Linux
IPAccounting setting
Systemd can track the number of network packets and data traffic of services with unit setting IPAccounting. See how to configure this setting for services.
OpenSMTPD hardening profile
Tighten the already secure OpenSMTPD software on Linux by using this predefined profile that uses the systemd sandboxing options.
Pacman cheat sheet
Cheat sheet for using the pacman package manager on Linux systems, including common tasks that are to be performed with pacman.
Hardening guides
Linux hardening security guides collected in one area, covering systems like AlmaLinux, Arch, Debian, Fedora, Ubuntu, and others.
How to reload or restart a systemd service?
Services that are controlled with systemd can be reloaded or restarted depending on their configuration. Use systemctl to perform the related restart tasks.
How to check if a systemd service is enabled?
Systemd units can be enabled or disabled based on multiple factors, such as meeting specific dependencies. Learn how to see if a systemd service is enabled.
How to set environment variables in a systemd unit?
Systemd units can be configured to contain environment variables and passed along to the underlying application. Learn how to configure this unit setting.
/etc/resolv.conf
The /etc/resolv.conf file is usually a regular file or a symbolic link to a regular file, defining which servers are used for DNS requests.
/dev/random
The /dev/random file is a special character file on Linux that provides random data from the Linux kernel random number generator.
Linux password security: hashing rounds
Password hashing rounds refers to the number of iterations a particular hashing algorithm has to perform. Learn why and how to configure this on Linux systems.
System hardening
Everything related to system hardening, from hardening guides to tools. Configure, test, and secure your system with these articles.
Iptables
Everything related to iptables, one of the firewall solutions on Linux. Learn how to configure, tune, and monitor iptables.
How to see the SSH log?
SSH logs authentication attempts, but where? Find your SSH log file with these tips, such as in /var/log/auth.log or in the systemd journal.
Nftables
Everything related to nftables, the replacement for iptables. Learn how to configure, tune, and monitor nftables.
How to download a package with apt without installing it?
The apt package manager can be used to download a package file without actually installing it. See how the download subcommand is used to achieve this.
RuntimeDirectoryMode setting
Harden system and user services by configuring systemd units with more strict file permissions using the unit setting RuntimeDirectoryMode.
How to test the sshd configuration for configuration errors?
A healthy service should not have configuration issues. Perform a configuration test of the SSH daemon (sshd) by first running it using the '-t' option.
How to see the dependencies of a package with apt?
Learn how to see the dependencies of a package that is to be installed or already installed on the system using the apt package manager.
How to remove a package with apt?
Learn how to remove previously installed packages on a Linux system using the apt package manager, such as Debian and Ubuntu.
How to remove unused packages with apt?
Learn why and how packages may become unnecessary on Linux and how to remove them with the apt package manager on systems like Debian and Ubuntu.
How to verify a systemd unit for errors?
Learn how to troubleshoot issues with systemd units by verifying the unit files for any errors. One of the tools to help is systemd-analyze.
Why does systemctl list-units show units as 'not-found'?
Troubleshoot issues like units being marked as 'not-found' in the output of systemctl list-units. This articles help with the steps to take.
How to see active systemd timers
Systemd timers are scheduled tasks for Linux systems. Show timer information with the systemctl command such as status, last execution, and its schedule.
Set default file permissions on Linux with umask
Learn how to use umask to set the default file permissions in Linux. We look at examples, including how and where to implement them.
UMask setting
Harden system and user services by configuring systemd units with a strict umask value using the unit setting UMask. Learn how to configure it in your units.
RestrictRealtime setting
Harden system and user services on Linux by restricting systemd units to use realtime scheduling with the unit setting RestrictRealtime.
RestrictSUIDSGID setting
Harden services by restricting systemd units to set the set-user-ID (suid) or set-group-ID (sgid) bit on files with the unit setting RestrictSUIDSGID.
RestrictNamespaces setting
Harden system and user services on Linux by restricting systemd units to only use specified namespaces with the unit setting RestrictNamespaces.
CapabilityBoundingSet setting
Improve the security of services by defining what Linux capabilities are allowed with the help of systemd unit setting CapabilityBoundingSet.
Sysctl: ipe.success_audit
Sysctl key ipe.success_audit key is used to define if audit events should be created when using the Linux security module IPE (Integrity Policy Enforcement).
Sysctl: ipe.enforce
The sysctl key ipe.enforce defines the mode of the Linux security module IPE (Integrity Policy Enforcement). Learn about the possible values and their meaning.
Ipe
The sysctl settings starting with ipe define the configuration of IPE (Integrity Policy Enforcement) module. Learn about the settings and possible values.
What is the difference between /dev/random and /dev/urandom?
Learn the difference between Linux kernel random sources /dev/random and /dev/urandom, and when to use which one. Spoiler: probably /dev/urandom.
ProtectKernelTunables setting
Restrict systemd units to access information from the kernel tunables in the /proc and /sys directories with the unit setting ProtectKernelTunables.
