Difference between revisions of "Linux Security"
m
Moved sandboxing to it's own section
imported>Dalto (Replaced checksums with file integrity monitoring) |
imported>Dalto m (Moved sandboxing to it's own section) |
||
Line 132: | Line 132: | ||
Instructions for using configuring aide can be found on [https://github.com/aide/aide/blob/master/doc/manual.html the AIDE Github site]. | Instructions for using configuring aide can be found on [https://github.com/aide/aide/blob/master/doc/manual.html the AIDE Github site]. | ||
=Sandboxing= | |||
A '''Sandbox''' is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. | |||
One method of sandboxing is using Firejail. Please the [[Firejail|Firejail Wiki page]] for more information on installing and configuring Firejail. | |||
Line 148: | Line 156: | ||
* You can detect "zombie" processes and delete them. | * You can detect "zombie" processes and delete them. | ||
* You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system. | * You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system. | ||
==Apps== | ==Apps== |