Difference between revisions of "Linux Security"

m
Moved sandboxing to it's own section
imported>Dalto
(Replaced checksums with file integrity monitoring)
imported>Dalto
m (Moved sandboxing to it's own section)
Line 132: Line 132:


Instructions for using configuring aide can be found on [https://github.com/aide/aide/blob/master/doc/manual.html the AIDE Github site].
Instructions for using configuring aide can be found on [https://github.com/aide/aide/blob/master/doc/manual.html the AIDE Github site].
=Sandboxing=
A '''Sandbox''' is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading.
One method of sandboxing is using Firejail.  Please the [[Firejail|Firejail Wiki page]] for more information on installing and configuring Firejail.




Line 148: Line 156:
* You can detect "zombie" processes and delete them.
* You can detect "zombie" processes and delete them.
* You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system.
* You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system.
* "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running. You can also use virtual machines, but this is not their main purpose.
 


==Apps==
==Apps==
Anonymous user