Auditing

Perform in-depth technical audits of your systems using the combination of security tools and relevant knowledge.

Linux Audit Framework

Collection of articles about the Linux Audit Framework and how one might use this to configure and optimize the auditd configuration and use relevant tools.

How to secure a Linux system

Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.

The Difference Between Auditing and Vulnerability Scanning

What are the differences between technical auditing and vulnerability scanning? While they are close, the focus is definitely different.

Tiger is History, Long Live Modern Alternatives!

The tiger tool was known for a long time to help with auditing Unix-based systems. Fortunately there are new tools that are better maintained.

Find differences between two daily Lynis audits

It can be useful to see the differences between scans of Lynis, especially when running it daily. Learn how to do this with just a few steps

Strace cheat sheet

The strace utility is diverse and helpful in performance tuning, troubleshooting, and monitoring process activity. Get the most out of this powerful tool!

Monitor file access by Linux processes

Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.

Forget Linux Vulnerability Scanning: Get Better Defenses

Vulnerability scanning focuses on weaknesses, or negative aspects of information security. A new look at an existing issue.

Linux System Integrity: Ensure Data, Logging and Kernel Integrity

Linux system integrity can be achieved with security measures which focus on kernel integrity, file integrity and hardware integrity.

Logging root actions by capturing execve system calls

Logging all actions performed by root might be needed for compliance or security. With the help of Linux audit we log all root actions easy in an audit log.

Tuning auditd: high-performance Linux Auditing

To achieve better performance with a auditd configuration, it needs to be tuned. See performance boosters like events exclusion, rule ordering, and more.

Find the alternatives: CIS-CAT auditing tool

Sometimes time or money is limited. We hunt to find great alternatives to commercial solutions. This time alternatives for the CIS auditing tool CIS-CAT.

Viewing available test categories in Lynis

Lynis has all tests categorized and lets the user select which tests to run. Using the --tests-category and --view-categories the selection can be made.

Security Integration: Configuration Management and Auditing

Configuration management and system auditing go hand in hand. In this article we cover both and learn why this combination is so powerful.

Password Security with Linux /etc/shadow file

Learn the structure of the /etc/shadow file and what the fields mean. After reading, the file should be less cryptic than it was before.

PCI DSS Linux: Creation and deletion of system-level objects

The PCI DSS standard defines Creation and deletion of system-level objects. For Linux systems this might be handled with the Linux audit framework.

What’s New in Lynis 2: Features

The upcoming Lynis 2 release will bring many new features. Focus is on simplicity, speed and supporting newer technologies like Docker and systemd.

Linux Audit Framework 101 – Basic Rules for Configuration

The Linux audit framework is a very powerful tool to monitor files, directories, and system calls. Learn how to configure it.

Monitoring Linux File access, Changes and Data Modifications

Linux has several methods available to protect your valuable data. With the right tool we can audit file access, including changes.

Using Open Source Auditing Tools as alternative to CIS Benchmarks

Hardening guides, and the CIS benchmarks in particular, are a great resource to harden your system. But there are alternatives.

Finding setuid binaries on Linux and BSD

To perform a basic audit of the binaries on your system, we can search for setuid binaries. Finding these setuid binaries is easy with the find command.

Perform NetBSD security audit with pkg_admin

NetBSD can perform a security audit on its packages with the pkg_admin tool. With the check and audit parameters it can perform security check in seconds.

PCI DSS Linux: No write access to shared system binaries

PCI compliance demands that no write access is allowed to shared system binaries. Let's use several tools to determine if write access is allowed.

Alternatives to Bastille Linux: system hardening with Lynis

Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.

PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)

PCI DSS compliance requires you to verify if no application processes are running as root. We audit these application processes and check the status of each.

Yum plugins: Available plugins and built-in security support

To determine the available yum plugins, we analyze them for our goal: discovering if security support is in the yum plugins itself or built-in by default.

PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

Linux users who want to compliant with PCI DSS have to restrict log file viewing to only the owner. Learn how to achieve this.

Creating audit trails – Logging commands on Linux with Snoopy

Snoopy is a useful utility to log commands on Linux and create a related audit trail. Auditing trails are considered to be important for proper accounting.

Linux Security Scanning for Dummies

Security scanning can be boring and time consuming. In this article we have a look at how simple it can be, when it comes to security scans.

Linux security: Reviewing log files

Log files are the precious collection of system events. Still many people don't really use them, until it is really needed. Let's change that!

How and why Linux daemons drop privileges

By dropping privileges a process can be better protected against attacks. Learn how this applies to Linux systems and software.