LockPersonality setting
Learn how to harden systemd units by preventing processes from switching their personality (kernel execution domain) with the LockPersonality setting.
NoNewPrivileges setting
Learn how to harden systemd unit by preventing processes and their children from obtaining new privilege with the NoNewPrivileges setting.
SystemCallArchitectures setting
Harden Linux services using the systemd unit setting SystemCallArchitectures, to restrict access to files in /dev and limit those to common pseudo-devices.
PrivateDevices setting
Harden Linux services using the systemd unit setting PrivateDevices, to restrict access to files in /dev and limit those to common pseudo-devices.
PrivateTmp setting
Learn how to harden systemd units by giving processes their own view on temporary directories /tmp and /var/tmp, preventing possible misuse.
NoExecPaths setting
Harden system services by using the systemd unit settings such as NoExecPaths to disable program execution from specified paths.
ExecPaths setting
Harden system services by using the systemd unit settings such as ExecPaths and NoExecPaths to allow program execution from only specified paths.
ProtectControlGroups setting
Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectControlGroups unit setting.
ProtectSystem setting
Learn how to harden systemd units by marking some paths within the file system as read-only with the ProtectSystem unit setting.
ProtectClock setting
Harden system and user services by restricting systemd units to access clock information with the ProtectClock unit setting.
How to clear systemd journal logs by time
Learn how to use the journalctl command to query the disk usage of the journal logs and how to clean or trim them by number, size, or age.
How to monitor disk activity (I/O) on Linux
Got a busy Linux systems and wondering what the culprit is? Learn how to monitor them and focus on disk activity with tools like iotop, sar, vmstat, or iostat.
How to see the file type on Linux
The file command is a powerful tool for Linux users. Learn how to see the file type of normal and special files on a Linux system.
How to see the size of a file
File systems on Linux store a lot more than just the data itself. Learn how to see the size of a file on Linux systems using the ls or stat command.
How to display directory contents sorted by modification time
Learn how to sort the output of the ls command and list a directory contents by its modification time. Here is which options to use.
How to schedule a periodic task with systemd
Linux systems using systemd, use timers to schedule a repeating task. Learn how to configure these systemd timer units and fine-tune them.
Systemd-analyze
The command systemd-analyze helps analyzing systemd components to optimize the system including performance and security.
How to check if systemd is being used or active
Want to know if systemd is used on your Linux distribution? Learn how to quickly confirm that systemd is being used as your system and service manager.
How to add a SSH key to the SSH agent
Learn how to load and use your SSH key together with a SSH agent. This frequently asked question will explain the usage of ssh-add and ssh-agent.
How to see all enabled services with systemctl
Linux systems using systemd have the systemctl command available that can be used to show all service units, including a filter for only those that are enabled.
Nginx hardening profile
Harden the nginx configuration with the help of this predefined profile that implements systemd sandboxing capabilities and restricting resources.
SocketBindAllow setting
Harden system and user services by allowing systemd units to only use system call bind() on sockets specified with the unit setting SocketBindAllow.
SocketBindDeny setting
Harden system and user services by restricting systemd units to use system call bind() on sockets specified with the unit setting SocketBindDeny.
DevicePolicy setting
Harden system and user services on Linux by restricting systemd units to access devices in the /dev directory with the unit setting DevicePolicy.
DeviceAllow setting
Restrict systemd units to access devices in the /dev directory with the unit setting DeviceAllow. Learn how to configure it for your services.
Capabilities
Linux capabilities define the implementation of privileged tasks. This area collect everything related to Linux capabilities and what they do.
Overview of Linux capabilities
An overview of the available Linux capabilities that allow processes to perform privileged actions.
Troubleshooting a failed systemd unit (with examples)
Systemd units may be shown in a failed state if something goes wrong. Learn how to troubleshoot these failed units, possible causes, and how to resolve them.
What does systemctl daemon-reload do?
When making changes to systemd unit files, you may need to use systemctl daemon-reload. This article explains why and what happens next.
How to check if 'systemctl daemon-reload' is needed
When systemd units are changed, a 'systemctl daemon-reload' might be needed. Need to know why? We can find the relevant units with some scripting.
How to see which syscalls are part of a systemd syscall filter set
Systemd units can be filtered using the SystemCallFilter setting. Learn how to see what syscalls are part of a particular syscall filter set.
SystemCallFilter setting
Harden system and users services, by defining if they are allowed to use specific syscalls or groups, with the use of systemd unit setting SystemCallFilter.
Overview of Linux syscalls
An overview of the available Linux syscalls, or system calls, that allow processes to communicate with the kernel.
Systemd syscall filtering
Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.
What is the difference between systemctl disable and systemctl mask?
Want to disable a systemd service unit, but wondering the difference between systemctl disable and systemctl mask? This article explains the differences.
How to use systemctl edit to change a service?
Systemd allows customizing services with overrides. Learn how to edit an existing systemd service unit with the systemctl edit command.
How to see only running services with systemctl
Linux systems using systems may use the systemctl command to query services. Use a filter to reduce its output and only show all running services.
