System administration
Become a better system administrator by learning how to apply Linux security, shell scripting, and generic Linux concepts.
Methods to find the Linux distribution and version
Learn how to find the Linux distribution and version of a system. Use the right tool or file to find the relevant details.
Summary
Find the Linux distribution name and version
Dmidecode cheat sheet
Want to see all hardware details of a system? Then dmidecode is your friend, helping to decode all information from the SMBIOS specification.
Summary
All hardware exposed
How to see memory information such as type and speed
Show memory information and details such as the number of banks in use, the memory type and speed.
Summary
Show memory details
How to securely delete a file and its contents
Need to delete the contents of a sensitive file? Instead of just deleting it with rm, look at this option first.
Summary
Learn how to purge data before deleting a file
How to see the creation date of a file
Find the biggest directories and files on disk by using the du command.
Summary
Find out when a file was initially created
Understanding the output of the stat command
Learn everything about the output that the stat command returns. Great for forensics, intrusion detection, and system administration.
Summary
The stat command can be used to show file statistics, such as file size, ownership, type, and several timestamps. It is a great addition to ls. Time to let it work for us! Basic example If we use the command on our /etc/passwd file, we might get output like below. # stat /etc/passwd File: /etc/passwd Size: 3387 Blocks: 8 IO Block: 4096 regular file Device: 10303h/66307d Inode: 47186412 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2024-05-08 15:17:01.
Tar cheat sheet
Become a master in archiving and compressing files using the tar tool with this cheat sheet.
Summary
Archiving all the data
What is a tainted kernel
Learn what it means when the Linux kernel is marked as tainted, including finding the cause.
Summary
Learn what it means when the kernel is tainted
How to find the specific cause of a tainted kernel
Learn what it means when the Linux kernel is marked as tainted and in particular the underlying cause.
Summary
Learn about the specific cause that tainted the kernel
Ip cheat sheet
Want to see or configure every piece of information about networking, including routing on Linux? Forget tools like netstat and learn using the ip command.
Summary
No more networking secrets
How to see errors on dropped packets on a network interface on Linux
Show the network link details using the ip command to find out if a network has errors or dropped packets on a Linux system.
Summary
Show network link statistics to discover errors or dropped packets
How to see the default gateway on Linux
Show the network routing table to discover the default gateway used on a Linux system.
Summary
Show network table to discover the default gateway
How to see which process is using a port
Show which process is already opened an UDP or TCP port on Linux by using the ss command.
Summary
Show which process is listening to a port
Lsof cheat sheet
Get information about open files on Linux using the lsof command. This cheat sheet covers many common uses for using lsof and how to use it.
Summary
Show open file information
How to see open ports on Linux
Show which UDP/TCP ports are opened on a Linux system, including the related process. Use the ss tool to see more details about these sockets.
Summary
Show open network ports such as TCP and UDP
Ss cheat sheet
If you want to learn more about network connections on Linux, then the socket statistics tool, ss, is the tool to get the job done. Learn how to use it with this cheat sheet.
Summary
Reveal all those sockets
How to see the TTL value of a DNS record
Learn how to query the Time To Live (TTL) for a DNS record by using the dig tool.
Summary
Query DNS to reveal the TTL value of a DNS record.
How to show all installed packages on Ubuntu
Query the package manager to show installed packages on Ubuntu systems including version details.
Summary
Query tools like dpkg to show installed packages
List installed packages on a Linux system
Learn how to show all installed packages on Linux systems including AlmaLinux, Debian, OpenSUSE, and Ubuntu.
Summary
Show installed package on the most common Linux distributions
How to list all USB devices
Retrieve device information from USB hubs and devices using the lsusb command.
Summary
Retrieve USB device information using lsusb
How to see the available hard disks
Show the available hard disks in a system by using the right Linux tool. There are multiple options to pick, so let's have a look.
Summary
Query the available hard disk(s)
How to see hard disk specifications and details
Show more detailed information about the available hard disks in the system. Specifications like speed, serial number, firmware, and other details.
Summary
More in-depth information about the available hard disks
How to see BIOS details
Show bios details from within a Linux system. Learn how to query these details and where to find more information.
Summary
Show BIOS information using dmidecode
Du cheat sheet
Get more out of the du utility with this cheat sheet. Use it as a reference to find often-used options or those that come handy in time.
Summary
Find out who is using up that disk space
How to find the biggest directories on disk
Find the biggest directories and files on disk by using the du command.
Summary
Leverage the du command to find the biggest directories
How to see the last X lines with journalctl
Limit the output from journalctl by defining the number of lines you want to see.
Summary
Perform smarter queries when requesting information from journalctl
How to disable a systemd unit with systemctl
Want to disable a service or specific unit? Use systemctl to configure units and disable it on boot or completely.
