Programming

How and why Linux daemons drop privileges

We have a look on how to drop privileges for Linux daemons. By dropping privileges a process can be safeguarded against attacks and a successful compromise of the system.

Summary of How and why Linux daemons drop privileges

In this article we have a look at the privileges of Linux daemons and dropping privileges in particular. The samples provided are in C. Why drop privileges? Some daemons need root permissions to start. This happens for example when a daemon wants to bind to a low port (<1024). However running network based daemons with root permissions is considered to be a serious risk. In case of compromise of the process, an attacker has full access to the system.

Read the full article…

OpenSCAP on CentOS 7 – Installing from source

Sometimes we need to build things from source. In this article we install OpenSCAP on CentOS 7 by compiling and installing it manually.

Summary of OpenSCAP on CentOS 7 – Installing from source

Installing from source Security automation is hot and we love it. One way is using the OpenSCAP toolkit. Unfortunately it is not mature enough, so you might want to build and install it from source. We share our findings while creating our test environment. Install required components On our minimum installed CentOS 7 system, we need to install a few components. Most are related to compiling C++ and parsing XML files.

Read the full article…