool or file to find the relevant details.

System administration

Everything related to managing Linux systems, from discovering what Linux distribution is running, up to full configuration and automation.

Commands

All Linux commands that are relevant for system administration

Dmidecode cheat sheet

Want to see all hardware details of a system? Then dmidecode is your friend, helping to decode all information from the SMBIOS specification.

How to see memory information such as type and speed

Show memory information and details such as the number of banks in use, the memory type and speed.

How to securely delete a file and its contents

Need to delete the contents of a sensitive file? Instead of just deleting it with rm, look at this option first.

How to see the creation date of a file

Learn how to use the stat command to find the initial creation time of a file, also known as its birth time.

What is a tainted kernel

Learn what it means when the Linux kernel is marked as tainted, including finding the cause.

How to find the specific cause of a tainted kernel

Learn what it means when the Linux kernel is marked as tainted and in particular the underlying cause.

Kernel: Frequently Asked Questions

Frequently asked questions about the Linux kernel and kernel security.

Sysctl

Learn about the sysctl command and how it can help with kernel tunables to alter the system configuration and perform additional security hardening.

Kernel

Learn about the sysctl command and the values related to the kernel class.

Kernel.tainted

Understand and configure the sysctl kernel.tainted key, including the possible values and their meaning.

Kernel

Everything related to Linux kernel itself, from configuration to querying information.

Ip cheat sheet

Want to see or configure every piece of information about networking, including routing on Linux? Forget tools like netstat and learn using the ip command.

How to see errors and dropped packets on a network interface on Linux

Show the network link details using the ip command to find out if a network has errors or dropped packets on a Linux system.

Lsof cheat sheet

Get information about open files on Linux using the lsof command. This cheat sheet covers many common uses for using lsof and how to use it.

Ss cheat sheet

If you want to learn more about network connections on Linux, then ss is the tool to get the job done. Learn how to use it with this cheat sheet.

Networking: Frequently Asked Questions

Frequently asked questions about networking, such as DNS, IP configuration, TCP/UDP details, and more.

How to show all installed packages on Ubuntu

Query the package manager to show installed packages on Ubuntu systems including version details.

Package manager: Frequently Asked Questions

Frequently asked questions about software, such as package manager, package versions, and how to configure them.

List installed packages on a Linux system

Learn how to show all installed packages on Linux systems including AlmaLinux, Debian, OpenSUSE, and Ubuntu.

How to see BIOS details

Show bios details from within a Linux system. Learn how to query these details and where to find more information.

Hardware: Frequently Asked Questions

Frequently asked questions about hardware information such as bios, USB devices, memory, and other details.

Settings for systemd units

Units in systemd have their own set of configuration settings. This overview shows the availability and their purpose.

Systemd settings

Units in systemd have their own set of configuration settings. This overview shows the availability and their purpose.

How to find the biggest directories on disk

Find the biggest directories and files on disk by using the du command.

How to see all masked units with systemctl

Want to find all masked unit files? In this article we show how to do this with systemctl and query those units.

How to see the last X lines with journalctl

Limit the output from journalctl by defining the number of lines you want to see.

How to disable a systemd unit with systemctl

Want to disable a service or specific systemd unit? Use systemctl to configure units and disable it on boot or completely.

How to start and enable a unit with systemctl

Combine the start and enable command when using systemctl to get a unit like a service started at boot and right away.

How to show failed units with systemctl

Want to check the system for failed systemd units? In this article we show how to do this with systemctl and query the units with a failure state.

Systemd: Frequently Asked Questions

Frequently asked questions about systemd, systemctl, and journalctl. Learn by pratical examples how to use these tools.

File systems: Frequently Asked Questions

Frequently asked questions about file systems, file permissions, directories and files.

Systemctl cheat sheet

Learn how to get every piece of information from systemd units, such as services and timers, including its configuration and status.

Adding the Expires header to improve caching static content in nginx

Want to improve caching on your nginx web server? Learn how to set the Expires header and enhance your nginx configuration.

Strip one or more characters from a variable or output

Want to delete one or more characters from a variable or piped output? There are multiple ways to achieve this using standard system utilities.

AWK cheat sheet

When it comes to a powerful tools on Linux, AWK is definitely one to know. This cheat sheet explains the basics and shows many useful one-liners

Introduction in Linux file permissions

Learn the basics of how a Linux system applies file permissions. We look at examples to demystify the permissions mean and learn to troubleshoot common issues.

Linux file systems

All articles about the purpose of a file system and how it works. Learn how to become a specialist to further secure your system.

Making scripts (more) secure and safe

When you create a shell script, many things can go wrong. With a few basics you can catch errors easier and at the same time make your scripts (more) failsafe.

Prompt for user input in a shell script

How to prompt users in your shell script, like asking answer Yes or No? In this article we look at options to achieve this.

Linux tools to bulk rename files

Want to rename files in bulk, but looking for a good tool that can be used on Linux? This article has your covered, with several options.

