System Administration

Essential System Tools: Firejail – Excellent Security Sandboxing

Last Updated on May 28, 2022

Summary

What makes Firejail so special it qualifies for inclusion in our Essential System Tools feature? Above all, it puts users first.

It’s really easy to install and use. More time to spend actually using software. Most people won’t need any custom configuration. There’s a wide range of software which come with sandbox profiles.

The software helps to reduce the risk of security breaches. It’s lightweight and while it uses CPU cycles, the overhead is remarkably low. Firejail sandboxes do not each run their own copy of a full-blown operating system. Instead they operate in a resource-isolated environment created by standard facilities of your system’s existing Linux kernel. As such, despite the high level of protection offered, the overhead of running a Firejail sandbox is extremely low. So your software, including games, run at full steam, unlike a full virtualisation environment.

Firejail is an excellent tool for the security conscious. While it adds a layer of protection, you should use it with other security tools. We use it mainly for web browsing, and to lock down services.

There’s no socket connections open, and no daemons running in the background.  All security features are implemented directly in Linux kernel.

Website: firejail.wordpress.com, Firetools
Support: GitHub Code Repository
Developer: netblue30 and contributors
License: GNU General Public License v2

Firejail is written in C. Learn C with our recommended free books and free tutorials.

Pages in this article:
Page 1 – Introduction / Installation
Page 2 – In Operation
Page 3 – Other Features
Page 4 – Firetools
Page 5 – Summary

All the essential tools in this series:

Essential System Tools
AlacrittyInnovative, hardware-accelerated terminal emulator
BleachBitSystem cleaning software. Quick and easy way to service your computer
bottomGraphical process/system monitor for the terminal
btop++Monitor usage and stats for CPU, memory, disks, network and processes
catfishVersatile file searching software
ClonezillaPartition and disk cloning software
CPU-XSystem profiler with both a GUI and text-based
CzkawkaFind duplicate files, big files, empty files, similar images, and much more
ddrescueData recovery tool, retrieving data from failing drives as safely as possible
dustMore intuitive version of du written in Rust
f3Detect and fix counterfeit flash storage
Fail2banBan hosts that cause multiple authentication errors
fdupesFind or delete duplicate files
FirejailRestrict the running environment of untrusted applications
GlancesCross-platform system monitoring tool written in Python
GPartedResize, copy, and move partitions without data
GreenWithEnvyNVIDIA graphics card utility
gtopSystem monitoring dashboard
gWakeOnLANTurn machines on through Wake On LAN
hyperfineCommand-line benchmarking tool
HyFetchSystem information tool written in Python
inxiCommand-line system information tool that's a time-saver for everyone
journalctlQuery and display messages from the journal
kmonManage Linux kernel modules with this text-based tool
KrusaderAdvanced, twin-panel (commander-style) file manager
NmapNetwork security tool that builds a "map" of the network
nmonSystems administrator, tuner, and benchmark tool
nnnPortable terminal file manager that's amazingly frugal
petSimple command-line snippet manager
PingnooGraphical representation for traceroute and ping output
ps_memAccurate reporting of software's memory consumption
SMCMulti-featured system monitor written in Python
TimeshiftReliable system restore tool
QDirStatQt-based directory statistics
QJournalctlGraphical User Interface for systemd’s journalctl
TLPMust-have tool for anyone running Linux on a notebook
UnisonConsole and graphical file synchronization software
VeraCryptStrong disk encryption software
VentoyCreate bootable USB drive for ISO, WIM, IMG, VHD(x), EFI files
WTFPersonal information dashboard for your terminal
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Please read our Comment FAQ before posting a comment.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments