Software
Learn how to configure and maintain applications on Linux systems, including its security and monitoring.
How to show all installed packages with pacman
Query the pacman package manager on systems like Arch to show installed packages.
Summary
Querying pacman
How to show all installed packages on Ubuntu
Query the package manager to show installed packages on Ubuntu systems including version details.
Summary
Query tools like dpkg to show installed packages
List installed packages on a Linux system
Learn how to show all installed packages on Linux systems including AlmaLinux, Debian, OpenSUSE, and Ubuntu.
Summary
Show installed package on the most common Linux distributions
RSS is cool! Some RSS feed readers are not (yet)...
Even after years, RSS is still being used by many. With more RSS clients to choose from, we discovered that not all of them behave like a good bot.
Summary
Fresh look at RSS after a migration This blog had a RSS feed since its inception about 10 years ago. It was (and is) an easy way for readers to quickly discover released and updated articles. Although a lot has changed in 10 years, including a migration from WordPress to Hugo, the RSS feed is still available. Recently, as part of the migration, we looked again at all individual layers that makes this blog possible.
Understand and configure core dumps on Linux
When a Linux program or process gets into trouble, it typically crashes and leaves a core dump. Learn what Linux core dumps are and how to configure them.
Summary
Every system needs running processes to fulfill its primary goal. But sometimes things go wrong and a process may crash. Depending on the configuration of the system a core dump is created. In other words, a memory snapshot of the crashed process is stored. The term core actually refers to the old magnetic core memory from older systems. Although this type of memory is no longer being used, we still use this term on Linux systems.
Tools compared: rkhunter VS Lynis
Rootkit Hunter (rkhunter) and Lynis are often seen as similar tools to find malware on Linux systems. Learn why they have a completely different goal.
Summary
The question about what the differences are between rkhunter and Lynis is showing up more and more. Time to share the purpose of both and show the difference in its usage. As the author of both tools, I should have done this nine years ago. So with some little delay, here it is. Rootkit Hunter Written in 2003, rkhunter had the goal to detect malware on Linux and UNIX-based systems. The main target was rootkits, with an occasional detection mechanism for a common backdoor.
Why we use your open source project (or not)
Here are the most common mistakes made by open source projects, and tips on how to avoid them. Get more users with the right promotion!
Summary
While ‘shopping’ for some libraries, it struck me how many open source software projects are suffering from basic mistakes. Well, mistakes might sound too harsh. What I mean are those things you find on a project, which could be better. They are usually things not considered by the developer, as we (developers) were never told about them. Doing 20+ years of open source development now, I can safely say I made many mistakes.
Show vulnerable packages on Arch Linux with arch-audit
With the right tool, arch-audit in this case, we can find any vulnerable package that is installed on a Arch Linux system. Learn how it works.
Summary
Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages.
Discover to which package a file belongs to
With the right Linux software tools, it is easy to find to which package a file belongs. Or the opposite, what files are part of an installed package.
Summary
Discover quickly which file(s) and package are matched together.
Audit Installed Compilers and Their Packages
Compilers can be abused by attackers to perform the so-called privilege escalation attacks. Here is how to find compilers and secure your system.
Summary
Compilers and security Compilers can be the gateway for an attacker. By misusing a possible weakness in your system(s), a compiler is often used to build the related exploit code. One way to prevent this is to determine what compilers are installed and remove (or restrict) them. Comparing Installed Packages and Compilers One way to audit the system is creating a list of common compilers and packages, then match these with the installed packages.
Upgrading External Packages with unattended-upgrade
The unattended-upgrade tool is a great way to keep your system automatically updated. Learn how it works and how configure it.
Summary
The unattended-upgrade tool is a great way to keep your system automatically updated. While you might not always want to do that for all packages, it definitely can be a great way to assist in your security efforts. In that case, tell it to track security updates and install the related packages. If you are using third-party packages (e.g. via PPAs), the system has no idea about security updates for those packages.
Find and Disable Insecure Services on Linux
Learn how to find and disable those services on Linux that are nowadays are considered to be unsafe or known for the weak security.
Summary
The world has changed a lot in the last era, especially when it comes to computing. This applies also to the services we run on our Linux systems. Some of these services (like rlogin), were previously the defacto tools to do administration. Now they are considered to be bad and insecure. What makes a service insecure? Services can become insecure when they have characteristics like: No (or weak) authentication No (or weak) encryption Insecure protocols Running as root Authentication insecurities One example might be if a program only requires a password or pin, without any information like an username.
Showing Available Security Updates with DNF
Systems running Fedora have the DNF utility. With DNF it becomes easily to install packages and stay up-to-date with security related updates.
Summary
Checking Security Updates for your Software Packages DNF is the default package manager since Fedora 22. As it is considered to be a better version of YUM, some of our Lynis users asked for DNF support. With focus on auditing and security patching, we definitely wanted to see that for ourselves. While building support, I’ve gathered the most important commands. In this blog post we will have a look how we can leverage the DNF output to show only the available security updates.
