Passionate about Linux hardening, compliance, security management and new technologies.

Migration tips for Lynis to version 2.3.1 and beyond

Lynis migration tips Usually a lot of work is put into new releases. So it is a shame if most users don’t use the latest version, right? Surprisingly, that still happens a lot. In the recent past, users of Lynis had to rely on external package maintainers, custom package building, or manually downloading the latest release. Debian and RPM packages If you are running a system that uses the DEB or RPM format, you might want to use our new […]

Read more

Unused Linux Users: Delete or Keep Them?

What to do with unused Linux users? We get often the question what one should do with unused users on Linux. Everyone who looked in the /etc/passwd file will recognize them, strange usernames. A great example is UUCP, or Unix-to-Unix Copy. Once used for communication on direct lines, now another piece of history in our password files. The Options Before we make any decision on dealing with unused Linux accounts, we should look at the most obvious choices we have. The […]

Read more

Three big changes and reasoning behind Lynis 2.3.0

Lynis 2.3.0 Last two releases we invested a lot of work in rebuilding our auditing tool Lynis. The original code is from 2007, and we have plans to add a lot of new tests. Before doing so, we decided to give Lynis a good spring cleanup and enhance its core. This way it will properly deal with the upcoming weight of the new tests. These major changes also mean a slightly different approach in some areas. So here is the […]

Read more

Using Ed25519 for OpenSSH keys (instead of DSA/RSA/ECDSA)

Introduction into Ed25519 OpenSSH 6.5 added support for Ed25519 as a public key type. It is using an elliptic curve signature scheme, which offers better security than ECDSA and DSA. At the same time it also has good performance. This type of keys may be used for user and host keys. With this in mind, it is great to be used together with OpenSSH. In this article we have a look at this new key type. DSA or RSA Many […]

Read more

Linux hardening with sysctl

Linux Sysctl Hardening The GNU/Linux kernel powers a lot of systems, from big mainframes to the Android device in your pocket. If you want to achieve more security on your Linux systems, it would make sense to start hardening there, right? While securing the kernel looks easy at first sight, there is more to it than initially meets the eye. Let’s have a look at some kernel options and defining the best sysctl values for Linux systems. Why Invest Time in […]

Read more

Why Auditing and Vulnerability Scanning are Different Things

Why Auditing and Vulnerability Scanning are Different Things As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both. Vulnerability Scanning Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping […]

Read more

The Most Influential Linux Security Blogs

Linux Security Blogs Finding quality blogs about Linux security can be challenging. We made an effort to seek the best and most influential blogs on the internet. What makes it influential? It should have quality articles, regularly updated and tailored to Linux or UNIX security. The countless “How to” websites are skipped. Months of searching and reading resulted in a list of blogs, sorted by category. If you are interested in the developments on Linux security, add them to your […]

Read more

Linux History: How Dot Files Became Hidden Files

The history of hidden files Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. The story begins many years ago when the first file systems were created on UNIX. To allow easy navigation, a single file with a dot (.) was added to each directory. Secondly, a double dot file (..) was added to easily move up in the directory structure. As these files had no real data in them, […]

Read more
14567829