Ubuntu security features¶ Overview of security features in Ubuntu¶ Overview of security features Additional Documentation Platform protections¶ Platform protections CPU features Devices UEFI Secure Boot Trusted Platform Module Privilege restriction¶ Privilege restriction AppArmor Cgroups (Control Groups) Filesystem Capabilities PR_SET_SECCOMP Seccomp Filtering SELinux SMACK Cryptography¶ Cryptography Cloud PRNG Seed Disable Legacy TLS Password Hashing Cryptographic Algorithms Encryption libraries in Ubuntu Algorithms per Ubuntu release Process and memory¶ Process and memory protections Default compiler flags File handling protections Address Space Layout Randomisation (ASLR) 0-address protection /dev/mem protection /proc/$pid/maps protection ptrace scope Non-Executable Memory Pointer Obfuscation Heap Protector Kernel protections¶ Kernel protections Block kexec Block module loading Denylist Rare Protocols dmesg restrictions Kernel Address Display Restriction Kernel Address Space Layout Randomisation /dev/kmem disabled Kernel Lockdown Kernel Stack protector Read-only data sections Module RO/NX Storage¶ Storage and filesystem File Encryption Full disk encryption (FDE) Encrypted LVM Network and firewalls¶ Network and firewalls No Open Ports SYN Cookies Firewall nftables
