Passionate about Linux hardening, compliance, security management and new technologies.

Hiding the Nginx version number

Hiding the Nginx version number If you care about security, making your system “lean” is one very good start. Remove all clutter, like unused packages. It is part of system hardening and considered a good practice. This also applies to leaking of version numbers, which can only be harmful. Yes.. it is security through obscurity. But why would you reveal specific details about your environment to attackers? In this article we have a look at the very popular Nginx web server daemon. […]

Read more

Audit security events on Unix systems

Audit security events on Unix systems Protecting computer networks consists of implementing preventative measures, but especially properly implementing detection methods. These digital tripwires can be used for intrusion detection, or proper handling security events on Unix systems. Security events First we have to define a few events which are or can be security related. To get easily started, we focus on 3 tips to implement security events on Unix systems. 1. File changes Some files you don’t want to change […]

Read more

OpenSSH security and hardening

Securing the OpenSSH service SSH (Secure SHell) is a commonly used protocol for secure data communications between systems. It is rare to find systems not having this service running. As this opens up a potential gateway into the system, hardening the configuration of the SSH server is an important step in server hardening. In this guide, we will harden the OpenSSH service and increase the security defenses of the system. We will focus on several common configuration options of SSH and […]

Read more

Using File ACLs on Linux for Additional Security

Using File ACLs on Linux for Additional Security File ACLs can increase security due to the more granular permission structure. Still the use of ACLs is often not known to system administrators, resulting in directories and files having inappropriate file permissions. When to use Example: a directory could be configured with very tight permissions, including a proper owner and group. Normally the “Other” (everyone) group would have to be used to open up the file for people outside the owner […]

Read more

Audit SuSE with zypper: vulnerable packages

Audit (Open)SuSE with zypper: vulnerable packages Proper software management is an important part in keeping your system secured. Acting on time is important, especially when network services have discovered security vulnerabilities. Vulnerable packages Usually packages with known security vulnerabilities, get priority and updates are soon available. The risk in installing these packages is fairly low, as they don’t introduce new features. Instead, they fix the related security hole, which sometimes is nothing more than 1 single character! Check your system […]

Read more

Linux audit – Log files in /var/log/audit

Linux audit – Log files /var/log/audit By default the Linux audit framework logs all data in the /var/log/audit directory. Usually this file is named audit.log. /var/log/audit/audit.log This is the default log file for the Linux audit daemon. The file has a capture of all related audit events. It has been configured in auditd.conf: root@server# cat /etc/audit/auditd.conf log_file = /var/log/audit/audit.log   Usually there is no reason to alter this location, unless a different storage location is preferred. For safeguarding of the […]

Read more

5 Tips to protect the Root account

Protecting the Root account Like systems running Windows have an account named Administrator, Unix systems have their equal named “root”. This user with user id zero (0), have unlimited access to the system. Most applications implementing user access controls, apply a “backdoor” to allow this root user always access. This applies to access data, killing processes, starting kernel modules and more. Tips to protect the root user Since the root user has unlimited access to the system, it make sense […]

Read more

Hardening Guides and Tools for Red Hat Linux (RHEL)

Hardening Guides and Tools for Red Hat Linux (RHEL) System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others. Red Hat Red Hat itself has a hardening guide for RHEL 4 and […]

Read more
1222324252628