Vulnerabilities

Forget Linux Vulnerability Scanning: Get Better Defenses

Vulnerability scanning focuses on weaknesses, or negative aspects of information security. Wouldn't it be better if we focus on the positive, the actual defenses?

Summary of Forget Linux Vulnerability Scanning: Get Better Defenses

Every month or so, I get a few questions about the vulnerability capabilities Lynis has to offer. It made me think about this subject and I realized something: Many security professionals are still focusing too much on vulnerabilities. They want to know their security gaps, so they can know where they stand. While this isn’t a bad approach, there might be a better solution. The solution I will discuss today is to focus on (permanent) processes, instead of vulnerability scanning.

Read the full article…

How to protect yourself against Shellshock Bash vulnerability

Bash is one of the most used shells on Unix based systems. The discovered shellshock vulnerability affects millions of systems. Learn how to protect.

Summary of How to protect yourself against Shellshock Bash vulnerability

Bash is one of the most used shells on Unix based systems. The newly discovered “shellshock” vulnerability affects millions of systems. The weakness abuses an internal check when Bash gets a variable declaration. By defining this variable and putting more “stuff” (commands) in it, Bash will actually execute those commands as well. Unfortunately this results in several possible ways to exploit it by attackers. Websites One way this vulnerability scan be exploited, is by embedding it in HTTP requests.

Read the full article…

How to solve Shellshock on Debian and Ubuntu

Also Debian and Ubuntu are vulnerable for Shellshock vulnerability in Bash. That's why it is important to run apt update and perform an upgrade of Bash.

Summary of How to solve Shellshock on Debian and Ubuntu

Protect against Shellshock Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much effort and remotely exploit systems, it has a maximum vulnerability score according to CVSS. Upgrade Bash First update the software repository with apt-get, using the update parameter. apt-get update && apt-get install -only-upgrade bash Your system should now have a newer version of bash.

Read the full article…

Linux vulnerabilities: from detection to treatment

How to deal with Linux vulnerabilities? This article shares the insights, methods, and tools to help with detection and prevention on Linux systems.

Summary of Linux vulnerabilities: from detection to treatment

If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it.

Read the full article…

Perform NetBSD security audit with pkg_admin

NetBSD can perform a security audit on its packages with the pkg_admin tool. With the check and audit parameters it can perform security check in seconds.

Summary of Perform NetBSD security audit with pkg_admin

Security audit of NetBSD software packages with pkg_admin NetBSD is especially known for it’s diverse platforms it can run on. What is less known is the ability to audit the installed packages. In this article we have a look on how to audit NetBSD and ensure the file integrity of your packages. Performing a security audit is easy, as long as you use the right tool! Packages When using packages, their metadata will be installed in directory within /var/db/pkg.

Read the full article…

Protect Linux systems against SSLv3 Poodle vulnerability

The Poodle vulnerability is discovered in October 2014, putting all systems using SSL 3.0 at risk. We share steps to mitigate this vulnerability on Linux based systems.

Summary of Protect Linux systems against SSLv3 Poodle vulnerability

What is the Poodle vulnerability ? The “Poodle” vulnerability is basicly an attack on the SSL 3.0 protocol. It is discovered in October 2014. The flaw is in the protocol itself (not implementation), which makes the issue applicable for all products using SSL 3.0. TLS 1.0 and later are considered safe against the attack. How does the attack work? While we won’t go into too much depth of encryption and ciphers, we will share some basics.

Read the full article…

Protecting the browser: Web of Trust

Systems running Linux might be a safe option, yet web browsers and the user will always be under attack from malicious scripts. Web of Trust (WOT) helps to counter common attacks like spam, scam.

Summary of Protecting the browser: Web of Trust

Important Note This is an older blog post and we no longer advise using Web of Trust. See pcmag for more details. Protecting the web browser Usually we focus on the blog on the server side of things, helping to protect the data of users, customers and ourselves. What we commonly overlook is the end of the connection, the web browser of the user. In the upcoming posts we will look at alternative measures we can take, to protect data there as well.

Read the full article…

Show vulnerable packages on Arch Linux with arch-audit

With the right tool, arch-audit in this case, we can find any vulnerable package that is installed on a Arch Linux system. Learn how it works.

Summary of Show vulnerable packages on Arch Linux with arch-audit

Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages.

Read the full article…

Understanding Linux Privilege Escalation and Defending Against It

The best way to defend a system is by understanding how attackers work. Learn about privilege escalation on Linux and discover the measures and tools.

Summary of Understanding Linux Privilege Escalation and Defending Against It

What is Linux privilege escalation? Privilege escalation is the process of elevating your permission level, by switching from one user to another one and gain more privileges. For example, a normal user on Linux can become root or get the same permissions as root. This can be authorized usage, with the use of the su or sudo command. It can also be unauthorized, for example when an attacker leverages a software bug.

Read the full article…

Vulnerabilities and Digital Signatures for OpenBSD Software Packages

When coming across an OpenBSD system, one can not ignore auditing the OpenBSD software packages and its configuration. With support for digital signatures and focus on security, it is a great...

Summary of Vulnerabilities and Digital Signatures for OpenBSD Software Packages

Auditing OpenBSD Software Packages If you audit systems on a regular basis, you eventually will come across an OpenBSD system. OpenBSD is known for its heavy focus on security, resulting in an operating system with a low footprint and well-audited source code. While most operating systems are pretty secure, they quickly will introduce new security holes when installing external software components. Although OpenBSD does careful checks for packages they add, those might be containing still a vulnerability, waiting to be discovered.

Read the full article…

Vulnerability Scanning: The Destiny to Disappointment?

Vulnerability management is an important process to deal with vulnerabilities in software and hardware. At the same time it can become challenging very quickly.

Summary of Vulnerability Scanning: The Destiny to Disappointment?

Our digital world is full of hardware and software components. The big difference between the two is the quality. When hardware ships with defects, people will return it and talk badly about it. For software it is fine if things are not perfect from the beginning. It can be improved upon in steps, until most of its users are happy with it. Developers of this software often are some level of pressure.

Read the full article…

Why Auditing and Vulnerability Scanning are Different Things

Why Auditing and Vulnerability Scanning are Different Things. As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus...

Summary of Why Auditing and Vulnerability Scanning are Different Things

As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both. Vulnerability Scanning Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping sweep to detect which systems are alive and providing services.

Read the full article…