How to deal with Lynis suggestions?

How to deal with Lynis suggestions? After finishing an audit with Lynis, the screen is usually filled with a lot of suggestions. Most users don’t know where to start with hardening and how to deal with these Lynis suggestions in particular. We provide you some tips! Before we start, we strongly suggest to use the latest version of Lynis. If you are using an outdated version from the software repositories, the output could be slightly different. The latest version can […]

Read more

Are security hardening guides still useful?

Are security hardening guides still useful? This was the big question we asked ourselves recently, when reading a few of them. With Linux and other Unix systems being decently hardened by default, would it still make sense to invest a lot of time to harden your system? Hardening guides Years ago both Windows and Linux were easy targets. A lot of system software was installed by default and these services were targeted often by malicious people and scripts. Then hardening […]

Read more

Plus sign in ls output

Plus sign in ls output Every wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL. root@earth:~/facls# ls -l total […]

Read more

Audit security events on Unix systems

Audit security events on Unix systems Protecting computer networks consists of implementing preventative measures, but especially properly implementing detection methods. These digital tripwires can be used for intrusion detection, or proper handling security events on Unix systems. Security events First we have to define a few events which are or can be security related. To get easily started, we focus on 3 tips to implement security events on Unix systems. 1. File changes Some files you don’t want to change […]

Read more

Audit SuSE with zypper: vulnerable packages

Audit (Open)SuSE with zypper: vulnerable packages Proper software management is an important part in keeping your system secured. Acting on time is important, especially when network services have discovered security vulnerabilities. Vulnerable packages Usually packages with known security vulnerabilities, get priority and updates are soon available. The risk in installing these packages is fairly low, as they don’t introduce new features. Instead, they fix the related security hole, which sometimes is nothing more than 1 single character! Check your system […]

Read more

Linux audit – Log files in /var/log/audit

Linux audit – Log files /var/log/audit By default the Linux audit framework logs all data in the /var/log/audit directory. Usually this file is named audit.log. /var/log/audit/audit.log This is the default log file for the Linux audit daemon. The file has a capture of all related audit events. It has been configured in auditd.conf: root@server# cat /etc/audit/auditd.conf log_file = /var/log/audit/audit.log   Usually there is no reason to alter this location, unless a different storage location is preferred. For safeguarding of the […]

Read more

Hardening Guides and Tools for Red Hat Linux (RHEL)

Hardening Guides and Tools for Red Hat Linux (RHEL) System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others. Red Hat Red Hat itself has a hardening guide for RHEL 4 and […]

Read more

Auditing Linux processes: The Deep Dive!

Auditing Linux processes From the initial start of the Linux operating system, the first processes are already born. In this article we have a look on dealing with processes. In particular we look at how to do process auditing. Whenever you are an auditor, system administrator or just a Linux enthusiast, you can’t ignore processes and should know how to deal with them. Process listing For most people working on Linux systems, it might be obvious to display running processes […]

Read more
1345678