Understand and configure core dumps on Linux

Every system needs running processes to fulfill its primary goal. But sometimes things go wrong and a process may crash. Depending on the configuration of the system a core dump is created. In other words, a memory snapshot of the crashed process is stored. The term core actually refers to the old magnetic core memory from older systems. Although this type of memory is no longer being used, we still use this term on Linux systems. Enough for history, let’s […]

Read more

Tools compared: rkhunter VS Lynis

Rootkit Hunter and Lynis compared The question about what the differences are between rkhunter and Lynis is showing up more and more. Time to share the purpose of both and show the difference in its usage. As the author of both tools, I should have done this nine years ago. So with some little delay, here it is. Rootkit Hunter Written in 2003, rkhunter had the goal to detect malware on Linux and UNIX-based systems. The main target was rootkits, with […]

Read more

Why we use your open source project (or not)

Common mistakes in open source software projects While ‘shopping’ for some libraries, it struck me how many open source software projects are suffering from basic mistakes. Well, mistakes might sound too harsh. What I mean are those things you find on a project, which could be better. They are usually things not considered by the developer, as we (developers) were never told about them. Doing 10+ years of open source development now, I can safely say I made many mistakes. Time to […]

Read more

Show vulnerable packages on Arch Linux with arch-audit

Vulnerable Software Packages on Arch Linux Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages. After all […]

Read more

Discover to which package a file belongs to

Related Packages and Files Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions. CentOS, Fedora, RHEL Show files for RPM packages rpm -qlp /path/to/file.rpm Show files for packages on […]

Read more

Audit Installed Compilers and Their Packages

Compilers and security Compilers can be the gateway for an attacker. By misusing a possible weakness in your system(s), a compiler is often used to build the related exploit code. One way to prevent this is to determine what compilers are installed and remove (or restrict) them. Comparing Installed Packages and Compilers One way to audit the system is creating a list of common compilers and packages, then match these with the installed packages. Common compilers Some of the tools found related […]

Read more

Upgrading External Packages with unattended-upgrade

Upgrading External Packages with unattended-upgrade The unattended-upgrade tool is a great way to keep your system automatically updated. While you might not always want to do that for all packages, it definitely can be a great way to assist in your security efforts. In that case, tell it to track security updates and install the related packages. If you are using third-party packages (e.g. via PPAs), the system has no idea about security updates for those packages. So you need […]

Read more

Find and Disable Insecure Services on Linux

Insecure Services on Linux The world has changed a lot in the last era, especially when it comes to computing. This applies also to the services we run on our Linux systems. Some of these services (like rlogin), were previously the defacto tools to do administration. Now they are considered to be bad and insecure. What makes a service insecure? Services can become insecure when they have characteristics like: No (or weak) authentication No (or weak) encryption Insecure protocols Running as […]

Read more

Showing Available Security Updates with DNF

Checking Security Updates for your Software Packages DNF is the default package manager since Fedora 22. As it is considered to be a better version of YUM, some of our Lynis users asked for DNF support. With focus on auditing and security patching, we definitely wanted to see that for ourselves. While building support, I’ve gathered the most important commands. In this blog post we will have a look how we can leverage the DNF output to show only the […]

Read more

Tiger is History, Long Live Modern Alternatives!

The History and Alternatives to the Tiger Security Tool Recently I saw some tweets showing up from an old friend: Tiger. Surprised to see it being promoted, as I know the tool for years, but never seen any new releases in the last years. Both are actually a shame. An outdated tool is usually of lower value. Promoting old tools might actually disappoint others and harm the initial trust in the software. History of Tiger In its day, the tool […]

Read more

Missing Packages: Don’t Trust External Repositories!

Missing packages… If you are in the business of system administration, you know the big dilemma when it comes to installing software: missing packages. Yes, a lot of packages are available in the repositories of your Linux distribution, but not the one you need. Or when it is, it is horribly outdated. So you reach out to external resources, like community maintained repositories, right? With Lynis, we face this same issue. While most of the distributions have Lynis in the […]

Read more

Monitor file access by Linux processes

Process Auditing: Disk and File Activity Processes are the running workforce on a Linux system. Each process has a particular goal, like forking child processes, handling incoming user requests of monitoring other processes. As a system administrator or IT auditor, you might want to know at some point what disk activity occurs in a process. In this article, we have a look at a few options to quickly reveal what is occuring in a process, including disk and file activity. Monitor syscalls […]

Read more

Simplifying Security: Choose the Right Toolkit, not Tool.

Simplifying Security I applaud many of our customers for being smart. Not to say other people are not, but they have made a specific choice in the past based on an understanding. They understand that a single security solution to make your IT environment safe, simply does not exist. It is the combination of tools, or your toolkit, which does. For this same reason, a carpenter has a tool chest, not a single tool. As a founder, I get to […]

Read more

Using unattended-upgrades on Debian and Ubuntu

Using unattended-upgrades on Debian and Ubuntu To counter the biggest threat to software packages, they should be updated on a regular basis. Vulnerabilities are discovered on a daily basis, which also requires we monitor daily. Software patching takes time, especially when testing and reboots are needed. Fortunately, systems running Debian and Ubuntu can use unattended-upgrades to achieve automated patch management for security updates. Installation With most software packages, unattended-upgrades has to be installed. root@system:~# apt-get install unattended-upgrades If you are […]

Read more

Software Patch Management for Maximum Linux Security

Linux Patch Management Maximum Linux security with proper software patch management   Software upgrades are almost as old as the first lines of software code. Still companies struggle to properly update software, also when it comes to security patching. In this article we have a look at the reason behind patching and some methods to keep your systems humming, with fresh packages. Why Update? To most of us, it instantly makes sense to keep the software on your systems up-to-date. […]

Read more
12