BPFILTER: the next-generation Linux firewall

The Linux community has a continuous drive to enhance the GNU/Linux kernel. When we look at network traffic filtering, we moved from ipchains to iptables. More recently we saw the introduction of nftables. Next in line is BPFILTER, part of the development work for the Linux 4.18 kernel. What is BPFILTER? BPFILTER is short for BPF based packet filtering framework. In other words, it is a framework that does packet filtering and is based on BPF. Interestingly, BPF itself is an acronym […]

Read more

How to become a Linux security expert?

Wanted: Linux Security Experts Years ago it was a challenge to find screenshots of devices running Linux. Nowadays, Linux can power phones, TV’s, computer systems, mainframes, and many more devices. With more devices, the demand for Linux knowledge will continue to grow. At the same time, the demand for security is higher than ever. All the media attention and regulations like GDPR, asks for more Linux security specialists. In this post, the goal is to answer the question: How to become a Linux […]

Read more

The state of Linux security in 2017

Linux security (2017 edition) The year is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments. Did we forget something important? Let us know in the comments. This post will remain updated in the upcoming weeks. As this post may appear on HN, Reddit, Slashdot, and other high-traffic sites, this post is heavily cached. Comments may show up with some delay.   January: MongoDB, Debian […]

Read more

Troubleshooting a full /boot partition on Ubuntu

A regular issue with systems running Ubuntu is that may fill up the /boot partition. After trying several options, we found a way to do this in three steps. Opposed to other solutions, you don’t need to move files or do other tricky things on your system. Still a word of caution: any tasks you run on your system is your own responsibility. When possible, make backups, snapshots, etc. The error: Unmet dependencies Typically you will discover if the unmet dependencies […]

Read more

Linux security myths

Myth busting: Linux security As the author of Lynis, I have to run several Linux systems for testing Linux security defenses. And if you do something long enough, some get to see you as a Linux security expert. When that happens, you get asked questions. Surprisingly they are often related to some of the myths. Time to share a few I got asked. If you received this link from me directly, then most likely you asked one :) Linux systems […]

Read more

Postfix Hardening Guide for Security and Privacy

Postfix Security and Privacy Postfix is a common software component on servers for receiving or sending email. It has a lot of configuration options available, including those to improve your Postfix security. This security and privacy guide looks into Postfix hardening. After you are finished, your system will have improved defenses against spam, abuse, and leaking sensitive data. Time to start! Table of Contents Why Postfix hardening Preparation Test the existing Postfix configuration Backup your Postfix configuration Find your Postfix version […]

Read more

Understanding what runs on your Linux system (and why)

Linux processes and daemons Each Linux system has a bunch of processes running. Most of these processes might be familiar to you if you regularly use a command like ps or top to display them. Processes may look like just an item in a list. They are actually complicated pieces of code that are tamed by a memory manager. To truly understand how your system is running, knowledge of process (or memory) management is of great help. So let’s make […]

Read more

Vulnerable packages on FreeBSD: pkg audit

Auditing FreeBSD with pkg audit FreeBSD is definitely another beast than Linux. In some areas, FreeBSD is really a powerful operating system. Package management is maybe not the first one you may think of. Typically FreeBSD users have two options when it comes to installing packages. Ports collection The ports tree allows the administration to build software they need, with the compilation flags he or she prefers. This makes the software optimized and typically the last versions are available. The downside […]

Read more
12329