Why and when to use ProtectControlGroups The systemd unit setting ProtectControlGroups reduces write access to cgroup or Linux control groups. Information about cgroups are normally available under /sys/fs/cgroup. This setting may...

Introduction This is a hardening profile to help securing nginx by using systemd unit configuration. It’s goal is to restrict what nginx can do and make it harder for any possible vulnerability to be misused. The rationale for the...

Common journalctl options Long option Short option What the option does --catalog -x Show log lines with additional help or suggestions where available --disk-usage Show size of the archived and active journals --follow -f Track changes,...

This page contains the most recent changes to the blog.

The Linux kernel is modular, which makes it more flexible than monolithic kernels. New functionality can be easily added to a run kernel, by loading the related module. While that is great, it can also be misused. You can think of...

Solving failed units with systemctl Systemd is an alternative service manager to the more traditional init system. To ensure the system is healthy, failed units should be investigated on a regular basis. Sooner or later a unit might fail...