Run0 cheat sheet
Systemd version 256 introduced the run0 command to run privileged commands. Learn how to get everything out of run0 tool and replace sudo.
Run0: introduction and usage
Learn how to use the run0 command part of systemd, its purpose, and how to use it for elevating privileges to run privileged tasks.
How to disable the background color of run0
The background color of run0, part of systemd, can be changed with the '--background' option. This way another color can be configured instead of its default.
MemoryDenyWriteExecute setting
Block the ability for systemd units to create or alter memory segments to become writable and executable as well with the unit setting MemoryDenyWriteExecute.
InaccessiblePaths setting
Harden system and user services on Linux by limiting systemd units to access specified paths with the unit setting InaccessiblePaths.
How to remove trailing whitespace from a file
Linux has a wide range of tools to do data processing and text manipulation. Learn how to remove trailing whitespace from a file using the sed command.
How to insert a line at the beginning of a file
Learn how to insert a line of text at the beginning of a file using the sed command. Great to automate repeating tasks and do data processing.
Data processing: Frequently Asked Questions
Frequently asked questions about data and text processing.
How to see memory usage of a service with systemctl?
The systemctl command can be used to show the memory usage of a service managed by systemd. Use the subcommand 'status' to find the details about a unit.
How to see the active settings of a systemd unit
Linux systems using systemd can use the systemctl command to show the all applied unit settings. This can be used on units like a service.
How to override the settings of a systemd unit
Systemd units have their own configuration file. The systemctl 'edit' command can be used to override settings of a systemd unit, including services.
ReadWritePaths setting
Harden system and user services on Linux by allowing systemd units access to only the specified paths to read or write with the unit setting ReadWritePaths.
Hardening nginx with systemd security features
Secure your nginx service by using security features provided by systemd. We have a look at the available options that systemd units can offer.
Systemd features to secure units and services
Systemd has a wide set of unit settings available that can be used to secure units and system services. Learn which ones and how to implement them.
ProcSubset setting
Harden system and user services by restricting systemd units to access information from the /proc directory with the unit setting ProcSubset.
RestrictAddressFamilies setting
Harden system and user services on Linux by restricting systemd units using only the specified socket address families with setting RestrictAddressFamilies.
ProtectProc setting
Harden system and user services by restricting systemd units to access information from the /proc directory with the unit setting ProtectProc.
ProtectHome setting
Harden system and user services by restricting systemd units to access data in home directories with the unit setting ProtectHome.
ProtectKernelLogs setting
Secure system and user services by restricting systemd units to read or write to the kernel log ring buffer with the unit setting ProtectKernelLogs.
ProtectKernelModules setting
Secure system and user services by restricting systemd units to load kernel modules with the ProtectKernelModules unit setting.
How to see the cgroup of a process
Control groups allocate resources to a set of processes. Learn how to find the control group (cgroup) of a process by using /proc, pidof, or ps.
How to see cgroup in ps output
Want to see the control group in the output of the ps command? Here is how to tune your command options to include that.
How to see the time synchronization details with timedatectl
Linux systems running systemd can use the timedatectl command to show time synchronization details. Learn how to use it, including its subcommands.
How to show the systemd machine ID
Linux systems using systemd store an unique identifier called the machine ID. Find this value using the hostnamectl command that comes with systemd.
How to see the dependencies of a systemd unit
The systemctl command has the list-dependencies option to show dependencies between units. But there are more options to query a little bit more information.
How to see the available systemd unit types
The systemctl command can be used to show all available systemd unit types. Here is how to find the available types and to select them.
How to see all active systemd units of one type
Linux systems using systemd have the systemctl command available to show all active systemd units of one particular type using the '--type' option.
How to limit the disk usage of the systemd journal
Learn how to define the maximum size that the systemd journal daemon may use on Linux systems for storing journals and limit its disk usage.
How to see the size of the systemd journal
Use the journalctl command to show the size of the systemd journal logs. In this article we look how journalctl vacuuming works.
How to see kernel messages with journalctl
Linux systems using systemd store kernel events in the journal logs. Show these entries with the '--dmesg' or '-k' option, optionally with a date.
What is a systemd unit?
Systemd units define resources, such as a service, path, socket, or timer. They are usually managed with the systemctl command.
How to see only recent journal entries
Linux systems with systemd use journal to store log entries. Learn how to filter these journal entries by specifying a date or time interval.
How to see new log entries automatically with journalctl
Learn how to continuously show new log entries on Linux systems using systemd with the journalctl command. The behavior will be like the 'tail -f' command.
How to see logging for a specific unit or service
Linux systems with systemd store log entries in a journal. Limit the number of log entries from the journal by filtering journalctl output by unit.
How to reload the systemd configuration
When changes are made to systemd unit files, such as service files, the systemd daemon needs to be reloaded. Use the daemon-reload subcommand to reload.
What is systemd?
Systemd is a system and service manager on Linux distributions to start, stop, and monitor system services. Learn about systemd is and the main components.
