Linux Security guides
Step-by-step, expert-written advice on linux security — no jargon, just practical guidance you can act on today.
How to Tell If You Installed a Malicious Linux Package, PPA, or AppImage
Audit recently installed apt/dnf/snap/flatpak packages, PPAs, and AppImages, and identify the malicious source.
Read guideWhat to Do If You Find a Rootkit on Linux
Why reinstalling is the only safe answer for rootkits, plus a clean rebuild plan that protects your data.
Read guideHow to Remove a Cryptominer From Linux Safely
Kill the process, clean persistence (cron, systemd, ld.so.preload), and verify you've removed all components.
Read guideHow to Recover and Re-secure SSH on Linux
Disable password auth, rotate keys, ban brute-force IPs with fail2ban, and lock SSH down to your trusted devices.
Read guideLock Down Your Linux Desktop: Updates, Firewall & Sandboxing
Harden your Linux desktop with automatic security updates, ufw firewall, AppArmor/SELinux, and Flatpak sandboxing.
Read guideHow to Remove a Malicious Package and Its PPA on Linux
Purge the package, delete the PPA or repository, and clean residual configs and dependencies.
Read guideHow to Remove Malicious Cron Jobs and systemd Services on Linux
Disable, mask, and delete malicious scheduled tasks and systemd units, and verify they don't respawn.
Read guideHow to Find Hidden Cron Jobs and systemd Services on Linux
Audit user and root crontabs, /etc/cron.*, systemd timers, and user units to find malware persistence on Linux.
Read guideHow to Identify a Browser Hijacker on Linux (Firefox & Chrome)
Spot rogue extensions, changed search engines, and forced new-tab pages affecting Firefox or Chrome on a Linux desktop.
Read guideHow to Spot a Cryptominer or High-CPU Malware on Linux
Identify perfctl, kdevtmpfsi, xmrig, and similar cryptominers using top, ps, and lsof on Linux.
Read guideHow to Check for a Rootkit on Linux
Run chkrootkit and rkhunter, audit kernel modules and hidden files, and look for tell-tale rootkit symptoms on Linux.
Read guideHow to Recover a Linux LUKS Encrypted Disk
Use a known LUKS slot, boot from a live USB, and back up your LUKS header before attempting recovery.
Read guideHow to Remove a Browser Hijacker From Linux
Reset Firefox or Chrome on Linux, delete malicious extensions, and clean leftover preferences and policies.
Read guideHow to Tell If Your Linux SSH Has Been Compromised
Audit /var/log/auth.log, last, lastb, and ~/.ssh/authorized_keys to detect SSH brute-force or successful intrusion.
Read guideHow to Safely Reset or Remove the Linux Container on a Chromebook
Back up files from Crostini, then completely remove and rebuild the Linux container to eliminate persistent malware.
Read guideHow to Spot Compromise Inside Your Chromebook Linux (Crostini) Container
Audit processes, cron jobs, and unfamiliar packages inside the Linux container on ChromeOS.
Read guide