Sitemap
Abbreviations
Authentication
- Configure the minimum password length on Linux systems
- File Integrity of Password Files
- Linux password security: hashing rounds
- Password Security with Linux /etc/shadow file
- Unused Linux Users: Delete or Keep Them?
Cheat sheets
Command-line
Compliance
- PCI DSS Linux: Creation and deletion of system-level objects
- PCI DSS Linux: Logging of administrative actions with root privileges
Data processing
Definitions
Glossary
Hardware
Kernel
- Capabilities
- Increase kernel integrity with disabled Linux kernel modules loading
- Kernel hardening: Disable and blacklist Linux modules
- FAQ
- Linux kernel security and how to improve it
- syscalls
- sysctl
Linux Audit Framework
- Configuring and auditing Linux systems with Audit daemon
- Linux Audit Framework 101 – Basic Rules for Configuration
- Linux Audit Framework: using aureport
- Linux audit log: dealing with audit.log file
- Tuning auditd: high-performance Linux Auditing
Linux file systems
- FAQ
- How to compare two directories and find the differences
- How to display directory contents sorted by modification time
- How to find symbolic links that point to a directory
- How to find the biggest directories on disk
- How to find when the last modification happened in a directory
- How to find writable files
- How to monitor disk activity (I/O) on Linux
- How to securely delete a file and its contents
- How to see files greater than a specific size
- How to see hidden files
- How to see inode usage
- How to see the creation date of a file
- How to see the file type on Linux
- How to see the size of a directory
- How to see the size of a file
- How to see used and free disk space
- How to find hard links or files that point to a specific file
- Linux file permissions
- Understanding the output of the stat command
Linux Security
Linux security frameworks
Lynis
- Differences between Lynis and Lynis Enterprise
- Find differences between two daily Lynis audits
- How to create custom tests in Lynis
- How to deal with Lynis suggestions?
- How to keep Lynis up-to-date?
- How to update Lynis
- How to use Lynis
- How to use Lynis plugins
- Installation of Lynis on Arch Linux systems
- Lynis hardening index
- Lynis stuck during testing
- Major release: Lynis 3.x
- Securing Linux: Audit with Lynis (an introduction into auditing)
- Troubleshooting guide for Lynis
- Viewing available test categories in Lynis
- What’s New in Lynis 2: Features
Malware
- Antivirus for Linux: is it really needed?
- Dealing with Linux Malware, Insights by the Author of rkhunter
- Interview: MalwareMustDie and their Linux malware research
- Linux and rise of Ransomware
- Monitoring Linux Systems for Rootkits
Networking
- Filtering ARP traffic with Linux arptables
- iptables
- Linux DNS Tuning for Performance and Resilience
- Linux Security Guide for Hardening IPv6
- FAQ
- How to see active connections and bandwidth usage on Linux
- How to see errors and dropped packets on a network interface on Linux
- How to see open ports on Linux
- How to see the default gateway on Linux
- How to see the IP address of your internet connection
- How to see the number of open connections on Linux
- How to see the the network IP address of your system
- How to see the TTL value of a DNS record
- How to see which DNS server is used
- How to see which process is using a port
- How to show network TCP statistics and counters
- Show to clear the DNS cache with systemd
- nftables
- Which Linux process is using a particular network port?
Processes
- Kill a process that won't respond to CTRL+C
- Linux process signals and their meaning
- FAQ
- How to find all process IDs by its process name
- How to kill a running process by its name
- How to kill a zombie process?
- How to see cgroup in ps output
- How to see the cgroup of a process
- How to show a running process name and its process ID (PID)
- How to stop all processes of a single user
- What is a zombie process?
Security concepts
Shell scripting
- Check if a directory or file exists
- Making scripts (more) secure and safe
- Prompt for user input in a shell script
- Strip one or more characters from a variable or output
Software
- Audit installed compilers and their packages
- How to promote your open source project
- Package manager
- Secure Software Development: CII Best Practices
- Software Patch Management for Maximum Linux Security
- Troubleshooting
- Understand and configure core dumps on Linux
- Why remove compilers from your system?
- Why we use your open source project (or not)
SSH
- Audit SSH configurations: HashKnownHosts option
- Change SSH server port number
- Configure a SSH welcome message or banner
- Distributing SSH keys: using ssh-copy-id, manually, or automated
- Granting temporary access to your servers (using signed SSH keys)
- OpenSSH security and hardening
- Restrict SSH access to only allow rsync
- SSH Configuration
- SSH escape sequences
- FAQ
- How to add a SSH key to the SSH agent
- How to disable the SSH host key check?