What is a masked systemd unit?
Systemd units that are in a masked state are administratively disabled. While being in this state, they can not be started until they are unmasked.
Systemd commands
Running a Linux system with systemd? Here is all commands related to systemd in one overview. Learn about their purpose and when to use them.
SSH ProxyJump option
Learn about the SSH client option ProxyJump, that allows using a bastion host or jump server to connect to other systems.
SSH ForwardAgent option
Secure SSH connections and learn about the ForwardAgent option, the available values, relevant security risks, and how to configure it.
What is SSH agent forwarding?
The agent forwarding feature in SSH allows using your local SSH agent to be reached through an existing SSH connection. Learn when and how to use it.
How to start the SSH agent?
The OpenSSH agent helps with authentication by making SSH keys available. Learn how to start the SSH agent when it is not running on your Linux system.
What is the purpose of the SSH agent?
The SSH agent is a helper utility to temporarily store private keys when using public key authentication. Learn more about how this helps during daily tasks.
How to disable the usage of the SSH agent
The SSH agent can be used to simplify authentication. As that is not always preferred behavior, we can disable the SSH agent when authenticating.
SSH IdentityAgent option
OpenSSH can be configured to use an alternative SSH agent, or even none. Learn about the IdentityAgent option, available values, and how to configure it.
/etc/ssh/ssh_config
The configuration file /etc/ssh/ssh_config contains settings related to the OpenSSH client. Learn more about this file its configuration.
SSH client configuration
Linux systems are usually managed remotely with SSH. Learn how to configure and optimize the SSH client and improve its security.
SSH configuration files
OpenSSH can be configured on the server and client. Learn about the locations where SSH client settings are configured and what precedence they take.
How to show all installed packages with pacman
On Linux systems such as Arch Linux, pacman is the default package manager. Query the pacman package manager to show all installed packages.
SSH StrictHostKeyChecking option
Secure your OpenSSH configuration and learn about the StrictHostKeyChecking option, available values, and how to configure it.
SSH PasswordAuthentication option
Secure SSH connections and learn about the PasswordAuthentication option, its available values, and how to configure it.
Security Through Obscurity (STO)
What is security through obscurity? This article explains this term including examples relevant to Linux security and system hardening.
How to stop all processes of a single user
Learn how to stop all processes of a single user using the killall command. To make this work, use the --user option and specify the username.
How to disable the SSH host key check?
OpenSSH performs a host authenticity check when connecting to a system. Learn how to disable the check with the SSH option StrictHostKeyChecking.
Security concepts
Learn common security concepts that also will apply when securing Linux environments, like system hardening and implementing security measures.
Change SSH server port number
Learn how to make changes to your SSH configuration to have it running on a different port. Change it from port 22 to something like 2222.
Configure a SSH welcome message or banner
Configure a welcome message or banner for users to see before or after logging in via SSH. Here are the instructions to change the relevant configuration files.
SSH escape sequences
OpenSSH has escape sequences available to initiate special commands during an active SSH session. Learn about the available escape sequences with this overview.
How to terminate a SSH connection that does not respond to CTRL+C
Learn about SSH escape sequences and how they can help with terminating a SSH connection that does not respond to CTRL+C.
How to remove the passphrase from a SSH key
While protecting SSH keys is typically advised, it is not always feasible in automated processes. Learn how to remove the password or passphrase from a SSH key.
How to see the available SSH keys in the OpenSSH authentication agent
The SSH agent can load stored SSH keys into memory for authentication purposes. Use the ss-add command to show the available SSH keys that are loaded.
SSH: Frequently Asked Questions
Frequently asked questions about SSH, such as SSH keys, configuration, and usage.
Kill
The kill command can be used on Linux systems to send a defined signal to a process. Learn how to use it and what signals are available.
What is a zombie process?
A zombie process, or defunct process, has completed execution, but has still an entry in the process table. Learn more about a zombie process on Linux.
How to kill a zombie process
How to kill a zombie process on Linux if it no longer responds to kill -9? Learn about zombie processes, including a few last steps that you can try.
How to show a running process name and its process ID (PID)
When running a Linux system, you may need to find the process ID (PID) and process name. On Linux we can do this with the help of the pgrep command.
How to find all process IDs by its process name
Each process on Linux has its own number. Discover this number is called the process ID (PID). Learn how to find the PID for a running process by name.
Linux process signals and their meaning
Want to know the difference between SIGHUP, SIGKILL, and SIGTERM? Learn about Linux process signals, including a list and description.
How to kill a running process by its name
Linux administrators can interact in multiple ways with running processes. Learn how to find and stop a running process on Linux by searching for its name.
Processes: Frequently Asked Questions
Frequently asked questions about running processes on a Linux systems, such as starting and stopping processes, query information, and monitoring them.
Sysctl net.*
The kernel has a wide range of network settings. Learn about the sysctl command and the values related to the network class.
