Migration tips for Lynis to version 2.3.1 and beyond

Lynis migration tips Usually a lot of work is put into new releases. So it is a shame if most users don’t use the latest version, right? Surprisingly, that still happens a lot. In the recent past, users of Lynis had to rely on external package maintainers, custom package building, or manually downloading the latest release. Debian and RPM packages If you are running a system that uses the DEB or RPM format, you might want to use our new […]

Read more

Unused Linux Users: Delete or Keep Them?

What to do with unused Linux users? We get often the question what one should do with unused users on Linux. Everyone who looked in the /etc/passwd file will recognize them, strange usernames. A great example is UUCP, or Unix-to-Unix Copy. Once used for communication on direct lines, now another piece of history in our password files. The Options Before we make any decision on dealing with unused Linux accounts, we should look at the most obvious choices we have. The […]

Read more

Three big changes and reasoning behind Lynis 2.3.0

Lynis 2.3.0 Last two releases we invested a lot of work in rebuilding our auditing tool Lynis. The original code is from 2007, and we have plans to add a lot of new tests. Before doing so, we decided to give Lynis a good spring cleanup and enhance its core. This way it will properly deal with the upcoming weight of the new tests. These major changes also mean a slightly different approach in some areas. So here is the […]

Read more

Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

Introduction into Ed25519 OpenSSH 5.6 added support for Ed25519 as a public key type. It is using an elliptic curve signature scheme, which offers better security than ECDSA and DSA. At the same time it also has good performance. This type of keys may be used for user and host keys. With this in mind, it is great to be used together with OpenSSH. In this article we have a look at this new key type. DSA or RSA Many […]

Read more

Linux hardening with sysctl

Sysctl Hardening The GNU/Linux kernel powers a lot of systems, from big mainframes to the Android device in your pocket. If you want to achieve more security on your Linux systems, it would make sense to start hardening there, right? While improving security of the kernel looks easy at first sight, there is more to it than initially meets the eye. In this guide we have a look at the kernel and a common interface called sysctl. Why Invest Time […]

Read more

Blog migrated to HTTPS, HTTP/2, and more

Our blog is about Linux security, so one day it had to be migrated to HTTPS. Last weekend that migration (finally) happened. After a few days of testing, it is now live with the following options: HTTPS by default New HTTP/2 protocol Available via IPv4 and IPv6 Caching Before, we had our blog running with Pound and a Varnish cache. We also optimized these two software packages for both performance and security. With those gone, a lot of optimizations had […]

Read more
12331