- How to disable the usage of the SSH agent
- How to remove the passphrase from a SSH key
- How to see the available SSH keys in the OpenSSH authentication agent
- How to see the SSH log?
- How to start the SSH agent?
- How to terminate a SSH connection that does not respond to CTRL+C
- How to test the sshd configuration for configuration errors?
- What is SSH agent forwarding?
- What is the purpose of the SSH agent?
- Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)
- Using SSH keys instead of passwords
System administration
System hardening
- Are security hardening guides still useful?
- Hardening guides
- Why Linux security hardening scripts might backfire
System performance
systemd
- Auditing systemd: solving failed units with systemctl
- Hardening profiles
- Run0: introduction and usage
- Commands
- Systemd features to secure units and services
- Settings
- Units
- CapabilityBoundingSet
- DeviceAllow
- DevicePolicy
- ExecPaths
- InaccessiblePaths
- IPAccounting
- LockPersonality
- MemoryDenyWriteExecute
- NoExecPaths
- NoNewPrivileges
- PrivateDevices
- PrivateTmp
- ProcSubset
- ProtectClock
- ProtectControlGroups
- ProtectHome
- ProtectKernelLogs
- ProtectKernelModules
- ProtectKernelTunables
- ProtectProc
- ProtectSystem
- ReadWritePaths
- RestrictAddressFamilies
- RestrictNamespaces
- RestrictRealtime
- RestrictSUIDSGID
- RuntimeDirectoryMode
- SocketBindAllow
- SocketBindDeny
- SystemCallArchitectures
- SystemCallFilter
- UMask
- Units
- Systemd syscall filtering
- Systemd timers
- Systemd units and their purpose
- FAQ
- How to check if 'systemctl daemon-reload' is needed
- How to check if a systemd service is enabled?
- How to check if systemd is being used or active
- How to clear systemd journal logs by time
- How to disable a systemd unit with systemctl
- How to disable the background color of run0
- How to limit the disk usage of the systemd journal
- How to override the settings of a systemd unit
- How to reload or restart a systemd service?
- How to reload the systemd configuration
- How to schedule a periodic task with systemd
- How to see active systemd timers
- How to see all active systemd units of one type
- How to see all enabled services with systemctl
- How to see all masked units with systemctl
- How to see kernel messages with journalctl
- How to see logging for a specific unit or service
- How to see memory usage of a service with systemctl?
- How to see new log entries automatically with journalctl
- How to see only recent journal entries
- How to see only running services with systemctl
- How to see the active settings of a systemd unit
- How to see the available systemd unit types
- How to see the dependencies of a systemd unit
- How to see the last X lines with journalctl
- How to see the size of the systemd journal
- How to see the time synchronization details with timedatectl
- How to see which syscalls are part of a systemd syscall filter set
- How to set environment variables in a systemd unit?
- How to show failed units with systemctl
- How to show the systemd machine ID
- How to start and enable a unit with systemctl
- How to use systemctl edit to change a service?
- How to verify a systemd unit for errors?
- What does systemctl daemon-reload do?
- What is a masked systemd unit?
- What is a systemd unit?
- What is systemd?
- What is the difference between systemctl disable and systemctl mask?
- Why does systemctl list-units show units as 'not-found'?
- Troubleshooting a failed systemd unit (with examples)
Vulnerabilities
- Audit SuSE with zypper: vulnerable packages
- Forget Linux Vulnerability Scanning: Get Better Defenses
- How to protect yourself against Shellshock Bash vulnerability
- Linux vulnerabilities: from detection to treatment
- Open source vulnerability scanner for Linux systems – Lynis
- Protect Linux systems against SSLv3 Poodle vulnerability
- Show vulnerable packages on Arch Linux with arch-audit
- The Difference Between Auditing and Vulnerability Scanning
- Vulnerabilities and Digital Signatures for OpenBSD Software Packages
- Vulnerability Scanning: The Destiny to Disappointment?
- Vulnerable packages on FreeBSD: pkg audit
- Why Auditing and Vulnerability Scanning are Different Things
Web
- Adding the Expires header to improve caching static content in nginx
- Configure HSTS (HTTP Strict Transport Security) for Apache and Nginx
- Delete a HSTS Key Pin in Chrome
- Deleting Outdated HPKP Key Pins in Firefox
- Hardening nginx with systemd security features
- Hiding the nginx version number
- How the web changes with HTTP/2: Performance and Security
- How to block POST requests in nginx
- How to log only some requests to a log file in nginx
- How to see all virtual hosts in nginx
- Nginx security hardening guide
- Pre-compress static assets with Brotli and Gzip
- Protect against the BEAST attack in Nginx
- Securing nginx configurations: implementing OCSP stapling
- Test web server caching with curl