The 101 of ELF files on Linux: Understanding and Analysis

An step-by-step introduction into ELF files. Learn the structure and format, to understand how binaries and libraries on Linux systems work.

Livepatch: Linux kernel updates without rebooting

Livepatch is a feature to do live kernel patching for Linux systems. It allows applying security updates without rebooting the system. Learn how it works!

How to secure a Linux system

Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.

The state of Linux security in 2017

The year 2017 is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments.

Linux security myths

So what is true about Linux security and what isn't? In this article we look at common security myths when it comes to Linux.

GDPR Compliance: Technical Requirements for Linux Systems

An insight in the technical aspects and requirements for Linux systems when it comes to compliance with the GDPR, the General Data Protection Regulation.

Configure the minimum password length on Linux systems

One of the options to improve password security is by setting a minimum password length. This article explains how to configure and test this security step.

Beginners guide to traffic filtering with nftables

The replacement of iptables is known as nftables. In this article, we learn to install nftables and configure it, to secure your Linux systems.

The purpose of the /etc/networks file

Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file.

Interview: MalwareMustDie and their Linux malware research

Linux malware, research, and more in this interview with unixfreaxjp, te is the leader and founder of the malware research group MalwareMustDie.

How to see the version of Oracle Linux

Oracle Linux is based on Red Hat Enterprise Linux. At first, it may be confusing to determine what specific Oracle version of the operating system is used.

Discover to which package a file belongs to

With the right Linux software tools, it is easy to find to which package a file belongs. Or the opposite, what files are part of an installed package.

How to use grep (with examples)

Grep is a powerful utility on Linux. Want to get more out of the tool? This article will show you how to use it including many practical examples.

How to solve an expired key (KEYEXPIRED) with apt

Software updates and package management is easy, until you get a KEYEXPIRED message. In this article we should how it happens and the way to solve it.

Difference between CentOS, Fedora, and RHEL

Difference between CentOS, Fedora, and RHEL.

Linux and rise of Ransomware

The availability of ransomware on Linux is growing. This is the story behind how things started and what we can expect to be next in the near future.

Linux hardening with sysctl settings

The Linux kernel can be secured as well. Learn how system hardening principles can be applied using sysctl settings.

How Linux Security Fails to be Simple

Linux Security Should be Simple, Right? Why that is not a reality, and we might never achieve it is discussed in this article.

Understanding Linux Privilege Escalation and Defending Against It

The best way to defend a system is by understanding how attackers work. Learn about privilege escalation on Linux and discover the measures and tools.

Automatic Security Updates with DNF

The dnf package manager and dnf-automatic tool can be used for automated security patching on Linux systems. It requires only a few steps to set it up.

Dealing with Linux Malware, Insights by the Author of rkhunter

Malicious software plague computers for more than 40 years and most likely this threat will never stop. What should you know about it to protect yourself?

Differences between iptables and nftables explained

An overview of the differences between firewall technologies iptables and nftables. We highlight the major differences like simplicity and management.

Block IP addresses in Linux with iptables

Use iptables and ipset to create a blacklist and block one or more IP addresses on Linux. This guide will explain how to use and configure blacklists.

Linux vulnerabilities: from detection to treatment

How to deal with Linux vulnerabilities? This article shares the insights, methods, and tools to help with detection and prevention on Linux systems.

List network interfaces on Linux

Show the available network interfaces and information on Linux with the right tools. We cover common replacements for iptables and netstat, with examples.

In-depth Linux Guide to Achieve PCI DSS Compliance and Certification

This is the technical Linux guide to achieve compliance with the PCI DSS standard. Become compliant, with Linux tips for configuration and auditing.

Strace cheat sheet

The strace utility is diverse and helpful in performance tuning, troubleshooting, and monitoring process activity. Get the most out of this powerful tool!

Monitor file access by Linux processes

Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.

Kernel hardening: Disable and blacklist Linux modules

The Linux kernel provides modular support to allow loading kernel modules during runtime. To prevent security issues, learn how to disable or blacklisting.

Increase kernel integrity with disabled Linux kernel modules loading

The Linux kernel can be configured to disallow loading new kernel modules. Learn how to configure this.

Security Integration: Configuration Management and Auditing

Configuration management and system auditing go hand in hand. Learn why and this combination is so powerful.

Using SSH keys instead of passwords

Linux systems are usually managed remotely with SSH, often still using passwords. Time to switch over to SSH keys and here is how to do that.

SSH server configuration

Linux systems are usually managed remotely with SSH. Learn how to configure the SSH server daemon and improve its security.

Password Security with Linux /etc/shadow file

Learn the structure of the /etc/shadow file and what the fields mean. After reading, the file should be less cryptic than it was before.

PCI DSS Linux: Creation and deletion of system-level objects

The PCI DSS standard defines Creation and deletion of system-level objects. For Linux systems this might be handled with the Linux audit framework.