Tiger is History, Long Live Modern Alternatives!
The tiger tool was known for a long time to help with auditing Unix-based systems. Fortunately there are new tools that are better maintained.
Summary
Recently I saw some tweets showing up from an old friend: Tiger. Surprised to see it being promoted, as I know the tool for years, but never seen any new releases in the last years. Both are actually a shame. An outdated tool is usually of lower value. Promoting old tools might actually disappoint others and harm the initial trust in the software. History of Tiger In its day, the tool was quite good.
Missing Packages: Don’t Trust External Repositories!
Should you external repositories or not? In this article we look at why trusting external repositories might be a bad thing.
Summary
If you are in the business of system administration, you know the big dilemma when it comes to installing software: missing packages. Yes, a lot of packages are available in the repositories of your Linux distribution, but not the one you need. Or when it is, it is horribly outdated. So you reach out to external resources, like community maintained repositories, right? With Lynis, we face this same issue. While most of the distributions have Lynis in the repository, it is often outdated.
Monitor file access by Linux processes
Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.
Summary
Processes are the running workforce on a Linux system. Each process has a particular goal, like forking child processes, handling incoming user requests of monitoring other processes. As a system administrator or IT auditor, you might want to know at some point what disk activity occurs in a process. In this article, we have a look at a few options to quickly reveal what is occuring in a process, including disk and file activity.
Simplifying Security: Choose the Right Toolkit, not Tool.
Too often we select security products based on the amount of features, instead of smart combinations. Don't think tools, but start building up a toolkit.
Summary
I applaud many of our customers for being smart. Not to say other people are not, but they have made a specific choice in the past based on an understanding. They understand that a single security solution to make your IT environment safe, simply does not exist. It is the combination of tools, or your toolkit, which does. For this same reason, a carpenter has a tool chest, not a single tool.
Using unattended-upgrades on Debian and Ubuntu
To counter the biggest threat to software packages, Debian and Ubuntu based systems can use unattended-upgrades, to install security patches automatically.
Summary
To counter the biggest threat to software packages, they should be updated on a regular basis. Vulnerabilities are discovered on a daily basis, which also requires we monitor daily. Software patching takes time, especially when testing and reboots are needed. Fortunately, systems running Debian and Ubuntu can use unattended-upgrades to achieve automated patch management for security updates. Installation With most software packages, unattended-upgrades has to be installed. apt install unattended-upgrades
Software Patch Management for Maximum Linux Security
Linux systems have a lot of software packages, resulting in regular upgrades and updates. Proper software patch management is key and we share how to do it.
Summary
Maximum Linux security with proper software patch management Software upgrades are almost as old as the first lines of software code. Still companies struggle to properly update software, also when it comes to security patching. In this article we have a look at the reason behind patching and some methods to keep your systems humming, with fresh packages. Why Update? To most of us, it instantly makes sense to keep the software on your systems up-to-date.
Vulnerabilities and Digital Signatures for OpenBSD Software Packages
When coming across an OpenBSD system, one can not ignore auditing the OpenBSD software packages and its configuration. Learn more what OpenBSD has to offer.
Summary
If you audit systems on a regular basis, you eventually will come across an OpenBSD system. OpenBSD is known for its heavy focus on security, resulting in an operating system with a low footprint and well-audited source code. While most operating systems are pretty secure, they quickly will introduce new security holes when installing external software components. Although OpenBSD does careful checks for packages they add, those might be containing still a vulnerability, waiting to be discovered.
Protect against ptrace of processes: kernel.yama.ptrace_scope
Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.
Summary
Hardening the kernel with kernel.yama.ptrace_scope Ptrace is a great troubleshooting tool for developers to determine how a process functions. It can be used to find programming flaws, like memory leakage. On the other hand, the tool also be used by people with malicious intent. For example to debug a process as a non-privileged user and find the contents of application memory. Yama Linux has the ability to include Linux Security Modules, to provide additional features with the means of a module.
Alternatives to Bastille Linux: system hardening with Lynis
Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.
Summary
Many people used Bastille Linux to harden their Linux systems. Unfortunately the website of Bastille seems very outdated, including the tool. This resulted in people searching for a great alternative to replace this tool. We found the alternative by actually combining different solutions, being more powerful. Security automation is hot, so forget Bastille and do it the right way. Automatic hardening makes sense Most system administrators can’t keep up with the new technologies and security threats.
Yum plugins: Available plugins and built-in security support
To determine the available yum plugins, we analyze them for our goal: discovering if security support is in the yum plugins itself or built-in by default.
Summary
Enhancing yum Determine available plugins and built-in security support To enhance the support in our auditing tool Lynis, we wanted to know if yum supports security related functions by using a plugin or having it as built-in functionality. Yum Yum, or Yellowdog Updater Modified, is a software management tool for Linux based systems. Usually it is used on systems running SuSE or Red Hat based (like RHEL, Fedora or CentOS). Plugins extend the functionality of yum, to improve its functionality.
