2015-01-21 Michael BoelenAuditing, Intrusion Detection, Linux

Monitoring Linux File access, Changes and Data Modifications

Monitoring File access, Changes and Data Modifications Linux has several solutions to monitor what happens with your data. From changing contents to who accessed particular information, and at what time. For our auditing toolkit Lynis, we researched and tested several solutions over the last few years. In this article we have a look at these solutions to monitor file access, changes and modifications to the data and beyond. What is Data? Data is a collection of bits, ordered in […]

2014-12-15 (last updated at January 4th, 2015) Michael BoelenLinux, Monitoring, System Administration 9 comments

How to check if your Arch Linux system needs a reboot

Arch Linux reboots How to check if a reboot is needed By default Arch will install the kernel in /boot with the name vmlinuz-linux. To determine if the system is running the latest kernel, we can compare the running kernel and the one on disk. Running kernel One way to determine the running kernel is with the uname command. By default installed and with the -r parameter it will provide the kernel release version. [root@archlinux ~]# uname -r 3.17.4-1-ARCH Kernel […]

2014-11-30 (last updated at July 25th, 2018) Michael BoelenHardening, Linux, System Administration Leave a comment

Linux capabilities 101

Security of Linux systems and applications can be greatly improved by using hardening measures. One of these measures is called Linux capabilities. Capabilities are supported by the kernel for some while now. Using capabilities we can strengthen applications and containers. Unfortunately, this powerful tool is still underutilized. Time to change that! This article helps to understand and apply them. What are Linux capabilities? Normally the root user (or any ID with UID of 0) gets a special treatment when running processes. […]

2014-08-06 (last updated at March 6th, 2017) Michael BoelenLinux Leave a comment

Check for a required reboot on Debian and Ubuntu systems

Required restart required? Administrators of Debian-based systems know they have to reboot their systems, just like any other Linux distribution. However, why is the reboot needed? Could we monitor for which systems need an actual reboot? Required reboot Software can contain issues, which we call bugs. Most bugs are just annoying if you encounter them and can be fixed by upgrading to a newer version of the software. Other bugs are special in the way that they may leak sensitive […]

2014-07-30 (last updated at December 12th, 2015) Michael BoelenLinux Leave a comment

Security Program: Implementing Linux Security

Security Program: Implementing Linux Security Information security is possibly one of the hardest subjects in IT. Doing too less and you risk of security breaches. Doing too much will restrict the core businesses of your organization. With a proper security program, implementing Linux security can be greatly simplified. By having a structured approach, the strength of the defenses will increase, while risks decrease. In this article, we have a look at how to properly prepare security projects and changes. This […]

2014-07-15 (last updated at October 20th, 2014) Michael BoelenDevelopment, Linux, System Administration Leave a comment

Linux Security for DevOps

Linux Security for DevOps During the last years the role of DevOps evolved. This person could be described as the hybrid: a system administrator with development skills, or the developer which is also infrastructure savvy. With Linux and so many available tooling, it is becoming easier for people to learn both development and managing infrastructures. We are especially interested in Linux security for DevOps and what they can apply. Automation is key Repeating work is not only boring, but also […]

2014-06-24 (last updated at October 20th, 2014) Michael BoelenAccess Control List, Linux Leave a comment

Using File ACLs on Linux for Additional Security

Using File ACLs on Linux for Additional Security File ACLs can increase security due to the more granular permission structure. Still the use of ACLs is often not known to system administrators, resulting in directories and files having inappropriate file permissions. When to use Example: a directory could be configured with very tight permissions, including a proper owner and group. Normally the “Other” (everyone) group would have to be used to open up the file for people outside the owner […]

2014-06-21 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux, Software

Audit SuSE with zypper: vulnerable packages

Audit (Open)SuSE with zypper: vulnerable packages Proper software management is an important part in keeping your system secured. Acting on time is important, especially when network services have discovered security vulnerabilities. Vulnerable packages Usually packages with known security vulnerabilities, get priority and updates are soon available. The risk in installing these packages is fairly low, as they don’t introduce new features. Instead, they fix the related security hole, which sometimes is nothing more than 1 single character! Check your system […]

2014-06-18 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux, Logging

Linux audit – Log files in /var/log/audit

Linux audit – Log files /var/log/audit By default the Linux audit framework logs all data in the /var/log/audit directory. Usually this file is named audit.log. /var/log/audit/audit.log This is the default log file for the Linux audit daemon. The file has a capture of all related audit events. It has been configured in auditd.conf: root@server# cat /etc/audit/auditd.conf log_file = /var/log/audit/audit.log Usually there is no reason to alter this location, unless a different storage location is preferred. For safeguarding of the […]

2014-06-15 (last updated at October 20th, 2014) Michael BoelenIdentity & Access Management, Linux Leave a comment

5 Tips to protect the Root account

Protecting the Root account Like systems running Windows have an account named Administrator, Unix systems have their equal named “root”. This user with user id zero (0), have unlimited access to the system. Most applications implementing user access controls, apply a “backdoor” to allow this root user always access. This applies to access data, killing processes, starting kernel modules and more. Tips to protect the root user Since the root user has unlimited access to the system, it make sense […]

2014-06-12 (last updated at January 30th, 2015) Michael BoelenAuditing, Hardening, Linux

Hardening Guides and Tools for Red Hat Linux (RHEL)

Hardening Guides and Tools for Red Hat Linux (RHEL) System hardening is an important part in securing computer networks. Each system should get the appropriate security measures to provide a minimum level of trust. In this post we have a look at some of the options when securing a Red Hat based system. This information applies to Red Hat Linux (RHEL), Fedora, CentOS, Scientific Linux and others. Red Hat Red Hat itself has a hardening guide for RHEL 4 and […]

2014-06-06 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux

Auditing Linux processes: The Deep Dive!

Auditing Linux processes From the initial start of the Linux operating system, the first processes are already born. In this article we have a look on dealing with processes. In particular we look at how to do process auditing. Whenever you are an auditor, system administrator or just a Linux enthusiast, you can’t ignore processes and should know how to deal with them. Process listing For most people working on Linux systems, it might be obvious to display running processes […]

2014-05-21 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux

Become a Linux Auditor: What to know?

Linux Auditor: What to know? Now open source software and platforms are very common, the need for knowledge in this area is increasing. Becoming a technical auditor with specialized knowledge about Linux, might be a clever move. Technical When specializing in Linux, the auditing area is already more technically oriented, instead of the processes. A true Linux auditor knows more than the basics of Linux. In-depth knowledge is required, like what file systems are common, how permissions are arranged, popular […]

2014-05-18 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux

Auditing Linux: what to audit?

Auditing Linux: what to audit? In this article we answer the big question on Linux systems “what to audit?”. Where do you start and what is useful to audit? We apply our three C‘s in this article to determine what we should look for when auditing a Linux system. Current state What is the current state of the system and how does it compare to previous time? Ideal situation: compare current state of the system with a predefined baseline or […]

2014-05-12 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux, Lynis

Become a Linux auditor: tips to start with auditing the Linux platform

Become a Linux auditor: tips to start with auditing the Linux platform This guide helps people new to the Linux platform to get a grasp on how the system works. Whenever you are an IT auditor, or simply want to know more about the basics, this guide helps you in determining where to start an audit. Processes Each operating system consists of smaller running processes. In case of Linux this is true as well and can be displayed with the […]

«123 »