The Linux security subsystem enforces runtime security policy in kernel space. It evaluates process and I/O requests using Linux Security Module hooks, seccomp filters, and policy checks before allowing or denying operations.
Security decisions in Linux follow a request pipeline: request event, policy hook evaluation, and final verdict. This page visualizes how events are classified into allow, audit, or deny outcomes.
Process trust is represented as a graph driven by heuristic risk scoring. It highlights trusted, observed, suspicious, and blocked candidates to help understand the security posture in real time.
The attack surface map summarizes key indicators such as open listen ports, setuid binaries, loaded kernel modules, ptrace-capable tooling, and root process distribution.