Sysctl: net.ipv4.ip_forward
The sysctl key net.ipv4.ip_forward key is used to define IP forwarding of IPv4 network packets. Learn about the possible values of this key and their meaning.
How to see the the network IP address of your system
Show IP address information on Linux with the help of the ip command. Learn which subcommands to use to query the relevant details.
How to see the IP address of your internet connection
Show the IP address of your internet connection using the dig or the curl command. Learn which options can be used to find out this information.
How to see which DNS server is used
Find the active DNS server being used by reviewing the network configuration, including common commands to query this information.
How to find writable files
Use the find command to search for any files on Linux that are writable. To make this work, the -perm option of find can be used.
Apt-file
The command apt-file can help with discovering which files belong to a package or what package installed or provides them. Learn which options to use.
Apt cheat sheet
The cheat sheet for the apt package manager to cover the most used options. Learn how to get more out of the apt command.
How to see the size of a directory
Disks will eventually fill up. Learn how to quickly see the size of a directory or folder on Linux systems using the du command.
How to see hidden files
Files starting with a dot are usually hidden on Linux. Learn how to see any hidden files on the command line or in the terminal using the ls command.
How to see files greater than a specific size
Learn how to see files smaller or bigger than a specific defined size on Linux, using the du command. Or use the find command to achieve a similar result.
How to find when the last modification happened in a directory
Linux filesystems typically store file modification timestamps. Learn how to find the last modification time of a file or subdirectory in a specified directory.
How to see inode usage
Linux file systems use inodes, unique references to link to a file or directory. Learn how to see inode usage on a Linux file system or mount point.
How to see used and free disk space
Learn how to see used and remaining disk space on Linux systems by gathering the statistics of file systems and mount points using the df command.
Monitoring USB communications using usbmon interface
The Linux kernel controls hardware access, including for USB. Learn how to monitor USB devices with the usbmon kernel module, together with Wireshark or Tshark.
Files
An overview of common Linux files and directories and their purpose. Learn why these files exist, file permissions, and other details about them.
/etc/ssh/sshd_config
The configuration file /etc/ssh/sshd_config contains settings related to the OpenSSH server daemon. Learn more about this file its configuration.
Networking
Everything related to networking, from the network configuration up to DNS resolving. Test and configure your system with these articles.
How to see the number of open connections on Linux
Linux has in-depth details, including about network connections. Show the number of open connections using the ss command on Linux.
How to see when a process was started
Linux has in-depth process information. Learn more about processes, such as when a process was started, using the ps tool.
How to see when the system was started (uptime)
There are multiple ways to see when a Linux system was started, such as using the uptime command, but also with commands like ps.
Smem
The command smem can help showing memory usage, including the usage of swap. Here are the most common options explained.
Iftop
The command iftop shows ongoing bandwidth usage on one or more network interfaces and is a great tool for troubleshooting network issues.
How to see active connections and bandwidth usage on Linux
Show the bandwidth usage and active connections by using the iftop tool on Linux. Learn how to use the tool to quickly find out this information.
Pidstat
Linux systems may use the pidstat command to retrieve system information such as details about CPU, memory, and disk activity by processes.
Troubleshooting CPU usage
Articles and information about troubleshooting system performance issues with focus on CPU usage.
Check if a directory or file exists
How to check if a directory or file exists within a shell script? This can be achieved by using an operator of the test command.
Network
Articles and information about troubleshooting network performance issues and monitoring network statistics
Lscpu
The lscpu command reports information about the CPU, such as architecture, vendor identification, virtualization features, cache, and even CPU vulnerabilities.
Memory
Articles and information about how memory, such as RAM, is being used on Linux systems. Great for system administration and troubleshooting purposes.
Nstat
The command nstat provides network interface statistics on Linux and can be used for monitoring and troubleshooting. Learn about the available nstat options.
System performance
Articles and tools to troubleshoot Linux system performance issues. Learn more about the available tools and good one-liners.
Swap memory information
Memory pages might need to be swapped to disk if the physical memory is full. Troubleshoot Linux system performance issues with focus on swap memory.
Sysctl: kernel.perf_event_paranoid
Secure the Linux kernel with the help of the sysctl kernel.perf_event_paranoid key, including the possible values and their meaning.
Methods to find the Linux distribution and version
Learn how to find the Linux distribution and version of a system. Use the right tool or file to find the relevant details.
System administration
Everything related to managing Linux systems, from discovering what Linux distribution is running, up to full configuration and automation.
Commands
All Linux commands that you might want to know about for system administration. For popular commands, there is also a cheat sheet available.
Dmidecode cheat sheet
Want to see all hardware details of a system? Then dmidecode is your friend, helping to decode all information from the SMBIOS specification.
How to see memory information such as type and speed
Linux systems have a wide range of supporting utilities available. Show memory information such as memory type, the number of banks in use, and speed.
How to securely delete a file and its contents
Need to delete the contents of a sensitive file on Linux? Instead of just deleting it with rm, have a look at some other options for a more secure deletion.