An Introduction Into Linux Security Modules

Security frameworks like SELinux, AppArmor, and SMACK, provide protection to Linux. Learn about these Linux security modules (LSM).

Docker Security: Best Practices for your Vessel and Containers

In-depth article about Docker security features, best practices and its history. With container technology evolving, Docker security can be challenging..

PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)

PCI DSS compliance control 10.2.4 mandates to monitor invalid logical access attempts. For Linux we can use the Linux audit framework to monitor for this event.

PCI DSS Linux: Logging of administrative actions with root privileges

PCI DSS requires logging of administrative actions, including commands executed by the root user or using sudo. Learn how to set up accounting and auditing.

How to check if your Arch Linux system needs a reboot

Want to check if a reboot of the system is needed on Arch Linux? Here is how that can be done including the relevant commands.

Exporting nftables rules and configuration

Nftables has an easy way to export firewall rules via the nft command line utility. Let's discover the options.

Linux capabilities 101

Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.

Protect against ptrace of processes: kernel.yama.ptrace_scope

Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.

Linux Capabilities: Hardening Linux binaries by removing setuid

Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.

PCI DSS Linux: No write access to shared system binaries

PCI compliance demands that no write access is allowed to shared system binaries. Let's use several tools to determine if write access is allowed.

Alternatives to Bastille Linux: system hardening with Lynis

Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.

Linux Security Scanning for Dummies

Security scanning can be boring and time consuming. In this article we have a look at how simple it can be, when it comes to security scans.

5 things you didn’t know about shell scripting

Shell scripting doesn't have to be boring. Let's look at a few common things that many don't know about about shell scripts.

Check for a required reboot on Debian and Ubuntu systems

Debian based systems, like Ubuntu, need sometimes a reboot as well. We have a look on determining if a required reboot is needed and due to what packages.

Security Program: Implementing Linux Security

We have a look at implementing Linux security in IT environments and the related success criteria. Let's plan for success and get those measures implemented!

Do NOT use Linux hardening checklists for your servers

The solution to avoid using Linux hardening checklists for your servers is simple. With proper automation and regular checks, checklists could be avoided.

Linux Security for DevOps

With security getting more and more attention, we focus on Linux security for DevOps. Also DevOps will need hardening, auditing and dealing with compliance.

Detecting Linux rootkits

In this article about intrusion detection we have a look at Linux rootkits, what they do and how to detect them.

Audit security events on Unix systems

Protecting computer networks consists of implementing preventative measures, including system auditing. Let's have a look how this relates to Linux.

Audit SuSE with zypper: vulnerable packages

Stay up-to-date with security patching is part of a decent security management process. This article looks into vulnerable packages on OpenSuSE.

Auditing Linux processes: The Deep Dive!

In-depth article about auditing Linux processes. Determination of running processes, memory and on-disk structure and the proper tools for analyzing them.

Linux server hardening and best practices

One of the myths is that Linux systems are secure by default. Learn what kind of measures you can implement and which security tools help with that.

Become a Linux Auditor: What to know?

Tips for people who would like to perform audits on Linux and become a Linux auditor in particular. Including hints regarding certifications and tools.

Auditing Linux: what to audit?

When auditing a Linux system, it might be hard to determine what to audit actually. This article will provide some guidance and tips.

Become a Linux auditor: tips to start with auditing the Linux platform

Guide to become a Linux auditor in just a matter of minutes. Focus on how to determine running processes, installed software or possible vulnerabilities.

Linux server security: Three steps to secure each system

Article about Linux server security and guidance for securing your Linux systems. Focus on auditing, hardening and compliance, to improve security defenses.

Linux kernel security and how to improve it

Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.

Conducting a Linux Server Security Audit

Performing a Linux server security audit can be a time consuming process. In this article the most important parts are explained including automation.

Open source vulnerability scanner for Linux systems – Lynis

Within this article we discuss the possibilities of using an open source vulnerability scanner for Linux based systems.

Configuring and auditing Linux systems with Audit daemon

Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.

CAATTs for Linux: Lynis

Article about a tool within CAATTs for Linux: Lynis. Helping auditors with computer-assisted audit tools and techniques, with focus on Linux and Unix scans.

Antivirus for Linux: is it really needed?

Is antivirus needed on Linux systems? The answer: it depends on your situation. Let's have a look why.

How to deal with a compromised Linux system

Is your Linux system compromised or does it run suspicious processes? Learn how to investigate the system and create an action plan.

Auditing Linux: Software Packages and Managers

Article about how to audit and check installed software packages and their security by using the related package managers.

Securing Linux: Audit with Lynis (an introduction into auditing)

Introduction article into securing Linux based systems by performing a scan with Lynis. After this first audit it will be much easier to harden the system!

Linux Audit: Auditing the Network Configuration

This article describes how to audit the network configuration of Unix and Linux based systems, with useful tips for auditors and system administrators.