The purpose of the /etc/networks file

What is /etc/networks file? Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does […]

Read more

Is your /etc/hosts file healthy?

Audit your /etc/hosts file The /etc/hosts file is one of the few files you will always find on a Linux system. It stores the ‘hosts’ database, and can be used to resolve between IP addresses and hostnames. Although the file is very simple structured, it is still common to see minor issues with name resolving on systems.¬†Guess what, your /etc/hosts file might be causing more trouble than you think. A regular check up won’t hurt. Order matters in name resolving […]

Read more

Linux DNS Tuning for Performance and Resilience

DNS Configuration on Linux We often don’t realize the importance of DNS, or name resolving in our infrastructure. The impact when things go (slightly) wrong is huge. Time to have a good look at improving our DNS configuration. How DNS resolving works When your Linux system needs to know the IP address of a particular host, it will use gethostbyname(3) function. This will use the nsswitch configuration stored in /etc/nsswitch.conf. For the related hosts line, it will determine how to […]

Read more

Linux Security Guide for Hardening IPv6

Linux Security Guide for Hardening IPv6 Version 6 of Internet Protocol is now 20+ years available. You would think it is widely available now, right? Not exactly. Still many internet providers don’t have it deployed for their customers. Hosting companies are not always eager to deploy it either. Mostly because of lacking knowledge. To get at east more knowledge shared on the security side of IPv6, we have crafted this guide. Hopefully it will be a practical guide for your […]

Read more

List Network Interfaces on Linux Systems (and others)

Show Network Interfaces The network configuration is a common place to start during system configuration, security¬†audits, and troubleshooting. No surprise that Lynis helps with collecting information about network interfaces, like MAC and IP addresses. We will have a look on how to gather this information yourself, like listing all available interfaces. Although we focus a lot here at Linux, we will include tips for other platforms, like macOS. Network configuration Linux Previously the most obvious command to obtain the available […]

Read more

Audit which network ports are used by a Linux process

Auditing Processes and Network Services Most network related services have to open up a network socket, so they can start listening for incoming network requests. It is common to find the TCP or UDP being used as the main communication protocol. In this article, we start auditing what kind of network communications are relevant to a particular Linux process, or a set of processes. Find out what process is listening to a port Only one process can actively listen to […]

Read more

Alternative for netstat: ss tool

Alternative for netstat System administrators and security professionals searching for listening ports on a server, are definitely familiar with the netstat command. However, newer distributions do not have the tool default installed anymore. Time to start using ss besides our beloved netstat command. ss Socket statistics, or ss for short, is an easy replacement command for netstat. One way to use it, is with parameters ss -aut -a: show listening and non-listening sockets -u: show UDP -t: show TCP [root@archlinux […]

Read more

Filtering ARP traffic with Linux arptables

Filtering ARP traffic with Linux arptables Most Linux system administrators will be familiar with iptables on Linux. Less known is the arptables utility, which controls filtering arp packets. Installation The arptables utility is easy to set-up, as the main functionality is already implemented in the Linux kernel. Just install the arptables package on your favorite Linux distribution. Red Hat / CentOS / Fedora yum install arptables Debian / Ubuntu apt-get install arptables Configuration example To show the effect of filtering […]

Read more
12