How to see the creation date of a file
Linux may store the initial creation of a file. Learn how to use the stat command to find this initial creation time of a file, also known as its birth time.
What is a tainted kernel
The Linux kernel is marked tainted when a specific event happened that could impact reliable troubleshooting of kernel issues. Learn about the relevant events.
How to find the specific cause of a tainted kernel
The Linux kernel can mark itself as being 'tainted'. Learn what it means when the Linux kernel is tainted and in particular the underlying cause.
Kernel: Frequently Asked Questions
Frequently asked questions about the Linux kernel and kernel security.
Sysctl
Learn about the sysctl command and how it can help with kernel tunables to alter the system configuration and perform additional security hardening.
Sysctl kernel.*
The Linux kernel has a range of settings that influence the behavior of the kernel itself. Learn about sysctl settings and values related to the kernel class.
Kernel.tainted
Improve the Linux security by understanding and configuring the sysctl kernel.tainted key, including the possible values and their meaning.
Kernel
The Linux kernel consists of many components. Learn from topics related to kernel itself, its configuration, up to security and querying information.
Ip cheat sheet
Want to see or configure every piece of information about networking, including routing on Linux? Forget tools like netstat and learn using the ip command.
How to see errors and dropped packets on a network interface on Linux
Show the network link details using the ip command to find out if a network has errors or dropped packets on a Linux system.
Lsof cheat sheet
Get information about open files on Linux using the lsof command. This cheat sheet covers many common uses for using lsof and how to use it.
Ss cheat sheet
If you want to learn more about network connections on Linux, then ss is the tool to get the job done. Learn how to use it with this cheat sheet.
Networking: Frequently Asked Questions
Frequently asked questions about networking, such as DNS, IP configuration, TCP/UDP details, and more.
How to show all installed packages on Ubuntu
Query the package manager to show installed packages on Ubuntu systems including version details. This can be done with the dpkg command and --list option.
Package manager: Frequently Asked Questions
Frequently asked questions about software, such as package manager, package versions, and how to configure them.
List installed packages on a Linux system
Learn how to show installed packages on Linux systems. This overview covers common package managers including those for AlmaLinux, Debian, openSUSE, and Ubuntu.
How to see BIOS details
The BIOS details can be displayed from within Linux itself. Learn how to query these details and where to find more information.
Hardware: Frequently Asked Questions
Frequently asked questions about hardware information on Linux systems, such as BIOS details, hard disks, USB devices, memory, and other details.
Settings for systemd units
Systemd units can be configured with a lot of fine-grained settings. This overview shows which settings are available and what they do.
Systemd settings
Systemd can be configured and fine-tuned beyond imagination. This section covers what and where you can configure them, such as the many unit settings.
How to find the biggest directories on disk
Find the biggest directories and files on disk by using the du command. The output can be sorted using numeric values to find the biggest entries.
How to see all masked units with systemctl
Want to find all masked unit files on a Linux system running systemd? In this article we show how to do this with systemctl and query those units.
How to see the last X lines with journalctl
Limit the output from journalctl by defining the number of lines you want to see by using the '-n' option, optionally with the service itself.
How to disable a systemd unit with systemctl
Want to disable a service or specific systemd unit? Use the systemctl command to configure units and disable it on boot or completely.
How to start and enable a unit with systemctl
Systemd can start and enable a unit, such as a service at the same time. Learn how to use systemctl more efficiently to achieve this this action.
How to show failed units with systemctl
Want to check the system for failed systemd units? In this article we show how to do this with systemctl and query the units with a failure state.
Systemd: Frequently Asked Questions
Frequently asked questions about systemd, systemctl, and journalctl. Learn by practical examples how to use these tools.
File systems: Frequently Asked Questions
Frequently asked questions about file systems, file permissions, directories and files.
Systemctl cheat sheet
Learn how to get every piece of information from systemd units, such as services and timers, including its configuration and status.
Adding the Expires header to improve caching static content in nginx
Want to improve caching on your nginx web server? Learn how to set the Expires header and enhance your nginx configuration.
Strip one or more characters from a variable or output
Want to delete one or more characters from a variable or piped output? There are multiple ways to achieve this using standard system utilities.
AWK cheat sheet
When it comes to a powerful tools on Linux, AWK is definitely one to know. This cheat sheet explains the basics and shows many useful one-liners
Introduction in Linux file permissions
Learn the basics of how a Linux system applies file permissions. We look at examples to demystify the permissions mean and learn to troubleshoot common issues.
Linux file systems
All articles about the purpose of a file system and how it works. Learn how to become a specialist to further secure your system.
Making scripts (more) secure and safe
When you create a shell script, many things can go wrong. With a few basics you can catch errors easier and at the same time make your scripts (more) fail-safe.
Prompt for user input in a shell script
How to prompt users in your shell script, like asking answer Yes or No? In this article we look at options to achieve this.
Linux tools to bulk rename files
Want to rename files in bulk, but looking for a good tool that can be used on Linux? This article has your covered, with several options.
