linux

Administering Linux systems and distributions including package management (apt/yum/pacman), systemd service management, filesystems, user and permission management, network configuration, shell scripting (bash), and performance troubleshooting with tools like top, journalctl, strace, and ssh.

linux

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

This work addresses the challenge of highly manual and non-generalizable environment configuration in repository-level software engineering tasks by introducing RAT, the first language-agnostic framework for fully automated repository setup. RAT establishes an end-to-end pipeline comprising semantic initialization, task planning, invocation of specialized tools, and robust sandbox construction. To evaluate such systems realistically, the authors also release RATBench, the first benchmark reflecting the true distribution and heterogeneity of real-world code repositories. Experimental results demonstrate that RAT significantly outperforms strong existing baselines on RATBench, achieving an average 29.6% improvement in Environment Setup Success Rate (ESSR). This advance overcomes prior limitations that relied on predefined artifacts or were confined to specific programming languages.

automated environment configurationautonomous code agentsexecutable environments

A Study of Malware Prevention in Linux Distributions

Nov 17, 2024
DV
Duc-Ly Vu
🏛️ Eastern International University | Chainguard | Purdue University

This study addresses the challenge of preventing and detecting malware in Linux distribution package repositories. Through in-depth interviews with maintainers of major distributions, we find that most lack proactive static or dynamic scanning mechanisms—only Wolfi OS deploys runtime malicious behavior detection. To enable rigorous evaluation, we construct the first open, reproducible benchmark dataset of malicious Linux packages, comprising real-world attack samples and benign counterparts. We systematically evaluate six mainstream open-source detection tools (e.g., ClamAV, YARA) against this benchmark. Results reveal pervasive limitations: all tools suffer from both high false-positive rates and low true-positive rates, with an average true positive rate below 20%, indicating severely limited efficacy in the Linux ecosystem. This work establishes the first empirical benchmark for Linux supply-chain security and provides critical evidence of current tooling failures—thereby motivating and informing the design of targeted, Linux-aware detection frameworks.

Evaluates effectiveness of current malware detection toolsIdentifies gaps in open-source malware scanners' performanceStudy explores malware prevention in Linux distributions

This paper presents a systematic review of core challenges in software deployment, including reproducibility, dependency resolution, trust mechanisms, and fine-grained incremental builds. It offers the first comprehensive evaluation of Nix’s pure functional approach across build systems, package management, system configuration, and development environments. Through dependency graph modeling and taxonomic analysis of related tools, the study clarifies Nix’s contributions to ensuring reproducible builds while exposing its limitations in trust establishment and incremental build support. The work further synthesizes cutting-edge community-driven solutions addressing these shortcomings and outlines promising directions for future research in reliable and efficient software deployment.

dependency resolutionincremental buildsreproducibility

Linux Kernel Configurations at Scale: A Dataset for Performance and Evolution Analysis

May 12, 2025
HB
Heraldo Borges
🏛️ Univ Rennes | Pontifical Catholic University of Rio de Janeiro

Existing research is hindered by the lack of large-scale, Linux kernel configuration datasets that span multiple kernel versions and provide fine-grained, quantitative metrics. To address this, we introduce LinuxData—a curated dataset comprising over 240,000 automatically sampled configurations across 27 kernel versions (4.13–5.8), uniformly annotated with compilation outcomes and binary sizes. Our approach enables, for the first time, cross-version prediction of compilation success rate and binary size with high accuracy (mean absolute percentage error <3.2%). This supports advanced configurable-system analyses, including configuration-space modeling, evolutionary analysis, and transfer learning. The dataset is publicly released with a lightweight Python API, OpenML integration, and standardized machine learning benchmarking pipelines. By providing reproducible, version-aware ground truth and streamlined evaluation infrastructure, LinuxData significantly enhances both reproducibility and generalizability in configurable systems research.

Challenges in predicting configuration impacts across kernel versionsLack of large-scale Linux kernel configuration dataset for analysisNeed for systematic performance and evolution tracking in kernel options

EarlyCrow: Detecting APT Malware Command and Control over HTTP(S) Using Contextual Summaries

Feb 07, 2025
AA
Almuthanna Alageel
🏛️ Imperial College London

To address the challenge of advanced persistent threat (APT) groups leveraging HTTP(S) for stealthy command-and-control (C2) communications that evade mainstream network intrusion detection systems (NIDS), this paper proposes a lightweight, real-time detection framework based on contextual summarization. Our method innovatively integrates cross-session behavioral modeling and semantic-aware traffic summarization, overcoming limitations of single-request feature analysis and encrypted-traffic black-box inspection. It jointly leverages HTTP protocol parsing, session graph construction, temporal context encoding, and contrastive learning for anomaly scoring. Evaluated on real-world APT samples and large-scale background traffic, our framework achieves 98.3% detection rate, 0.12% false positive rate, and average latency under 3.2 seconds—significantly outperforming existing state-of-the-art approaches. The core contribution is the first realization of fine-grained, low-overhead, and high-temporal-resolution contextual awareness for HTTP(S) C2 traffic.

