The Most Influential Linux Security Blogs

Linux Security Blogs

Finding quality blogs about Linux security can be challenging. We made an effort to seek the best and most influential blogs on the internet. What makes it influential? It should have quality articles, regularly updated and tailored to Linux or UNIX security. The countless “How to” websites are skipped.

Months of searching and reading resulted in a list of blogs, sorted by category. If you are interested in the developments on Linux security, add them to your RSS feed reader. For some subjects we couldn’t find a specialized blog yet. In that case, we added some filler articles from our own Linux Audit blog. If you have a better replacement, we love to hear.

Linux Developers

Some of the most influential people to Linux security are those who do work on it. While they don’t specifically specialize in one subject, it wouldn’t be fair to leave them out.

Kees Cook

Kees currently works for Ubuntu. He does kernel development and focuses on several areas related to security. One of these areas is seccomp, a framework to restrict the available system calls to processes. Very useful for sandbox implementations, or restricting your web browser. The Chrome browser is known to have implemented it.

Kees has its own blog and can be found on Twitter.

Malware Research

One of the names to come in mind for malware research is Lenny Zeltser. He is the creator of the REMnux Linux distribution, which helps you performing malware analysis. He can be found on Twitter as well.

In the same field, you can’t ignore the people behind research group Malware Must Die!, or MMD. They cover a lot Linux related malware and explain on their blog how it works.

Compliance

PCI DSS compliance

Many companies have articles about PCI DSS on their website. Unfortunately, I couldn’t find a quality blog which covers PCI and Linux in particular.

Suggested article:

System Hardening

No particular blog is known to specifically talk a lot about this subject. Here is an alternative post we created:

SELinux

When thinking about SELinux, two names come directly to mind: Paul Moore and Dan Walsh. Both have their own blog, usually talking about the developments on SELinux. Paul includes the yearly “State of SELinux” presentations on his personal site, which is giving on the Linux security summit.

Others

Some blogs cover more generic subjects. We have found at least the blog of Robert Penz, who writes on a regular basis about Linux, or IT security. Enough to consider them also specialized enough to make it to our reader list.

Then there is Major Hayden, a system engineer focused on automation and security. He writes about a wide range of topics, usually sharing problems he encounters while doing his work. Great for those encountering the same issues, and don’t want to spend the same amount of time he had to.

Another valuable resource is the blog of Mattias Geniar. Not strictly for security alone, but a lot of good quality articles and unique content.

 

Got other tips of great blogs? Let us know in the comments.

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package




Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Download

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.