Security professional Michael Boelen writes about Linux security, system hardening, and related subjects. He worked as a consultant for multinational companies before he started CISOfy. Michael is involved with open source software and created several projects. Among them are Rootkit Hunter (rkhunter), a malware scanner for Linux and other platforms. He is also the creator and lead developer of Lynis, a tool that helps with hardening Linux systems. You can find more information about Michael on his website https://michaelboelen.com or via Twitter.

Is your /etc/hosts file healthy?

Audit your /etc/hosts file The /etc/hosts file is one of the few files you will always find on a Linux system. It stores the ‘hosts’ database, and can be used to resolve between IP addresses and hostnames. Although the file is very simple structured, it is still common to see minor issues with name resolving on systems. Guess what, your /etc/hosts file might be causing more trouble than you think. A regular check up won’t hurt. Order matters in name resolving […]

Read more

Tools compared: rkhunter VS Lynis

Rootkit Hunter and Lynis compared The question about what the differences are between rkhunter and Lynis is showing up more and more. Time to share the purpose of both and show the difference in its usage. As the author of both tools, I should have done this nine years ago. So with some little delay, here it is. Rootkit Hunter Written in 2003, rkhunter had the goal to detect malware on Linux and UNIX-based systems. The main target was rootkits, with […]

Read more

Why we use your open source project (or not)

Common mistakes in open source software projects While ‘shopping’ for some libraries, it struck me how many open source software projects are suffering from basic mistakes. Well, mistakes might sound too harsh. What I mean are those things you find on a project, which could be better. They are usually things not considered by the developer, as we (developers) were never told about them. Doing 10+ years of open source development now, I can safely say I made many mistakes. Time to […]

Read more

How to see the version of Oracle Linux

Determine Oracle Linux version Oracle Linux is based on Red Hat Enterprise Linux. At first, it may be confusing to determine what specific operating system is running. This is because both have the /etc/redhat-release file. If that file exists, use the cat command to display the contents. Next step is to determine if there is a /etc/oracle-release file as well. If so, then you can be sure that Oracle Linux is running. cat /etc/oracle-release Sample output might be: Oracle Linux Server release […]

Read more

Ubuntu system hardening guide for desktops and servers

The system hardening process of a system is critical during and after installation. It helps the system to perform its duties properly. This blog post shows you several tips for Ubuntu system hardening. It will dive into the most critical steps to take first. Then more specific hardening steps can be added on top of these. As most security guides only tell you what to do, we will also go into more detail on why a specific security measure is […]

Read more

Show vulnerable packages on Arch Linux with arch-audit

Vulnerable Software Packages on Arch Linux Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages. After all […]

Read more

Linux security guide: the extended version

Feeling overwhelmed with the resources available to secure your Linux system? With this Linux security guide, we walk step-by-step through the options, tools, and resources. After reading this article, you will be able to make educated decisions about what Linux security defenses to implement for your systems. You will be introduced to the right tools that help you automate and test your improvements. Instead, related articles and resources will be available in the text. The goal is to make this guide into […]

Read more

Discover to which package a file belongs to

Related Packages and Files Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions. CentOS, Fedora, RHEL Show files for RPM packages rpm -qlp /path/to/file.rpm Show files for packages on […]

Read more

How to use grep (with examples)

The grep command is one of the oldest tools for Linux and other platforms. Actually, it is older than Linux itself. It was written by Ken Thompson more than 45 years ago! The name grep stands for “globally regular expression print”. This name comes from its predecessor ed and the specific mode in which you would globally search, using a regular expression, and print the output. The related command was “g/re/p”. For more history, have a look at the Wikipedia entry. […]

Read more

When should you do a penetration test?

Penetration Testing and Linux The information security field is filled with all kind of tests and assessments. One of them is the penetration test, also abbreviated to pentest or pen test. Last years, many security consultancy firms offer this test as part of their security services. So what is it really and when should you undergo a penetration test? Continue reading! What is a pentest? The short question to what a penetration is: a hack attack on your environment, executed by […]

Read more

Linux system hardening: adding hidepid to /proc mount point

When looking in /proc you will discover a lot of files and directories. Many of them are just numbers, which represent the information about a particular process ID (PID). By default, Linux systems are deployed to allow all local users to see this all information. This includes process information from other users. This could include sensitive details that you may not want to share with other users. By applying some file system configuration tweaks, we can change this behavior and improve the […]

Read more

How to solve an expired key (KEYEXPIRED) with apt

Updating expired keys on Debian and Ubuntu Software updates and package management is easy with systems based on Debian or Ubuntu. Just apt-get update (or apt update) and run an upgrade. But sometimes you may encounter the following situation: a KEYEXPIRED message. root# apt-get update && apt-get upgrade Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Hit:2 http://nl.archive.ubuntu.com/ubuntu xenial InRelease Get:3 http://nl.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB] Hit:4 http://nl.archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:5 https://packages.cisofy.com/community/lynis/deb stable InRelease Get:6 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [373 kB] Ign:7 […]

Read more

How much system hardening should you do?

System Hardening When it comes to Linux system hardening there is a lot to do. From the almost book-like CIS benchmarks to following best practices found all over the web. Recently someone new to the field of information security asked me a simple, yet important questions: how much system hardening should you be doing? When is it enough? Since there was no easy answer, I have written down my thoughts to help others in the future. Time and Effort To understand […]

Read more

Difference between CentOS, Fedora, and RHEL

Difference between CentOS, Fedora, and RHEL The biggest open source company is nowadays Red Hat. It is known for its contributions to many open source projects, including the Linux kernel itself. Less known is that Red Hat is involved in different Linux distributions, directly or indirectly. Fedora Fedora has received many updates and individual releases over the years. It is a playground for new functionality. Often new technology is found here. It can be compared with other distributions like Arch […]

Read more

Linux and rise of Ransomware

Ransomware on the Linux Platform Times are changing when it comes to Linux malware. Since a long time we had backdoors, PHP shells, and even rootkits. But it won’t take long that ransomware will catch up on the Linux platform. We hope you are reading this to counter the threat, not because it is already too late. Ransomware invasion Ransomware is a little devil. It encrypts your valuable data and protects it with a generated key. This key is then […]

Read more
1234515