Development

The 101 of ELF files on Linux: Understanding and Analysis

An step-by-step introduction into ELF files. Learn the structure and format, to understand how binaries and libraries on Linux systems work.

Summary

Some of the true craftsmanship in the world we take for granted. One of these things is the common tools on Linux, like ps and ls. Even though the commands might be perceived as simple, there is more to it when looking under the hood. This is where ELF or the Executable and Linkable Format comes in. A file format that used a lot, yet truly understood by only a few. Let’s get this understanding with this introduction tutorial!

Why we use your open source project (or not)

Here are the most common mistakes made by open source projects, and tips on how to avoid them. Get more users with the right promotion!

Summary

While ‘shopping’ for some libraries, it struck me how many open source software projects are suffering from basic mistakes. Well, mistakes might sound too harsh. What I mean are those things you find on a project, which could be better. They are usually things not considered by the developer, as we (developers) were never told about them.

Doing 20+ years of open source development now, I can safely say I made many mistakes. Time to get them all fixed and document them, part of the open source community. I’m Michael Boelen, and you may know some of my work, like Rootkit Hunter (rkhunter) and Lynis. Here are some of the lessons I learned. You can use them next time when choosing a new open source project and make a better judgment call. If you are developer, then you can use these lessons to improve your own project.

Secure Software Development: CII Best Practices

Best Practices from the OpenSSF project help creating more security open source software projects. Learn what they do and how it can help your project.

Summary

Last month the Core Infrastructure Initiative, or CII, launched their CII best practices project (now OpenSSF Best Practices Badge Program). Its primary goal is to gamify the process of building more secure software. Let’s have a look at the project, and how it can help.

Open Source and Security

If we look in the open source world of software, we see that many projects were created by volunteers. While doing this voluntary, this doesn’t say anything about the quality of the project. After all, half of the internet exists because of these small, yet powerful utilities. I personally created two projects myself: Rootkit Hunter (rkhunter) to detect malware, and Lynis to perform a security audit on Linux and UNIX systems. While these tools are focused on security, it is definitely not simple to make software itself secure. This is where a project of CII comes in, to provide a checklist of items to enhance the project and its quality.

Protect against ptrace of processes: kernel.yama.ptrace_scope

Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.

Summary

Hardening the kernel with kernel.yama.ptrace_scope

Ptrace is a great troubleshooting tool for developers to determine how a process functions. It can be used to find programming flaws, like memory leakage. On the other hand, the tool also be used by people with malicious intent. For example to debug a process as a non-privileged user and find the contents of application memory.

Yama

Linux has the ability to include Linux Security Modules, to provide additional features with the means of a module. Yama does Discretionary Access Control of some kernel related functions, like defining if process tracing (ptrace) is allowed.

Linux Security for DevOps

With security getting more and more attention, we focus on Linux security for DevOps. Also DevOps will need hardening, auditing and dealing with compliance.

Summary

During the last years the role of DevOps evolved. This person could be described as the hybrid: a system administrator with development skills, or the developer which is also infrastructure savvy. With Linux and so many available tooling, it is becoming easier for people to learn both development and managing infrastructures.

We are especially interested in Linux security for DevOps and what they can apply.

Automation is key

Repeating work is not only boring, but also a waste of time. Every step which is repeated, might be a great candidate for automation. With solutions like Puppet, is has become easy to automate installations, software installation and configuration.