Summary
Disable a service or specific unit with systemctl
How to start and enable a unit with systemctl
Combine the start and enable command when using systemctl to get a unit like a service started at boot and right away.
Summary
Start and enable a unit with one command
How to show failed units with systemctl
Want to check the system for failed systemd units? In this article we show how to do this with systemctl and query the units with a failure state.
Summary
Show failed systemd units with systemctl
Find cheat sheet
The find utility is probably the best tool to find files on your system, but it has some learning curve to get everything out of it. We help you to achieve that with this cheat sheet.
Summary
Learn to search and to find
Systemd cheat sheet
Increase your system administration skills with this cheat sheet. Learn how to configure and monitor systemd units, including getting every last single bit of information out the journal logging.
Summary
Make a new friend?
Test web server caching with curl
Want to test your web server and see if static files are properly cached? Curl can help and with some scripting even automate the task for you.
Summary
Learn how to use curl to test if your web server is properly caching static files
Systemd units and their purpose
Which systemd unit types are available and what is their goal? In this article we cover them and show some useful commands related to these units.
Summary
Learn about the available systemd unit types
Systemctl cheat sheet
Learn how to get every piece of information from systemd units, such as services and timers, including its configuration and status.
Summary
Control those processes and timers
Journalctl cheat sheet
Learn how to get every piece of information from systemd journals with the journalctl command. Use this cheat sheet as reference to learn about more available options.
Summary
Query the journal and find the needle
Adding the Expires header to improving caching of static content in nginx
Want to improve caching on your nginx web server? Learn how to set the Expires header and enhance your nginx configuration.
Summary
Learn how to define the Expires header in nginx to improve the caching of static assets.
Curl cheat sheet
One of the best HTTP clients is the open source tool curl. With ongoing development and continuously new updates, it is worth getting everything out of this powerful tool!
Summary
Download files and troubleshoot issues faster with curl
AWK cheat sheet
When it comes to a powerful tools on Linux, AWK is definitely one to know. This cheat sheet explains the basics and shows many useful one-liners
Summary
Parse files quicker with smarter expressions
How to see all virtual hosts in nginx
Want to see all configured virtual hosts on a server running nginx? Here is a method to achieve this quickly by using a default configuration option.
Summary
How to display the configured hosts by filtering out the server_name entries
SELinux
SELinux is a well-known security framework on Linux systems. Let's have a look at the basics of this framework, such as its purpose and features.
Summary
SELinux is a well-known security framework on Linux systems like Red Hat Enterprise Linux. Let’s have a look at the basics of this framework, such as its purpose and features. History SELinux was developed by the National Security Agency (NSA) and integrated into many Linux distributions, including Red Hat Enterprise Linux (RHEL) and CentOS. Purpose SELinux is a MAC framework that enforces fine-grained access controls. SELinux achieves this by labeling files, processes, and network ports with security contexts.
Linux security frameworks
Linux security frameworks restrict unauthorized access by defining a policy and a set of predefined rules. In this article we look their purpose and how they work.
Summary
Linux security frameworks restrict unauthorized access by defining a policy and a set of predefined rules. In this article we look their purpose and how they work. Purpose of security frameworks Linux security frameworks aim to enforce mandatory access controls (MAC). This is a way of saying to restrict the actions that processes and users can perform on the system. Unlike discretionary access controls (DAC), which rely on the discretion of users and processes, MAC frameworks enforce policies defined by the system administrator.
AppArmor
AppArmor is the profile-based security security framework and available on Linux. In this article we look at the basics of this security framework, its purpose and features.
Summary
AppArmor is the profile-based security security framework and available on many Debian-based distributions. In this article we look at the basics of this security framework, its purpose and features. History AppArmor was developed by Canonical Ltd. and therefore included in their own Ubuntu distribution. included in Ubuntu and other Debian-based distributions What is AppArmor? AppArmor is a profile-based MAC framework. As the name implies, profiles are used that focus on simplifying security management.
How to change file permissions
Learn how to change the file permissions of files and directories on a Linux system. Follow the examples and make your system more secure.
Summary
Changing file permissions: chmod The primary command to change file permissions on a Linux system is chmod. It’s a basic system administration utility and pre-installed on the system. To make changes to an existing directory or file, it is first good to look up the existing permissions. This can be done using the ls -l command, that lists them with the long format. ls -l /etc/hosts -rw-r--r-- 1 root root 241 Feb 2 19:10 /etc/hosts There are two syntax styles to tell chmod what the new value should be.
Linux file permissions
Learn the basics of file permissions on Linux systems and common filesystems such as ext4, XFS, and ZFS. Guided by examples, everyone is able to learn how they work.
