Passionate about Linux hardening, compliance, security management and new technologies.

Protect against ptrace of processes: kernel.yama.ptrace_scope

Protect against the usage of Ptrace Hardening the kernel with kernel.yama.ptrace_scope Ptrace is a great troubleshooting tool for developers to determine how a process functions. It can be used to find programming flaws, like memory leakage. On the other hand, the tool also be used by people with malicious intent. For example to debug a process as a non-privileged user and find the contents of application memory. Yama Linux has the ability to include Linux Security Modules, to provide additional […]

Read more

Auditing systemd: solving failed units with systemctl

Auditing systemd Solving failed units with systemctl Systemd is an alternative service manager to the more traditional init system. To ensure the system is healthy, failed units should be investigated on a regular basis. Sooner or later a unit might fail and showing up the systemctl listing. In this article we have a look at how to solve it. Why do services fail? During the start of the system, enabled services are started and queued to be executed. Most processes […]

Read more

Filtering ARP traffic with Linux arptables

Filtering ARP traffic with Linux arptables Most Linux system administrators will be familiar with iptables on Linux. Less known is the arptables utility, which controls filtering arp packets. Installation The arptables utility is easy to set-up, as the main functionality is already implemented in the Linux kernel. Just install the arptables package on your favorite Linux distribution. Red Hat / CentOS / Fedora yum install arptables Debian / Ubuntu apt-get install arptables Configuration example To show the effect of filtering […]

Read more

How to clear the ARP cache on Linux?

How to clear the ARP cache on Linux? In some cases, you might need to clear your ARP cache. There are two common ways on Linux, using the arp or ip utility. Depending on your Linux distribution, it might be preferred to use the ip utility. Clearing cache with arp The arp utility does not accept an option to clear the full cache. Instead, it allows to flush out entries found with the -d option. root@ubuntu:~# arp -d 192.168.1.1 After […]

Read more

Using xattrs or Extended Attributes on Linux

Using xattrs or Extended Attributes on Linux Extended attributes, xattrs for short, are an extensible mechanism to store metadata along files. In other words, they describe some additional properties of the file. Normally this information is limited, like ownership and dates. With xattrs more information can be stored about the file. Support for xattrs Not all file systems have support for xattrs, but nowadays the most common ones support it (EXT4, Btrfs, ReiserFS, JFS and ZFS). To determine if your […]

Read more

Linux Capabilities: Hardening Linux binaries by removing setuid

Linux Capabilities Hardening Linux binaries by removing setuid Normally Unix based systems use two kind of processes: privileged and unprivileged. The first category is usually used for administrative purposes, like starting and stopping other processes, tuning the kernel and opening sockets. Root permissions The command ping is a great example why even small programs needs root permissions. In a first glance you might consider this tool to be simple: send a package to a host and see if it responds. The […]

Read more

PCI DSS (v3) Linux: No write access to shared system binaries (A.1.2.c)

No write access to shared system binaries A.1.2.c Verify that an entity’s users do not have write access to shared system binaries Shared system binaries should be protected, as they form the basis of your system. PCI compliance (A.1.2.c) demands that users do not have write access to shared systems binaries. The only exception is of course the root user, so software upgrades are still possible. Paths for system binaries Depending on the distribution used there are several directories which […]

Read more

GPG key generation: Not enough random bytes available.

Not enough random bytes available Generating keys with GnuPG Anyone who wants to create a new key set via GnuPG (GPG) may run into this error: We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available.  Please do some […]

Read more
1171819202129