Last change: 2025-01-28
Harden systemd services with this step-by-step guide to gather the right information to define sandboxing features and secure and protect resources from misuse.
Last change: 2025-01-28
Firejail is a tool to sandbox applications to restrict what they can do. It is a useful tool to limit the risk on privilege escalation and exploits.
Last change: 2025-01-28
Seccomp, or secure computing, is a security measure in the Linux kernel that allows processes to protect themselves against unexpected or unwanted behavior.
Last change: 2025-01-28
Harden system and users services, by defining if they are allowed to use specific syscalls or groups, with the use of systemd unit setting SystemCallFilter.
Last change: 2025-01-28
Learn more about the system calls (syscalls) that systemd may use in commands and unit files, such as with SystemCallFilter property.