The 101 of ELF files on Linux: Understanding and Analysis
An step-by-step introduction into ELF files. Learn the structure and format, to understand how binaries and libraries on Linux systems work.
Livepatch: Linux kernel updates without rebooting
Livepatch is a feature to do live kernel patching for Linux systems. It allows applying security updates without rebooting the system. Learn how it works!
How to secure a Linux system
Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.
The state of Linux security in 2017
The year 2017 is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments.
Linux security myths
So what is true about Linux security and what isn't? In this article we look at common security myths when it comes to Linux.
GDPR Compliance: Technical Requirements for Linux Systems
An insight in the technical aspects and requirements for Linux systems when it comes to compliance with the GDPR, the General Data Protection Regulation.
Configure the minimum password length on Linux systems
One of the options to improve password security is by setting a minimum password length. This article explains how to configure and test this security step.
Beginners guide to traffic filtering with nftables
The replacement of iptables is known as nftables. In this article, we learn to install nftables and configure it, to secure your Linux systems.
The purpose of the /etc/networks file
Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file and show some configuration.
Interview: MalwareMustDie and their Linux malware research
Linux malware, research, and more in this interview with unixfreaxjp, te is the leader and founder of the malware research group MalwareMustDie.
How to see the version of Oracle Linux
Oracle Linux is based on Red Hat Enterprise Linux. At first, it may be confusing to determine what specific Oracle version of the operating system is used.
Discover to which package a file belongs to
With the right Linux software tools, it is easy to find to which package a file belongs. Or the opposite, what files are part of an installed package.
How to use grep (with examples)
Grep is a powerful utility on Linux. Want to get more out of the tool? This article will show you how to use it including many practical examples.
How to solve an expired key (KEYEXPIRED) with apt
Software updates and package management is easy, until you get a KEYEXPIRED message. In this article we should how it happens and the way to solve it.
Difference between CentOS, Fedora, and RHEL
With so many Linux distributions, one might ask what the differences between CentOS, Fedora, and RHEL. In this article we cover these three.
Linux and rise of Ransomware
The availability of ransomware on Linux is growing. This is the story behind how things started and what we can expect to be next in the near future.
Linux hardening with sysctl settings
The Linux kernel can be secured with the help of kernel tunables called sysctl keys. Learn how system hardening principles can be applied using sysctl.
How Linux Security Fails to be Simple
Linux Security Should be Simple, Right? Why that is not a reality, and we might never achieve it is discussed in this article.
Understanding Linux privilege escalation and defending against it
The best way to defend a system is by understanding how attackers work. Learn about privilege escalation on Linux and discover the measures and tools.
Automatic Security Updates with DNF
The dnf package manager and dnf-automatic tool can be used for automated security patching on Linux systems. It requires only a few steps to set it up.
Dealing with Linux Malware, Insights by the Author of rkhunter
Malicious software plague computers for more than 40 years and most likely this threat will never stop. What should you know about it to protect yourself?
Differences between iptables and nftables explained
An overview of the differences between firewall technologies iptables and nftables. We highlight the major differences like simplicity and management.
Block IP addresses in Linux with iptables
Use iptables and ipset to create a blocklist and block one or more IP addresses on Linux. This guide will explain how to use and configure blocklists.
Linux vulnerabilities: from detection to treatment
How to deal with Linux vulnerabilities? This article shares the insights, methods, and tools to help with detection and prevention on Linux systems.
List network interfaces on Linux
Show the available network interfaces and information on Linux with the right tools. We cover common replacements for iptables and netstat, with examples.
In-depth Linux Guide to Achieve PCI DSS Compliance and Certification
This is the technical Linux guide to achieve compliance with the PCI DSS standard. Become compliant, with Linux tips for configuration and auditing.
Strace cheat sheet
The strace utility is diverse and helpful in performance tuning, troubleshooting, and monitoring process activity. Get the most out of this powerful tool!
Monitor file access by Linux processes
Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.
Kernel hardening: Disable and blacklist Linux modules
The Linux kernel provides modular support to allow loading kernel modules during runtime. To prevent security issues, learn how to disable or blacklisting.
Increase kernel integrity with disabled Linux kernel modules loading
The Linux kernel can be configured to disallow loading new kernel modules. Learn how this may help and how to configure this behavior in the sysctl settings.
Security Integration: Configuration Management and Auditing
Configuration management and system auditing go hand in hand. In this article we cover both and learn why this combination is so powerful.
Using SSH keys instead of passwords
Linux systems are usually managed remotely with SSH, often still using passwords. Time to switch over to SSH keys and here is how to do that.
SSH server configuration
Linux systems are usually managed remotely with SSH. Learn how to configure the SSH server daemon and improve its security.
Password Security with Linux /etc/shadow file
Learn the structure of the /etc/shadow file and what the fields mean. After reading, the file should be less cryptic than it was before.
PCI DSS Linux: Creation and deletion of system-level objects
The PCI DSS standard defines Creation and deletion of system-level objects. For Linux systems this might be handled with the Linux audit framework.
