Difference between revisions of "Linux Security"

Line 147:

* You can detect "zombie" processes and delete them.

* You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system.

* "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running.

* "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running. You can also use virtual machines, but this is not their main purpose.

[[Category:Contents Page]]

@@ Line 147: / Line 147: @@
 * You can detect "zombie" processes and delete them.
 * You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system.
-* "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running.
+* "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running. You can also use virtual machines, but this is not their main purpose.
 [[Category:Contents Page]]