Troubleshooting a full /boot partition on Ubuntu

A regular issue with systems running Ubuntu is that may fill up the /boot partition. You might have discovered it when running apt, which refused to work. That is unfortunate, as you also need apt to resolve the issue. After trying several options, we found a way to resolve this catch 22, with just three steps. Opposed to other solutions, you don’t need to move files or do other tricky things on your system. Still a word of caution: any tasks you […]

Read more

Understanding what runs on your Linux system (and why)

Linux processes and daemons Each Linux system has a bunch of processes running. Most of these processes might be familiar to you if you regularly use a command like ps or top to display them. Processes may look like just an item in a list. They are actually complicated pieces of code that are tamed by a memory manager. To truly understand how your system is running, knowledge of process (or memory) management is of great help. So let’s make […]

Read more

Configure the time zone (TZ) on Linux systems

Having the right time set on a Linux system is important for data synchronization, forensics, and troubleshooting. Next step is to configure the correct time zone. This article will help you: See the current time configuration Learn how to configure the time zone Time zone information We will have a look on how to check and configure the time zone on Linux systems. Show current time zone Most new Linux distributions use systemd now. With the timedatectl command we can quickly see the […]

Read more

How to see the version of Oracle Linux

Determine Oracle Linux version Oracle Linux is based on Red Hat Enterprise Linux. At first, it may be confusing to determine what specific operating system is running. This is because both have the /etc/redhat-release file. If that file exists, use the cat command to display the contents. Next step is to determine if there is a /etc/oracle-release file as well. If so, then you can be sure that Oracle Linux is running. cat /etc/oracle-release Sample output might be: Oracle Linux Server release […]

Read more

Linux security guide: the extended version

Feeling overwhelmed with the resources available to secure your Linux system? With this Linux security guide, we walk step-by-step through the options, tools, and resources. After reading this article, you will be able to make educated decisions about what Linux security defenses to implement for your systems. You will be introduced to the right tools that help you automate and test your improvements. Instead, related articles and resources will be available in the text. The goal is to make this guide into […]

Read more

Discover to which package a file belongs to

Related Packages and Files Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions. CentOS, Fedora, RHEL Show files for RPM packages rpm -qlp /path/to/file.rpm Show files for packages on […]

Read more

How to use grep (with examples)

The grep command is one of the oldest tools for Linux and other platforms. Actually, it is older than Linux itself. It was written by Ken Thompson more than 45 years ago! The name grep stands for “globally regular expression print”. This name comes from its predecessor ed and the specific mode in which you would globally search, using a regular expression, and print the output. The related command was “g/re/p”. For more history, have a look at the Wikipedia entry. […]

Read more

How to solve an expired key (KEYEXPIRED) with apt

Updating expired keys on Debian and Ubuntu Software updates and package management is easy with systems based on Debian or Ubuntu. Just apt-get update (or apt update) and run an upgrade. But sometimes you may encounter the following situation: a KEYEXPIRED message. root# apt-get update && apt-get upgrade Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Hit:2 http://nl.archive.ubuntu.com/ubuntu xenial InRelease Get:3 http://nl.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB] Hit:4 http://nl.archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:5 https://packages.cisofy.com/community/lynis/deb stable InRelease Get:6 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [373 kB] Ign:7 […]

Read more

Troubleshooting Linux Time Synchronization with NTP

Time Synchronization The network time protocol helps computer systems to synchronize their time. We know this protocol by its shorter name NTP. In the past, it was not really a big issue if your system was a few minutes off. This changed with the interconnected world we are now living in. One of the better examples is networks relying on the authentication protocol Kerberos. If your system time is not correct, you may not be able to authenticate. This is because […]

Read more

Mosh, the SSH Alternative Option for System Administration

Reasons to use Mosh instead of SSH Mosh, or mobile shell, is the ideal tool for remote system administration. While SSH is great, Mosh beats it in several areas. Let’s dive into the reasons why it makes sense to learn about Mosh. Pros Session Resumption Remember the last time your connection was interrupted? It it frustrating and sometimes even leads to losing some of your work. The stable TCP connection is not always a blessing. Mosh comes to the rescue, especially […]

Read more

Automatic Security Updates with DNF

DNF: Automatic Security Updates The Dandified YUM tool, DNF, has become a powerful package manager for systems running Fedora. As it looks now, it will become also the default package manager for CentOS 8 and RHEL 8. One of the benefits from dnf is the option to retrieve security information very easily. This allows us to use it for automatic security patching of our Linux systems. Let’s explore the options and see how dnf-automatic can help us with fully automated […]

Read more

How to Disable “System program problem detected”

Quick Ubuntu Tips: System program problem detected   Sometimes programs crash, usually for a different variety of reasons. While it is good to do research and find the underlying cause, sometimes you simply want to disable any reporting. Clean up /var/crash First thing to do is check your /var/crash directory and see if there are any “crash” files. These are just normal text files and include details about a process. If you have a process crashing regularly, you most likely want to […]

Read more

Find Differences Between Two Daily Lynis Audits

Comparing Lynis Scan Results Lately I saw a great feature request for Lynis, to detect differences between two runs of Lynis. Wouldn’t it be great to run Lynis daily and then see if anything changes and act upon those differences? While our auditing tool doesn’t have such an option itself, it is very easy to implement something and fine-tune it to your needs. Report Lynis has two important files to which is logs data: /var/log/lynis.log /var/log/lynis-report.dat The first file /var/log/lynis.log has […]

Read more

Missing Packages: Don’t Trust External Repositories!

Missing packages… If you are in the business of system administration, you know the big dilemma when it comes to installing software: missing packages. Yes, a lot of packages are available in the repositories of your Linux distribution, but not the one you need. Or when it is, it is horribly outdated. So you reach out to external resources, like community maintained repositories, right? With Lynis, we face this same issue. While most of the distributions have Lynis in the […]

Read more

Monitor file access by Linux processes

Process Auditing: Disk and File Activity Processes are the running workforce on a Linux system. Each process has a particular goal, like forking child processes, handling incoming user requests of monitoring other processes. As a system administrator or IT auditor, you might want to know at some point what disk activity occurs in a process. In this article, we have a look at a few options to quickly reveal what is occuring in a process, including disk and file activity. Monitor syscalls […]

Read more
123