The Most Influential Linux Security Blogs

The Most Influential Linux Security Blogs

Finding quality blogs about Linux security can be challenging. We made an effort to seek the best and most influential blogs on the internet. What makes it influential? It should have quality articles, regularly updated and tailored to Linux or UNIX security. The countless “How to” websites are skipped.

Months of searching and reading resulted in a list of blogs, sorted by category. If you are interested in the developments on Linux security, add them to your RSS feed reader. For some subjects we couldn’t find a specialized blog yet. In that case, we added some filler articles from our own Linux Audit blog. If you have a better replacement, we love to hear.

Linux Developers

Some of the most influential people to Linux security are those who do work on it. While they don’t specifically specialize in one subject, it wouldn’t be fair to leave them out.

Kees Cook

Kees currently works for Ubuntu. He does kernel development and focuses on several areas related to security. One of these areas is seccomp, a framework to restrict the available system calls to processes. Very useful for sandbox implementations, or restricting your web browser. The Chrome browser is known to have implemented it.

Kees has its own blog and can be found on Twitter.

Malware Research

One of the names to come in mind for malware research is Lenny Zeltser. He is the creator of the REMnux Linux distribution, which helps you performing malware analysis. He can be found on Twitter as well.

In the same field, you can’t ignore the people behind research group Malware Must Die!, or MMD. They cover a lot Linux related malware and explain on their blog how it works.


PCI DSS compliance

Many companies have articles about PCI DSS on their website. Unfortunately, I couldn’t find a quality blog which covers PCI and Linux in particular.

Suggested article:

System Hardening

No particular blog is known to specifically talk a lot about this subject. Here is an alternative post we created:


When thinking about SELinux, two names come directly to mind: Paul Moore and Dan Walsh. Both have their own blog, usually talking about the developments on SELinux. Paul includes the yearly “State of SELinux” presentations on his personal site, which is giving on the Linux security summit.


Some blogs cover more generic subjects. We have found at least the blog of Robert Penz, who writes on a regular basis about Linux, or IT security. Enough to consider them also specialized enough to make it to our reader list.

Then there is Major Hayden, a system engineer focused on automation and security. He writes about a wide range of topics, usually sharing problems he encounters while doing his work. Great for those encountering the same issues, and don’t want to spend the same amount of time he had to.


Got other tips of great blogs? Let us know in the comments.

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)

Leave a Reply

Your email address will not be published. Required fields are marked *