Questions tagged [security]
Content related to computer security., i.e. content about policies, mechanisms, etc. needed make sure data is not leaked or corrupted and services available in all circumstances.
2,735 questions
4
votes
3
answers
339
views
Encrypted swap with FDE?
Years ago, it was my understanding that when installing Debian (or any Debian derivative such as Ubuntu) with FDE, swap was not encrypted despite using "full disk encryption", and that this ...
- 71
1
vote
1
answer
49
views
Are my pinned packages a security risk?
I am on a new install of Debian 13. When attempting to install ProtonVPN, I had multiple dependency issues, most of which seemed to be a result of ProtonVPN requiring Python3.11 or earlier and my ...
- 71
0
votes
1
answer
38
views
Give run0 privileges to user1 (an admin) as root?
I am very paranoid about security, trying to push the limits. I am curious about nosuid because I think it is very cool that we can prevent files from executing with elevated permissions by setting it ...
- 1
0
votes
0
answers
62
views
the shell escape security issue with the container
I have develop a latex render engine that run with kubernetes container pod, now I want to supprot the minted package that need to open the shell escape feature.
use std::process::Command;
use std::...
- 791
0
votes
0
answers
70
views
Are my ports closed to outside network?
I have a Fedora server with some ports opened on the machine firewall, namely the ssh (22), ftp (21, 30000-31000 for passive). ftp ports only accepts connections coming from within the LAN (192.168.0....
- 103
0
votes
1
answer
128
views
Brave browser full sandboxing = How to achieve full green brave://sandbox/?
I am new to the concept of Sandboxing. I run Linux Mint Debian Edition 7 with kernel 6.12.48+deb13-amd64, and just installed the Brave browser. At this moment I am trying to enable all sandbox ...
- 31.3k
0
votes
1
answer
56
views
How to block network access for a specific command in a limited K8s container (no CAP_NET_ADMIN / iptables)?
I need to safely run open-source tools inside a Linux container that may contain sensitive data. To prevent any potential data exfiltration, I want to block only this specific tool from accessing the ...
- 1
0
votes
2
answers
192
views
How to secure host system from untrusted libvirt-managed virtual machines, and them from each other?
I have Fedora Workstation 42 on a laptop, with untrusted libvirt-managed virtual machines.
I would like to secure the host from the virtual machines, and ensure they are unable to interact with each ...
- 13
1
vote
1
answer
60
views
Where can one find a repository of regex for logcheck?
I was looking at logwatch, but found that it appears to have been replaced by logcheck, and that logcheck is configured by default for just two files using various regexs to match lines in those logs.
...
- 4,971
0
votes
2
answers
110
views
checking for strong passwords in Linux as an admin
as a Linux admin I have root access and there are however many local users specified in /etc/passwd This is in RHEL-8.10 having ENCRYPT_METHOD SHA512 and /etc/security/pwquality.conf is configured ...
- 9,254
1
vote
1
answer
119
views
Restricting wayland GUI applications from accessing all screen content
I'm using Debian/trixie (current stable) and heavily containerised projects / applications via LXC/incus into unprivileged containers; each having their own isolated UID/GID range.
Most of the ...
- 33
1
vote
0
answers
112
views
Chromium browser tries to read sensitive files: ~/.ssh ~/.gnupg ~/.dbus /boot
I am experiencing very weird and suspicious issue on debian 12.
For context, I am using grsecurity + RBAC, which gives me the possibility to see what files each program wants to access. My issue is ...
- 918
2
votes
1
answer
151
views
What is the difference between keyctl search and keyctl request?
I am using keyctl to load and retrieve keys for encryption/decryption for an application.
I notice I am able to retrieve the key id of an encrypted key (for example called 'datakey') which has already ...
- 123
6
votes
2
answers
1k
views
How to quickly wipe ext4 superblocks on a NVMe SSD? Secure erase?
Based on this question: How to erase/wipe all ext4 metadata, not just the filesystem signature 53 ef?
My SSD is under warranty and I shall hand it over today, so excuse me for the hurry now.
It ...
- 31.3k
6
votes
3
answers
1k
views
Is it redundant or useful to add a UFW rule to deny root when ssh already does?
I manage a Debian (Bookworm) host. The sshd config is set to disallow login as root. I've tested that one cannot login as root, as expected.
However, I see hundreds of login attempts daily as root in /...
- 195