Beginners Guide to nftables Traffic Filtering

Traffic filtering with nftables Many Linux administrators became familiar with iptables and ip6tables. Less familiar are tools like arptables and ebtables. Meet the successor of them all: nftables, a packet filtering framework, with the goal to replace all the previous ones. After reading this guide you will be able to configure your own firewall configuration. Step by step we will show how nftables work. Although no knowledge of iptables is needed, we will share some differences with iptables where applicable. […]

Read more

How are auditd and Lynis different?

Differences between auditd and Lynis Recently I received the question what the difference is between auditd and Lynis. Both focus on auditing, that part is clear. For someone not familiar with both software tools, the technical differences may not directly be obvious. Time to write about that, for everyone that has the same question. Comparing functionality Let’s start with a quick introduction in both tools. Audit daemon Auditd is the daemon process in the Linux Audit Framework, written and maintained by […]

Read more

Understand and configure core dumps on Linux

Linux and core dumps Every system needs running processes to fulfill its primary goal. But sometimes things go wrong and a process may crash. Depending on the configuration of the system a core dump is created. In other words, a memory snapshot of the crashed process is stored, usually on a disk drive. The term “core” actually refers to the old magnetic core memory from older systems. Although this type of memory is no longer being used, we still use […]

Read more

The purpose of /etc/networks

The purpose of /etc/networks Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does […]

Read more

Understanding memory information on Linux systems

Understanding Linux memory information Every operating system needs memory to store program code segments and data. This is also true for Linux systems. The problem: there is a lot of information available regarding memory usage and its behavior. Let’s discover how Linux manages its memory and how we can gather memory information. Great for troubleshooting, but also to learn more about the inner workings of our system. Random access memory When we talk about memory in this article, we usually mean […]

Read more

Linux and ASLR: kernel/randomize_va_space

Configuring ASLR with randomize_va_space The Linux kernel has a defense mechanism named address space layout randomization (ASLR). This setting is tunable with the randomize_va_space setting. Before making changes to this setting, it is good to understand what this Linux security measure does. Understanding ASLR In 2001 the term ASLR was first introduced as a patch to the Linux kernel. Its main goal was to randomize memory segments to make abuse by malicious programs harder. A normal program consists of several […]

Read more

Livepatch: Linux kernel updates without rebooting

Maximize uptime with livepatch If you run a Linux server, software patching is a task that will have to be performed on a weekly (or daily) basis. Although most programs can be auto-restarted with a tool like needrestart, there is one exception: the kernel. Wouldn’t it be a nice if we could patch the kernel, without the mandatory reboot? Here is livepatch, the feature of the Linux kernel that makes it possible. Kernel Live Patching Core Although there are more […]

Read more

Interview: MalwareMustDie and their Linux malware research

Linux malware, research, and more With great pleasure, we interviewed unixfreaxjp. He is the leader and founder of the malware research group MalwareMustDie. We want to learn about their activities, Linux malware, and useful skills for security professionals. Keep reading! Interview MalwareMustDie About the MalwareMustDie organization So for those never heard about MalwareMustDie, can you tell us who you are? As stated on our web site. MalwareMustDie, is a white-hat anti cybercrime security research workgroup. launched in August 2012, is an Non […]

Read more
12327