1 views collected around this technical thread.
The article explains the Linux Security Module (LSM) framework, detailing its origins, hook‑based architecture, kernel integration points, initialization process, and how it enables flexible, non‑intrusive security enhancements such as SELinux, allowing multiple security modules to coexist within the Linux kernel.
A heap‑buffer‑overflow bug in sudo (CVE‑2021‑3156) lets any local user obtain root without a password, existed for a decade before being fixed, and can be tested with a simple sudoedit command on vulnerable Linux distributions.
This article walks through a real‑world Linux mining malware infection, detailing how the attacker hid a malicious cron job, used LD_PRELOAD rootkits, propagated via SSH keys, and how the analyst uncovered and removed the threat using busybox, strace, and careful forensic commands.
This article explains how SELinux enforces mandatory access control on Linux, describes its three modes, shows how to view and modify SELinux contexts for MySQL processes and data directories, and provides step‑by‑step commands to add custom paths, logs, PID files, and ports while preserving system security.
This article explains the concept of Address Space Layout Randomization (ASLR), illustrates how buffer overflow attacks work on Linux, shows step‑by‑step exploitation with disabled ASLR, analyzes memory layout calculations, and discusses the impact of PIE and modern mitigation techniques.
This article walks through a real‑world Linux mining malware incident, detailing how the attacker used a malicious crontab entry and LD_PRELOAD to hide processes, the forensic steps to uncover the payload, and practical remediation and hardening measures to prevent future compromises.
This article explains Docker's built‑in security mechanisms—including Linux kernel capabilities, image signing, AppArmor MAC, Seccomp syscall filtering, user namespaces, SELinux, PID limits and additional kernel hardening tools—provides configuration examples, command‑line demonstrations, and guidance on using them safely.
This guide explains how to permanently disable SELinux, temporarily change its mode, and provides a comprehensive tutorial on using iptables—including table concepts, basic commands, rule management, scripting, NAT configuration, and saving/restoring firewall rules—on Red Hat/CentOS Linux.
This article shares practical insights from a security director at YY Live, detailing the complex Linux security landscape, common vulnerabilities, real‑world attack techniques such as Redis abuse and privilege escalation, and a multi‑layered defense approach that balances rapid business iteration with robust protection.