Detect APT malware command and controlFocus on HTTP(S) using contextual summariesImprove detection accuracy with PairFlow format

Latest Papers

What's happening recently
View more

This study addresses the verification challenges faced by open-source software—particularly Linux distributions—under diverse and overlapping compliance requirements. It presents the first systematic empirical analysis of over 1,500 real-world “compliance-as-code” rules drawn from 14 major distributions. Employing static analysis, textual similarity metrics, code clustering, and cross-standard mapping techniques, the research uncovers significant disparities in rule coverage across vendors and reveals that while rule rationales exhibit semantic fragmentation, their underlying code snippets often display localized similarity. The work identifies 24 core security controls commonly adopted by more than ten international organizations and establishes preliminary mappings between these rules and emerging regulatory frameworks such as the Cyber Resilience Act (CRA). These findings lay a theoretical and practical foundation for scalable, automated compliance verification and dynamic rule updating.

Compliance as Codecompliance rulesCyber Resilience Act

Existing package managers suffer from semantic fragmentation due to language- and operating system-specific differences, making it difficult to precisely express cross-language dependencies, versioned system or hardware requirements, and hindering effective security vulnerability tracking. To address these challenges, this work proposes Package Calculus—the first unified formal model that captures the core mechanisms of mainstream package managers through semantic reduction. Serving as an intermediate representation, Package Calculus enables translation and resolution of dependencies across heterogeneous ecosystems. The model facilitates cross-language and cross-platform dependency interoperability and supports global analysis, thereby establishing a rigorous theoretical foundation and practical pathway for dependency resolution and security research.

dependency graphdependency resolutionmultilingual projects

Caruca: Effective and Efficient Specification Mining for Opaque Software Components

Oct 16, 2025
EL
Evangelos Lamprou
🏛️ Brown University | New York University | University of Pennsylvania | UCLA | Stevens Institute of Technology

The lack of formal specifications for opaque Unix commands hinders the practicality of program analysis systems. Method: This paper introduces the first automated specification mining approach that synergistically integrates large language models (LLMs) with system-level instrumentation: LLMs parse unstructured command documentation to generate structured syntactic and semantic constraints; concurrent system-call and filesystem instrumentation dynamically observes command behavior across diverse environments, extracting key properties—including input domains, side effects, and error modes. Contribution/Results: Our method achieves the first end-to-end, LLM-driven specification synthesis across commands and heterogeneous documentation formats, supports multiple standard specification outputs (e.g., SMT-LIB, JSON Schema), and integrates seamlessly with static analyzers. Evaluated on 60 commands—including GNU Coreutils, POSIX utilities, and third-party tools—it attains a 98.3% specification correctness rate, fully eliminating manual specification authoring.

Automates specification mining for opaque software components like shell commandsExtracts command properties through concrete execution and system-call interpositionTranslates command documentation into structured syntax using large language models

A General Solution for the Implementation of CI/CD in Embedded Linux Development

Oct 22, 2025
BA
Behnam Agahi
🏛️ Amirkabir University of Technology

To address poor reproducibility, low build efficiency, and insufficient deployment automation in embedded Linux system customization, this paper proposes a three-layer extensible architecture based on the Yocto Project. The architecture integrates GitLab CI and Docker to ensure environment isolation and enable continuous integration and deployment (CI/CD), while incorporating a local hash server (hashserv) and shared sstate cache server to significantly improve build artifact reuse. It supports automated real-time Linux kernel builds, QEMU-based simulation testing, and validation across six distinct boot scenarios. Experimental evaluation demonstrates substantial reduction in build time, markedly enhanced system stability and build reproducibility, and strong scalability and engineering deployability for industrial-grade applications.

Automating embedded Linux development with CI/CD pipelinesEnsuring version synchronization and reproducibility in buildsReducing build time through optimized caching mechanisms

Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages

Nov 13, 2025
DV
Duc-Ly Vu
🏛️ Eastern International University | University of Information Technology | Grenoble INP - Ensimag

To address the challenges of detecting obfuscated malicious code in open-source packages—namely, high false-positive rates in static analysis and prohibitive overhead in conventional dynamic analysis—this paper proposes a lightweight dynamic analysis enhancement method. It executes target packages within a containerized sandbox (gVisor) and extends the *package-analysis* tool to capture fine-grained runtime behaviors, including command execution, file access, and network communication. By decoupling analysis from the host system, the approach eliminates associated security risks and significantly reduces resource consumption. Furthermore, semantic modeling of behavioral patterns improves detection sensitivity to obfuscated payloads, achieving a 32.7% reduction in false positives and a 28.4% increase in true-positive rate. The core innovation lies in the synergistic integration of reinforced behavioral monitoring with a lightweight containerized sandbox, yielding a dynamic malware detection framework for open-source packages that is secure, efficient, and highly accurate.

Analyzing malicious packages safely with container sandboxing technologyDetecting obfuscated malware in open-source packages using dynamic analysisReducing false positives in malware detection through runtime behavior monitoring

Hot Scholars

QR

Qusai Ramadan

University of Southern Denmark
Software EngineeringEngineering Trustworthy Software Systems
DL

Duc-Ly Vu

Lecturer at Eastern International University
SecurityMachine LearningSoftware supply chain securityOpen source security
ST

Santiago Torres-Arias

Assistant Professor of Electrical and Computer Engineering, Purdue University
Software Supply Chain SecuritySystems SecurityApplied Cryptography