An Introduction Into Linux Security Modules
Security frameworks like SELinux, AppArmor, and SMACK, provide protection to Linux. Learn about these Linux security modules (LSM).
Docker Security: Best Practices for your Vessel and Containers
In-depth article about Docker security features, best practices and its history. With container technology evolving, Docker security can be challenging..
PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)
PCI DSS compliance control 10.2.4 mandates to monitor invalid logical access attempts. For Linux we can use the Linux audit framework to monitor for this event.
PCI DSS Linux: Logging of administrative actions with root privileges
PCI DSS requires logging of administrative actions, including commands executed by the root user or using sudo. Learn how to set up accounting and auditing.
How to check if your Arch Linux system needs a reboot
Want to check if a reboot of the system is needed on Arch Linux? Here is how that can be done including the relevant commands.
Exporting nftables rules and configuration
Nftables has an export subcommand available to make it easier to export firewall rules via the nft command line utility. Let's discover the options.
Linux capabilities 101
Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.
Protect against ptrace of processes: kernel.yama.ptrace_scope
Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.
Linux Capabilities: Hardening Linux binaries by removing setuid
Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.
PCI DSS Linux: No write access to shared system binaries
PCI compliance demands that no write access is allowed to shared system binaries. Let's use several tools to determine if write access is allowed.
Alternatives to Bastille Linux: system hardening with Lynis
Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.
Linux Security Scanning for Dummies
Security scanning can be boring and time consuming. In this article we have a look at how simple it can be, when it comes to security scans.
5 things you didn’t know about shell scripting
Shell scripting doesn't have to be boring. Let's look at a few common things that many don't know about about shell scripts.
Check for a required reboot on Debian and Ubuntu systems
Debian based systems, like Ubuntu, need sometimes a reboot as well. We have a look on determining if a required reboot is needed and due to what packages.
Security Program: Implementing Linux Security
We have a look at implementing Linux security in IT environments and the related success criteria. Let's plan for success and get those measures implemented!
Do NOT use Linux hardening checklists for your servers
The solution to avoid using Linux hardening checklists for your servers is simple. With proper automation and regular checks, checklists could be avoided.
Linux Security for DevOps
With security getting more and more attention, we focus on Linux security for DevOps. Also DevOps will need hardening, auditing and dealing with compliance.
Detecting Linux rootkits
Linux rootkits are malicious components to maintain unauthorized access. In this article about intrusion detection we have a look at rootkits and detection.
Audit security events on Unix systems
Protecting computer networks consists of implementing preventative measures, including system auditing. Let's have a look how this relates to Linux.
Audit SuSE with zypper: vulnerable packages
Stay up-to-date with security patching is part of a decent security management process. This article looks into vulnerable packages on OpenSuSE.
Auditing Linux processes: The Deep Dive!
In-depth article about auditing Linux processes. Determination of running processes, memory and on-disk structure and the proper tools for analyzing them.
Linux server hardening and best practices
One of the myths is that Linux systems are secure by default. Learn what kind of measures you can implement and which security tools help with that.
Become a Linux Auditor: What to know?
Tips for people who would like to perform audits on Linux and become a Linux auditor in particular. Including hints regarding certifications and tools.
Auditing Linux: what to audit?
When auditing a Linux system, it might be hard to determine what to audit actually. This article will provide some guidance and tips.
Become a Linux auditor: tips to start with auditing the Linux platform
Guide to become a Linux auditor in just a matter of minutes. Focus on how to determine running processes, installed software or possible vulnerabilities.
Linux server security: Three steps to secure each system
Article about Linux server security and guidance for securing your Linux systems. Focus on auditing, hardening and compliance, to improve security defenses.
Linux kernel security and how to improve it
Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.
Conducting a Linux Server Security Audit
Performing a Linux server security audit can be a time consuming process. In this article the most important parts are explained including automation.
Open source vulnerability scanner for Linux systems – Lynis
Learn more about vulnerability scanning on Linux systems using the Lynis auditing tool. Check for weaknesses and security measures that can be implemented.
Configuring and auditing Linux systems with Audit daemon
Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.
CAATTs for Linux: Lynis
Article about a tool within CAATTs for Linux: Lynis. Helping auditors with computer-assisted audit tools and techniques, with focus on Linux and Unix scans.
Antivirus for Linux: is it really needed?
Is antivirus really needed on Linux systems? The honest answer is that it depends on your situation and what you are running. Let's have a look why.
How to deal with a compromised Linux system
Is your Linux system compromised or does it run suspicious processes? Learn how to investigate the system and create an action plan.
Auditing Linux: Software Packages and Managers
Article about how to audit and check installed software packages and their security by using the related package managers.
Securing Linux: Audit with Lynis (an introduction into auditing)
Introduction article into securing Linux based systems by performing a scan with Lynis. After this first audit it will be much easier to harden the system!
Linux Audit: Auditing the Network Configuration
This article describes how to audit the network configuration of Unix and Linux based systems, with useful tips for auditors and system administrators.