Monitoring Linux File access, Changes and Data Modifications

Monitoring File access, Changes and Data Modifications   Linux has several solutions to monitor what happens with your data. From changing contents to who accessed particular information, and at what time. For our auditing toolkit Lynis, we researched and tested several solutions over the last few years. In this article we have a look at these solutions to monitor file access, changes and modifications to the data and beyond. What is Data? Data is a collection of bits, ordered in […]

Read more

Intrusion detection: Linux rootkits

Intrusion detection: Linux rootkits Rootkits Rootkits are installed components on a server by a person with malicious intent. The main goal is hiding its presence and avoid the eye of the system administrator. Rootkits usually consist of a set of tools, to manipulate the Linux kernel, alter output to the screen or avoid some software from doing its tasks. Nowadays rootkits are less popular than they were before. One of the reasons is the increased security in the Linux kernel, […]

Read more

Linux Audit Framework: using aureport

Linux Audit Framework: using aureport The Linux audit framework logs events, as specified by the configured watches. To extract particular events we can use the ausearch or aureport tools. The latter is the one we will focus on in this article, to get the most out of the tool. Aureport The aureport utility can be executed without any parameters. It will then extract all audit events available from the log. Since the audit log can be very big, it might […]

Read more

Configuring and auditing Linux systems with Audit daemon

Configuring and auditing Linux systems with Audit daemon The Linux Audit Daemon is a framework to allow auditing events on a Linux system. Within this article we will have a look at installation, configuration and using the framework to perform Linux system and security auditing. Auditing goals By using a powerful audit framework, the system can track many event types to monitor and audit the system. Examples include: Audit file access and modification See who changed a particular file Detect […]

Read more

Antivirus for Linux: is it really needed?

Antivirus for Linux The question regarding the need of antivirus for Linux is still a hot subject. Is it really needed or simply a nice-to-have? Within this article we have a look at antivirus for Linux and the alternative options. Malware Antivirus is a security measure to protect against malicious software, also known as malware. Most malware is still focused on Windows, followed by mobile devices and Mac OS. While there is malware for Linux, these pieces usually attack server […]

Read more

Dealing with a compromised Linux system

Compromised Linux system Before we dive deep into this subject of dealing with a compromised Linux system, we have the answer the biggest question: how do we know we are compromised? Usually some signs are a clear give-away: The website hosted was altered and replaced with a “You have been hacked” page The system is missing essential binaries, or they all crash after executing Unauthorized users have been created and the system is hosting movies and music, which is not […]

Read more