Security Audits – How to Prioritize Audit Findings

After extensive auditing and analysis of the results, the time is there to prioritize audit findings. Learn how to apply impact, urgency and effort.

Do NOT use Linux hardening checklists for your servers

The solution to avoid using Linux hardening checklists for your servers is simple. With proper automation and regular checks, checklists could be avoided.

How to audit AIX Unix systems with Lynis

The term audit may sound more official than it is. This article shows how to perform a security scan of your AIX systems and apply hardening measures.

How to deal with Lynis suggestions?

Auditing tool Lynis for Linux, guides administrators with discovering weaknesses. This article helps in dealing with Lynis suggestions displayed on screen.

Are security hardening guides still useful?

With Linux being decently hardened by default, would it make sense to invest in reading hardening guides? The short answer: yes!

Plus sign in ls output

When file access control lists, or ACLs are being used, the output of ls will change. Learn about the additional plus sign in its output.

Audit security events on Unix systems

Protecting computer networks consists of implementing preventative measures, including system auditing. Let's have a look how this relates to Linux.

Audit SuSE with zypper: vulnerable packages

Stay up-to-date with security patching is part of a decent security management process. This article looks into vulnerable packages on OpenSuSE.

Linux audit: Log files in /var/log/audit

This article describes the purpose of the audit.log file in /var/log/audit and the relationship with the Linux audit framework.

Hardening Guides and Tools for Red Hat Linux (RHEL)

Overview of tools and hardening guides to implement system hardening for Red Hat Linux. Also applies Fedora, CentOS and Scientific Linux systems.

Auditing Linux processes: The Deep Dive!

In-depth article about auditing Linux processes. Determination of running processes, memory and on-disk structure and the proper tools for analyzing them.

Unix security audit: Perform an audit in 3 minutes

Quick guide for performing a Unix security audit on a Unix or Linux based system. Under three minutes you have the results and finished the first audit!

Become a Linux Auditor: What to know?

Tips for people who would like to perform audits on Linux and become a Linux auditor in particular. Including hints regarding certifications and tools.

Auditing Linux: what to audit?

When auditing a Linux system, it might be hard to determine what to audit actually. This article will provide some guidance and tips.

Configuration and collecting of Linux audit events

Guide to setup central audit logging for your Linux based systems, with the use of the powerful Linux audit framework. No single audit log should get lost!

Become a Linux auditor: tips to start with auditing the Linux platform

Guide to become a Linux auditor in just a matter of minutes. Focus on how to determine running processes, installed software or possible vulnerabilities.

Linux Audit Framework: using aureport

Guide regarding the aureport utility, including some aureport examples. Aureport helps with audit reports and is part of the Linux audit framework.

Linux server security: Three steps to secure each system

Article about Linux server security and guidance for securing your Linux systems. Focus on auditing, hardening and compliance, to improve security defenses.

Linux audit log: dealing with audit.log file

Article to deal with the Linux audit log file and how to use it. Including tips to search events and safeguard it against unintended alteration of the log.

Lynis for Auditors: Linux and Unix auditing

Article about Linux / Unix auditing with a focus on the usage of Lynis for auditors. Simplifying the work of the auditor and increasing the quality of work.

Conducting a Linux Server Security Audit

Performing a Linux server security audit can be a time consuming process. In this article the most important parts are explained including automation.

Open source vulnerability scanner for Linux systems – Lynis

Learn more about vulnerability scanning on Linux systems using the Lynis auditing tool. Check for weaknesses and security measures that can be implemented.

What is a security audit?

This article describes what a security audit is and why or when to use it. System audits also apply to Linux systems as part of technical auditing.

FreeBSD hardening with Lynis

This article provides tips for FreeBSD hardening by using a powerful tool named Lynis. This script will perform an extensive audit to secure your systems.

Configuring and auditing Linux systems with Audit daemon

Guide for auditing Linux systems by using the audit daemon and related utilities. This powerful audit framework has many possibilities for auditing Linux.

CAATTs for Linux: Lynis

Article about a tool within CAATTs for Linux: Lynis. Helping auditors with computer-assisted audit tools and techniques, with focus on Linux and Unix scans.

How to use Lynis

Article about how to use Lynis, a security auditing and hardening tool to test Unix and Linux based systems for vulnerabilities.

Securing Linux: Audit with Lynis (an introduction into auditing)

Introduction article into securing Linux based systems by performing a scan with Lynis. After this first audit it will be much easier to harden the system!

Linux Audit: Auditing the Network Configuration

This article describes how to audit the network configuration of Unix and Linux based systems, with useful tips for auditors and system administrators.