Software
Learn how to configure and maintain applications on Linux systems, including its security and monitoring.
Why remove compilers from your system?
Installed compilers might be abused by attackers in privilege escalation attacks, which is one of the reasons to remove compilers when possible.
How to download a package with apt without installing it?
The apt package manager can be used to download a package file without actually installing it. See how the download subcommand is used to achieve this.
How to see the dependencies of a package with apt?
Learn how to see the dependencies of a package that is to be installed or already installed on the system using the apt package manager.
How to remove a package with apt?
Learn how to remove previously installed packages on a Linux system using the apt package manager, such as Debian and Ubuntu.
How to remove unused packages with apt?
Learn why and how packages may become unnecessary on Linux and how to remove them with the apt package manager on systems like Debian and Ubuntu.
How to show all installed packages with pacman
On Linux systems such as Arch Linux, pacman is the default package manager. Query the pacman package manager to show all installed packages.
How to show all installed packages on Ubuntu
Query the package manager to show installed packages on Ubuntu systems including version details. This can be done with the dpkg command and --list option.
List installed packages on a Linux system
Learn how to show installed packages on Linux systems. This overview covers common package managers including those for AlmaLinux, Debian, openSUSE, and Ubuntu.
RSS is cool! Some RSS feed readers are not (yet)...
Even after years, RSS is still being used by many. With more RSS clients to choose from, we discovered that not all of them behave like a good bot.
Understand and configure core dumps on Linux
When a Linux program or process gets into trouble, it typically crashes and leaves a core dump. Learn what Linux core dumps are and how to configure them.
Tools compared: rkhunter VS Lynis
Rootkit Hunter (rkhunter) and Lynis are often seen as similar tools to find malware on Linux systems. Learn why they have a completely different goal.
Why we use your open source project (or not)
Here are the most common mistakes made by open source projects, and tips on how to avoid them. Get more users with the right promotion!
Show vulnerable packages on Arch Linux with arch-audit
With the right tool, arch-audit in this case, we can find any vulnerable package that is installed on a Arch Linux system. Learn how it works.
Discover to which package a file belongs to
With the right Linux software tools, it is easy to find to which package a file belongs. Or the opposite, what files are part of an installed package.
Audit installed compilers and their packages
Compilers can be abused by attackers to perform the so-called privilege escalation attacks. Here is how to find compilers and secure your system.
Upgrading External Packages with unattended-upgrade
The unattended-upgrade tool is a great way to keep your system automatically updated. Learn how it works and how configure it.
Find and Disable Insecure Services on Linux
Learn how to find and disable those services on Linux that are nowadays are considered to be unsafe or known for the weak security.
Showing Available Security Updates with DNF
Systems running Fedora have the DNF utility. With DNF it becomes easily to install packages and stay up-to-date with security related updates.
Tiger is History, Long Live Modern Alternatives!
The tiger tool was known for a long time to help with auditing Unix-based systems. Fortunately there are new tools that are better maintained.
Missing packages: Don’t trust external repositories!
Should you external repositories or not? In this article we look at why trusting external repositories might be a bad thing.
Monitor file access by Linux processes
Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.
Simplifying Security: Choose the Right Toolkit, not Tool.
Too often we select security products based on the amount of features, instead of smart combinations. Don't think tools, but start building up a toolkit.
Using unattended-upgrades on Debian and Ubuntu
To counter the biggest threat to software packages, Debian and Ubuntu based systems can use unattended-upgrades, to install security patches automatically.
Software Patch Management for Maximum Linux Security
Linux systems have a lot of software packages, resulting in regular upgrades and updates. Proper software patch management is key and we share how to do it.
Vulnerabilities and Digital Signatures for OpenBSD Software Packages
When coming across an OpenBSD system, one can not ignore auditing the OpenBSD software packages and its configuration. Learn more what OpenBSD has to offer.
Protect against ptrace of processes: kernel.yama.ptrace_scope
Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.
Alternatives to Bastille Linux: system hardening with Lynis
Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.
Yum plugins: Available plugins and built-in security support
To determine the available yum plugins, we analyze them for our goal: discovering if security support is in the yum plugins itself or built-in by default.
Protect Linux systems against SSLv3 Poodle vulnerability
The Poodle vulnerability was discovered in October 2014, putting all systems using SSL 3.0 at risk. Here is what to do to protect against it.
Linux host discovery with Nmap
For auditing purposes we can perform Linux host discovery with the famous Nmap tool. Learn some of the common options to do a network scan.
Protect against the BEAST attack in Nginx
The BEAST attack showed up in 2011 and some servers are still vulnerable to it. With the right protocols, ciphers and preference, we can keep the BEAST out.
Configure HSTS (HTTP Strict Transport Security) for Apache and Nginx
HTTP Strict Transport Security (HSTS) is a security capability to force clients to use HTTPS. In this article, we implement HSTS for Apache and Nginx.
Are security hardening guides still useful?
With Linux being decently hardened by default, would it make sense to invest in reading hardening guides? The short answer: yes!
Audit SuSE with zypper: vulnerable packages
Stay up-to-date with security patching is part of a decent security management process. This article looks into vulnerable packages on OpenSuSE.
Audit SSH configurations: HashKnownHosts option
Information about the HashKnownHosts option in the SSH configuration file. Explains how to audit and tune this option to secure an Unix based system.
Differences between Lynis and Lynis Enterprise
Quick guide about the differences between Lynis and the Lynis Enterprise Suite and what version is best suitable for your Linux or Unix environment.
Open source vulnerability scanner for Linux systems – Lynis
Learn more about vulnerability scanning on Linux systems using the Lynis auditing tool. Check for weaknesses and security measures that can be implemented.
Auditing Linux: Software Packages and Managers
Article about how to audit and check installed software packages and their security by using the related package managers.