Linux Emergency Handbook v1.2: Key Updates & New Incident Response Practices

Following the previous article, we now provide the Linux Emergency Handbook, a practical guide designed for Linux system administrators and operations engineers to quickly handle various emergencies.

The handbook covers Linux system security, performance optimization, fault troubleshooting, and more, offering real‑world cases and step‑by‑step procedures.

Key Updates

Added backdoor check steps in the SSH key section.

Added functionality to display the exact execution time of commands in the command history section.

Added “show command execution time” and “view service logs separately” tips in the tips sharing section.

Added method using journalctl to view service logs in the log section.

Added log checking in the scheduled tasks section.

Optimized the password fill‑check command, fixing possible false‑negative reports.

Added introduction of data‑dedicated USB drives in the pre‑disposal preparation section.

Renamed the “post‑remediation stage” to “routine security check”.

Added a new post‑remediation stage focused on damage assessment and targeted investigation.

Integrated the new post‑remediation stage and routine security checks into various incident handling processes.

Improvements

Routine security check : renamed the original post‑remediation stage to more accurately reflect its purpose.

Loss assessment : added steps in the new post‑remediation stage to comprehensively evaluate incident impact.

Targeted investigation : emphasized deep, targeted checks during the post‑remediation stage to uncover overlooked security issues.

Document Download

Click “Read Original” at the lower left to obtain the PDF.