Security professional Michael Boelen writes about Linux security, system hardening, and related subjects. He worked as a consultant for multinational companies before he started CISOfy. Michael is involved with open source software and created several projects. Among them are Rootkit Hunter (rkhunter), a malware scanner for Linux and other platforms. He is also the creator and lead developer of Lynis, a tool that helps with hardening Linux systems. You can find more information about Michael on his website https://michaelboelen.com or via Twitter.

Locking users after X failed login attempts with pam_tally2

Using pam_tally2 on Linux Most Linux distributions use pluggable authentication modules (PAM). This modular type of configuration allows system administrators to configure and fine-tune the authentication of users. It also defines the behavior on specific events, like providing an invalid user account or password. PAM can use these events to automatically take an action, like locking an account. Introduction to PAM The configuration of PAM is not that hard, but there are risks involved in the process of making changes. […]

Read more

GDPR Compliance: Technical Requirements for Linux Systems

GDPR for Linux systems What is GDPR? GDPR or General Data Protection Regulation is a regulation to protect personal data from citizens of the European Union (EU). When speaking about stored data, it includes the handling of data at any given time, from the initial creation of the data, until the final deletion of it. One of the important parts is the right to ‘know’. That means that individuals can ask what data is stored about them. Another request they may make is […]

Read more

Configure the minimum password length on Linux systems

Linux and password strength One of the options to improve password security is by setting a minimum length. This prevents users from choosing easy passwords. As part of Linux system hardening, you don’t want your passwords to be cracked too quickly by modern password crackers. Configuration Login settings The first area where you can set a password length is in /etc/login.defs. The related setting is PASS_MINLEN and already tells us it is about the minimum length of a password. Modern Linux […]

Read more

The state of Linux security

Linux security and its developments In the last 10 years, GNU/Linux achieved something some foreseen as almost impossible: powering both the smallest and biggest devices in the world and everything in between. Only the desktop is not a conquered terrain yet. The last years had a great impact on the world. Both from a real-life perspective, as digitally. Some people found their personal details leaked on the internet, others found their software being backdoored. Let’s have a look back on […]

Read more

First-time open source contributor: Eric Light

Thoughts from a first-time contributor to open source software In this article, we learn from a first-time contributor to open source. His name is Eric Light and lives in New Zealand. We came in contact via the Lynis project and I interviewed him to share his experiences. MB: Thanks for taking the time Eric. Can you describe a little bit about yourself? I started working with computers when I was eight years old, back when my uncle gave me an […]

Read more

Beginners Guide to nftables Traffic Filtering

Traffic filtering with nftables Many Linux administrators became familiar with iptables and ip6tables. Less familiar are tools like arptables and ebtables. Meet the successor of them all: nftables, a packet filtering framework, with the goal to replace all the previous ones. After reading this guide you will be able to configure your own firewall configuration. Step by step we will show how nftables work. Although no knowledge of iptables is needed, we will share some differences with iptables where applicable. […]

Read more

How are auditd and Lynis different?

Differences between auditd and Lynis Recently I received the question what the difference is between auditd and Lynis. Both focus on auditing, that part is clear. For someone not familiar with both software tools, the technical differences may not directly be obvious. Time to write about that, for everyone that has the same question. Comparing functionality Let’s start with a quick introduction in both tools. Audit daemon Auditd is the daemon process in the Linux Audit Framework, written and maintained by […]

Read more

Understand and configure core dumps on Linux

Every system needs running processes to fulfill its primary goal. But sometimes things go wrong and a process may crash. Depending on the configuration of the system a core dump is created. In other words, a memory snapshot of the crashed process is stored. The term core actually refers to the old magnetic core memory from older systems. Although this type of memory is no longer being used, we still use this term on Linux systems. Enough for history, let’s […]

Read more

The purpose of the /etc/networks file

What is /etc/networks file? Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does […]

Read more

Understanding memory information on Linux systems

Every operating system needs memory to store program code segments and data. This is also true for Linux systems. The problem: there is a lot of information available regarding memory usage and its behavior. Let’s discover how Linux manages its memory and how we can gather memory information. After reading this guide, you will be able to: Show the total amount of memory Display all memory details Understand the details listed in /proc/meminfo Use tools like dmesg, dmidecode, free, and vmstat […]

Read more

Linux and ASLR: kernel/randomize_va_space

Configuring ASLR with randomize_va_space The Linux kernel has a defense mechanism named address space layout randomization (ASLR). This setting is tunable with the randomize_va_space setting. Before making changes to this setting, it is good to understand what this Linux security measure actually does and how it works. Understanding ASLR In 2001 the term ASLR was first introduced as a patch to the Linux kernel. Its main goal was to randomize memory segments to make abuse by malicious programs harder. A […]

Read more

Interview: MalwareMustDie and their Linux malware research

Linux malware, research, and more With great pleasure, we interviewed unixfreaxjp. He is the leader and founder of the malware research group MalwareMustDie. We want to learn about their activities, Linux malware, and useful skills for security professionals. Keep reading! Interview MalwareMustDie About the MalwareMustDie organization So for those never heard about MalwareMustDie, can you tell us who you are? As stated on our web site. MalwareMustDie, is a white-hat anti cybercrime security research workgroup. launched in August 2012, is an Non […]

Read more

Using encrypted documents with vim

Encrypting files with vim Everyone has secrets. Or at least some data you don’t want to show others, right? Vim is a common editor to be found on Linux systems. It has an option to create and use encrypted files. We will look at how to configure it and use this encryption capability. Encryption is the process of fiddling with data so that others no longer can’t read it. The idea is that you still can, so when we speak […]

Read more

Changing file permissions on macOS (and using flags)

Using file flags on macOS While performing system hardening on macOS, you may encounter a typical chmod error. Something like this: chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags. Showing file permissions and flags To see if a file has any flags set, use the ls command with the l (el) and O (capital o). ls -lO /usr/bin/gcc […]

Read more

Is your /etc/hosts file healthy?

Audit your /etc/hosts file The /etc/hosts file is one of the few files you will always find on a Linux system. It stores the ‘hosts’ database, and can be used to resolve between IP addresses and hostnames. Although the file is very simple structured, it is still common to see minor issues with name resolving on systems. Guess what, your /etc/hosts file might be causing more trouble than you think. A regular check up won’t hurt. Order matters in name resolving […]

Read more
123415