Is your /etc/hosts file healthy?

Audit your /etc/hosts file The /etc/hosts file is one of the few files you will always find on a Linux system. It stores the ‘hosts’ database, and can be used to resolve between IP addresses and hostnames. Although the file is very simple structured, it is still common to see minor issues with name resolving on systems. Guess what, your /etc/hosts file might be causing more trouble than you think. A regular check up won’t hurt. Order matters in name resolving […]

Read more

Linux DNS Tuning for Performance and Resilience

Optimal DNS Configuration on Linux We often don’t realize the importance of DNS in our infrastructure. Yet the impact when things go (slightly) wrong is huge. Time to have a good look at improving our DNS configuration. The goal is simple: improve performance, and make it more resilient to issues and attacks. How DNS Resolving Works When your Linux system needs to know the IP address of a particular host, it will use gethostbyname(3) function. This will use the nsswitch […]

Read more

Linux Security Guide for Hardening IPv6

Linux Security Guide for Hardening IPv6 Version 6 of Internet Protocol is now 20+ years available. You would think it is widely available now, right? Not exactly. Still many internet providers don’t have it deployed for their customers. Hosting companies are not always eager to deploy it either. Mostly because of lacking knowledge. To get at east more knowledge shared on the security side of IPv6, we have crafted this guide. Hopefully it will be a practical guide for your […]

Read more

List Network Interfaces on Linux Systems (and others)

Show Network Interfaces The network configuration is a common place to start during system configuration, security audits, and troubleshooting. No surprise that Lynis helps with collecting information about network interfaces, like MAC and IP addresses. We will have a look on how to gather this information yourself, like listing all available interfaces. Although we focus a lot here at Linux, we will include tips for other platforms, like macOS. Network configuration Linux Previously the most obvious command to obtain the available […]

Read more

Audit which network ports are used by a Linux process

Auditing Processes and Network Services Most network related services have to open up a network socket, so they can start listening for incoming network requests. It is common to find the TCP or UDP being used as the main communication protocol. In this article, we start auditing what kind of network communications are relevant to a particular Linux process, or a set of processes. Find out what process is listening to a port Only one process can actively listen to […]

Read more

Alternative for netstat: ss tool

Alternative for netstat System administrators and security professionals searching for listening ports on a server, are definitely familiar with the netstat command. However, newer distributions do not have the tool default installed anymore. Time to start using ss besides our beloved netstat command. ss Socket statistics, or ss for short, is an easy replacement command for netstat. One way to use it, is with parameters ss -aut -a: show listening and non-listening sockets -u: show UDP -t: show TCP [root@archlinux […]

Read more

Filtering ARP traffic with Linux arptables

Filtering ARP traffic with Linux arptables Most Linux system administrators will be familiar with iptables on Linux. Less known is the arptables utility, which controls filtering arp packets. Installation The arptables utility is easy to set-up, as the main functionality is already implemented in the Linux kernel. Just install the arptables package on your favorite Linux distribution. Red Hat / CentOS / Fedora yum install arptables Debian / Ubuntu apt-get install arptables Configuration example To show the effect of filtering […]

Read more

How to clear the ARP cache on Linux?

How to clear the ARP cache on Linux? In some cases, you might need to clear your ARP cache. There are two common ways on Linux, using the arp or ip utility. Depending on your Linux distribution, it might be preferred to use the ip utility. Clearing cache with arp The arp utility does not accept an option to clear the full cache. Instead, it allows to flush out entries found with the -d option. root@ubuntu:~# arp -d 192.168.1.1 After […]

Read more