Protect Linux systems against SSLv3 Poodle vulnerability
The Poodle vulnerability was discovered in October 2014, putting all systems using SSL 3.0 at risk.
Summary
What is the Poodle vulnerability ? The “Poodle” vulnerability is basicly an attack on the SSL 3.0 protocol. It was discovered in October 2014. The flaw is in the protocol itself (not implementation), which makes the issue applicable for all products using SSL 3.0. TLS 1.0 and later are considered safe against the attack. How does the attack work? While we won’t go into too much depth of encryption and ciphers, we will share some basics.
Linux host discovery with Nmap
For auditing purposes we can perform Linux host discovery with the famous Nmap tool.
Summary
Not everyone has the budget to buy an expensive software suite to do host discovery on the network. Fortunately there are some great open source alternatives. By combining the right tools we can discover hosts and filter the ones we are looking for. In this article we have the goal to determine what systems on our network are running Linux. Of course it is easy to swap out some pieces in the examples to do the same for Windows, Mac OS or BSDs.
Protect against the BEAST attack in Nginx
The BEAST attack showed up in 2011 and some servers are still vulnerable to it. With the right protocols, ciphers and preference, we can keep the BEAST out.
Summary
What is this BEAST? BEAST, or “Browser Exploit Against SSL/TLS” is an attack against the cipher block chaining (CBC) method used with SSL/TLS. The weakness was discovered in 2002, but finally proven in 2011 by security researchers Thai Duong and Juliano Rizzo. With real proof of concept code, they showed it was no longer a theoretical attack. To successfully perform the BEAST attack, there are some conditions which needs to be met:
Configure HSTS (HTTP Strict Transport Security) for Apache and Nginx
HTTP Strict Transport Security (HSTS) is a security capability to force clients to use HTTPS. In this article, we implement HSTS for Apache and Nginx.
Summary
Configure Apache or Nginx to use HTTP Strict Transport Security (HSTS)
Are security hardening guides still useful?
With Linux being decently hardened by default, would it make sense to invest in reading hardening guides? The short answer: yes!
Summary
This was the big question we asked ourselves recently, when reading a few of them. With Linux and other Unix systems being decently hardened by default, would it still make sense to invest a lot of time to harden your system? Hardening guides Years ago both Windows and Linux were easy targets. A lot of system software was installed by default and these services were targeted often by malicious people and scripts.
Audit SuSE with zypper: vulnerable packages
Stay up-to-date with security patching is part of a decent security management process. This article looks into vulnerable packages on OpenSuSE.
Summary
Proper software management is an important part in keeping your system secured. Acting on time is important, especially when network services have discovered security vulnerabilities. Vulnerable packages Usually packages with known security vulnerabilities, get priority and updates are soon available. The risk in installing these packages is fairly low, as they don’t introduce new features. Instead, they fix the related security hole, which sometimes is nothing more than 1 single character!
Audit SSH configurations: HashKnownHosts option
Information about the HashKnownHosts option in the SSH configuration file. Explains how to audit and tune this option to secure an Unix based system.
Summary
How it works Each time the SSH client connects with a server, it will store a related signature (a key) of the server. This information is stored in a file names named known_hosts. The known_hosts file itself is available in the .ssh subdirectory of the related user (on the client). In the case the signature of the server changes, SSH will protect the user by notifying about this chance. Risk involved This configuration option is very useful, but also introduces a new risk.
Difference between Lynis and Lynis Enterprise
Quick guide about the differences between Lynis and the Lynis Enterprise Suite and what version is best suitable for your Linux or Unix environment.
Summary
People wonder about the main differences between Lynis and the Lynis Enterprise version. In this article we have a look on what both products are and how you can choose between the two. Lynis Lynis is a security auditing tool for Linux and Unix based systems. With its GPLv3 license it’s open source and freely available. The tool was first released in 2007 and has undergone a lot of development during the years.
Open source vulnerability scanner for Linux systems – Lynis
Within this article we discuss the possibilities of using an open source vulnerability scanner for Linux based systems.
Summary
There are several open source vulnerability scanners for Linux, like OpenVAS. While tools like these are powerful as well, we will have a look at Lynis, our auditing tool to detect vulnerabilities of Linux and Unix systems. Why is it different than others and how can it help you in securing your systems? Vulnerabilities Every piece of software will have sooner or later a vulnerability, a minor or major weakness which can be abused by evildoers.
Auditing Linux: Software Packages and Managers
Article about how to audit and check installed software packages and their security by using the related package managers.
Summary
No system can do its job without any installed software packages. However after installation of the system, or running it for a while, it often becomes unclear why some software was ever installed. This article looks at methods on auditing installed software, check for security updates and the related follow-up. Package managers To enable system administrators to properly manage software and upgrading them, Linux uses a package manager. This suite often consists of a package database, the software packages itself and several support tools.