Security Audits – How to Prioritize Audit Findings

Security Audits – How to Prioritize Audit Findings Technical audits or vulnerability scans will reveal a lot of findings. They can be overwhelmed and forcing the reviewer to freeze, not knowing where to start. To overcome this issue, we should prioritize the findings and determine the consequences of each finding for our company. While an open directory listing on a web server might in one situation not be preferred, it would make sense for others. It is the context which […]

Read more

Do NOT use Linux hardening checklists for your servers

Do NOT use Linux hardening checklists for your servers Quality is an interesting word. It describes, well, the quality of something. Quality is just another word for how well can you repeat something. The goal is to get each time exactly the same result. Whenever it’s a physical product, or rolling out a new Linux system, you want great quality. One method to increase quality is using checklists. However we strongly advice against using Linux hardening checklists.. But checklists are […]

Read more

How to audit AIX Unix systems with Lynis

How to audit AIX Unix systems with Lynis Each system is as strong as its weakest link. Also for systems running on AIX this rule applies. Therefore a regular audit can help finding the weakest links. Next step is then the fortification of these weakened areas and implementing system hardening measures. What to audit? There is a lot to look for when auditing a system running AIX. Let’s have a look at the most important areas. File systems Monitor alterations […]

Read more

How to deal with Lynis suggestions?

How to deal with Lynis suggestions? After finishing an audit with Lynis, the screen is usually filled with a lot of suggestions. Most users don’t know where to start with hardening and how to deal with these Lynis suggestions in particular. We provide you some tips! Before we start, we strongly suggest to use the latest version of Lynis. If you are using an outdated version from the software repositories, the output could be slightly different. The latest version can […]

Read more

Are security hardening guides still useful?

Are security hardening guides still useful? This was the big question we asked ourselves recently, when reading a few of them. With Linux and other Unix systems being decently hardened by default, would it still make sense to invest a lot of time to harden your system? Hardening guides Years ago both Windows and Linux were easy targets. A lot of system software was installed by default and these services were targeted often by malicious people and scripts. Then hardening […]

Read more

Plus sign in ls output

What is the + sign when using ls? Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL. total […]

Read more

Audit security events on Unix systems

Audit security events on Unix systems Protecting computer networks consists of implementing preventative measures, but especially properly implementing detection methods. These digital tripwires can be used for intrusion detection, or proper handling security events on Unix systems. Security events First we have to define a few events which are or can be security related. To get easily started, we focus on 3 tips to implement security events on Unix systems. 1. File changes Some files you don’t want to change […]

Read more

Audit SuSE with zypper: vulnerable packages

Audit (Open)SuSE with zypper: vulnerable packages Proper software management is an important part in keeping your system secured. Acting on time is important, especially when network services have discovered security vulnerabilities. Vulnerable packages Usually packages with known security vulnerabilities, get priority and updates are soon available. The risk in installing these packages is fairly low, as they don’t introduce new features. Instead, they fix the related security hole, which sometimes is nothing more than 1 single character! Check your system […]

Read more

Linux audit – Log files in /var/log/audit

Linux audit – Log files /var/log/audit By default the Linux audit framework logs all data in the /var/log/audit directory. Usually this file is named audit.log. /var/log/audit/audit.log This is the default log file for the Linux audit daemon. The file has a capture of all related audit events. It has been configured in auditd.conf: root@server# cat /etc/audit/auditd.conf log_file = /var/log/audit/audit.log   Usually there is no reason to alter this location, unless a different storage location is preferred. For safeguarding of the […]

Read more

Hardening Guides and Tools for Red Hat Linux (RHEL)

Hardening Guides and Tools for Red Hat Linux (RHEL) System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others. Red Hat Red Hat itself has a hardening guide for RHEL 4 and […]

Read more

Auditing Linux processes: The Deep Dive!

Auditing Linux processes From the initial start of the Linux operating system, the first processes are already born. In this article we have a look on dealing with processes. In particular we look at how to do process auditing. Whenever you are an auditor, system administrator or just a Linux enthusiast, you can’t ignore processes and should know how to deal with them. Process listing For most people working on Linux systems, it might be obvious to display running processes […]

Read more

Unix security audit: Perform an audit in 3 minutes

Unix security audit: Perform an audit in 3 minutes Want to know the vulnerabilities of a Unix/Linux system is in just 3 minutes? How? Perform a scan with Lynis, the open source Unix security audit tool! Lynis Lynis is open source software (GPLv3), released in 2007 and a popular choice by many security professionals and system administrators. Hundreds of downloads in the first week of each release and with a lot of community feedback, Lynis is the right tool for […]

Read more

Become a Linux Auditor: What to know?

Linux Auditor: What to know? Now open source software and platforms are very common, the need for knowledge in this area is increasing. Becoming a technical auditor with specialized knowledge about Linux, might be a clever move. Technical When specializing in Linux, the auditing area is already more technically oriented, instead of the processes. A true Linux auditor knows more than the basics of Linux. In-depth knowledge is required, like what file systems are common, how permissions are arranged, popular […]

Read more

Auditing Linux: what to audit?

Auditing Linux: what to audit? In this article we answer the big question on Linux systems “what to audit?”. Where do you start and what is useful to audit? We apply our three C‘s in this article to determine what we should look for when auditing a Linux system. Current state What is the current state of the system and how does it compare to previous time? Ideal situation: compare current state of the system with a predefined baseline or […]

Read more

Central audit logging: Configuration and collecting of Linux audit events

Central audit logging: Configuration and collecting Linux audit events This guide is to help our users of the Lynis Enterprise Suite to configure a central node to receive Linux audit events. It provides some pointers on how to do a quick set-up, to store and forward events. This information is very valuable for forensic investigations and intrusion detection. Configure the server First start by configuring the server. Since this is a central log host, it should have enough disk capacity […]

Read more
1234