Difference between revisions of "Linux Security"
Views
Actions
Namespaces
Variants
Tools
no edit summary
imported>Cscs m |
imported>Tele |
||
Line 147: | Line 147: | ||
* You can change the priorities of processes. | * You can change the priorities of processes. | ||
* You can display the process tree. '''pstree''' command | * You can display the process tree. '''pstree''' command | ||
* You can check a list of new processes from time to time | |||
* You can check what file the process comes from. You can also check to which package a file belongs. | * You can check what file the process comes from. You can also check to which package a file belongs. | ||
* You can detect "zombie" processes and delete them. | * You can detect "zombie" processes and delete them. | ||
* You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system. | * You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system. | ||
* "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running. You can also use virtual machines, but this is not their main purpose. | * "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running. You can also use virtual machines, but this is not their main purpose. | ||
==Apps== | |||
( It's hard to adjust the place, so I allowed myself such modifications ) | |||
* You can limit the number of services running at once with the system. It is less likely to have an application with a security gap. | |||
* You can control the crontab task list of each user | |||
* You can control folder or folders from which scripts or programs are run at system startup. | |||
* Try to update applications if there are any security patches available | |||
* You can verify the origin of the application | |||
[[Category:Contents Page]] | [[Category:Contents Page]] |