more on Linux features and hardening
Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)
Security face-off: Red Hat's SELinux vs. SUSE AppArmor, others
access control - Comparsion Between AppArmor and Selinux - Information Security Stack Exchange
Linux hardening: a 15-step checklist for a secure Linux server | Network World
What is PAM? – Information & Technology – Medium
Linux Security - YouTube
How to protect Linux from Hackers // My server security strategy! - YouTube
Blacklisting modules on Linux | Network World
22 essential Linux security commands | Network World
ASLR
How ASLR protects Linux systems from buffer overflow attacks | Network World
Address Space Isolation and the Linux Kernel | Linux Journal
Ubuntu Hardening
Locking Down Linux: Using Ubuntu as Your Primary OS, Part 1 (Physical Attack Defense) « Null Byte :: WonderHowTo
Locking Down Linux: Using Ubuntu as Your Primary OS, Part 2 (Network Attack Defense) « Null Byte :: WonderHowTo
Locking Down Linux: Using Ubuntu as Your Primary OS, Part 3 (Application Hardening & Sandboxing) « Null Byte :: WonderHowTo
Locking Down Linux: Using Ubuntu as Your Primary OS, Part 4 (Auditing, Antivirus & Monitoring) « Null Byte :: WonderHowTo
SELinux
SELinux Wiki
Security-Enhanced Linux - Wikiwand
Your visual how-to guide for SELinux policy enforcement | Opensource.com
http://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf
AppArmor
AppArmor - Wikiwand
AppArmor - Ubuntu Wiki
Documentation · Wiki · AppArmor / apparmor · GitLab
Ubuntu Manpage: AppArmor - kernel enhancement to confine programs to a limited set of resources.
14.4. Introduction to AppArmor
sudo apt-get install apparmor-profiles apparmor-utils
sudo aa-enforce /etc/apparmor.d/*The Comprehensive Guide To AppArmor: Part 1 – Information & Technology – Medium
Linux Apparmor Security Tool
seccomp
seccomp - Wikiwand
Sandboxing in Linux with zero lines of code
Namespace
Introduction to Linux namespaces - Part 1: UTS | Yet another enthusiast blog!
Introduction to Linux namespaces - Part 2: IPC | Yet another enthusiast blog!
Introduction to Linux namespaces - Part 3: PID | Yet another enthusiast blog!
Introduction to Linux namespaces - Part 4: NS (FS) | Yet another enthusiast blog!
Introduction to Linux namespaces – Part 5: NET | Yet another enthusiast blog!
Docker for your users - Introducing user namespace | Yet another enthusiast blog!
A deep dive into Linux namespaces – Chord Simple
A deep dive into Linux namespaces, part 2 – Chord Simple
A deep dive into Linux namespaces, part 3 – Chord Simple
A deep dive into Linux namespaces, part 4 – Chord Simple
Namespaces in operation, part 1: namespaces overview [LWN.net]
namespaces(7) - Linux manual page
Cgroup
Control groups
cgroups - Wikiwand
cgroups(7) - Linux manual page
https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
https://www.kernel.org/doc/Documentation/cgroup-v2.txt
Control Group v2 — The Linux Kernel documentation
Containers
see
docker-ecosystem.md#runc
seedocker-ecosystem.md#security
Libcontainer exposes a easy interface to lower level Linux security features to "contain" the environment. It accesses five namespaces -- Process, Network, Mount, Hostname, and Shared Memory -- to work with Linux.
Containers are Linux – OpenShift Blog
Linux Containers and the Future Cloud (PDF)
Tutorial: "Namespaces and CGroups, the basis of Linux containers" (Rami Rosen) | Netdev 1.1 PDF
FOSDEM 2016 - How containers work in Linux