Summary
File permissions are stored together with the data on a disk. The Linux kernel uses them to decide which users and processes can access what file. This page can be considered as a good cheat sheet, while the underlying articles explain how to use this information. Main permissions Read (r): Allows users to view the contents of a file or directory Write (w): Grants users the ability to modify the contents of a file or directory Execute (x): Enables users to execute a file or access the contents of a directory Permission Abbreviation Octal value Read r 4 Write w 2 Execute x 1 Possible combinations:
Introduction in Linux file permissions
Learn the basics of how a Linux system applies file permissions. We look into examples, to demystify what the file permissions mean and how to troubleshoot common issues.
Summary
Every file that is stored has a set of file permissions stored within the filesystem. This data about the actual data, it called meta-data. Let have a look at how file permissions work on Linux systems and how to read and understand them. Read, Write, and Execute Linux file permissions are divided into three main categories: Read (r): Allows users to view the contents of a file or directory Write (w): Grants users the ability to modify the contents of a file or directory Execute (x): Enables users to execute a file or access the contents of a directory User, Group, and Others These permissions are each assigned to three entities:
How to find hard links or files that point to a specific file
Learn how to find hardlinks on a file system or which files they have in common. With several examples, we use the find command to get this information quickly available.
Summary
If you want to know which hard links are present, the find utility can give you the answer. In this article we have a look at a few ways to discover more information about hard links. Good to know: a hard link shares the same inode, where a symbolic link has its own inode and just points from one to another. Show all hard links within a specific file system or directory When we have a directory with hard links, we can discover by looking at the link count of each file.
Linux file systems
All articles about the purpose of a file system and how it works. Learn how to become a specialist to further secure your system.
Summary
Linux systems use a file system to store and process data. In this section we have a look at what a file system and supporting articles to learn more about it. Purpose of a file system At its core, a file system is the method by which data is organized and stored on a storage device. The storage device is typically a hard drive or solid-state drive (SSD), but it can also be memory.
Shell scripting
From beginning to advanced users, these articles will cover your needs when it comes to creating better shell scripts. Shell-scripting is more powerful than you might think!
Summary
Shell scripting is a powerful way to assist in automation of repeating tasks. While fairly easy to learn, the shell scripting language has a lot of caveats. In this area we collect tips and tricks to help you creating better shell scripts.
Processes
This section provides tips and tricks to deal with processes on Linux systems. Got another tip? Let it know!
Summary
A Linux systems without processes is not possible. So we collect tips to deal with processes and improve your skills.
Kill a process that won't respond to CTRL+C
Got a process that won't respond to CTRL+C? With this tip you can kill almost all processes without having to open a second terminal.
Summary
Sometimes a process gets stuck and how often you try, it won’t respond to the combination of CTRL+C. One option is to open a second shell, then perform a kill. kill 1234 Pushing a job to the background While this works, there is usually a much easier way. This involves pushing a running process into the background by pressing CTRL+Z. [1]+ Stopped ./runserver Kill the process To get it back to the foreground, we would normally run fg.
Linux tools to bulk rename files
Want to rename files in bulk, but looking for a good tool that can be used on Linux? This article has your covered, with several options.
Summary
Rnr The first tool to cover is called rnr and is written in Rust. It can be downloaded on GitHub where also some good examples can be found on how to use the tool. Let’s try it out on a directory that we have with Markdown files. Due to a conversion, the file names include a date. As this is no longer needed, we want to strip out the date and only get the bit after the third hyphen.
Troubleshooting a full /boot partition on Ubuntu
Is your /boot partition full and apt can no longer install updates? Learn how to fix this issue and what you can do to prevent it.
Summary
A regular issue with systems running Ubuntu is that may fill up the /boot partition. You might have discovered it when running apt, which refused to work. That is unfortunate, as you also need apt to resolve the issue. After trying several options, we found a way to resolve this catch 22, with just three steps. Opposed to other solutions, you don’t need to move files or do other tricky things on your system.
Understanding what runs on your Linux system (and why)
Linux systems have a lot of processes running by default. Let's dive into how programs are started and how you can see all details of each running process.
Summary
Linux processes and daemons Each Linux system has a bunch of processes running. Most of these processes might be familiar to you if you regularly use a command like ps or top to display them. Processes may look like just an item in a list. They are actually complicated pieces of code that are tamed by a memory manager. To truly understand how your system is running, knowledge of process (or memory) management is of great help.
Configure the time zone (TZ) on Linux systems
Having the right time zone on Linux systems helps with troubleshooting. Learn how to see and configure the right time zone on most Linux distributions.
Summary
Having the right time set on a Linux system is important for data synchronization, forensics, and troubleshooting. Next step is to configure the correct time zone. This article will help you: See the current time configuration Learn how to configure the time zone Time zone information We will have a look on how to check and configure the time zone on Linux systems. Show current time zone Most new Linux distributions use systemd now.
Beginners guide to traffic filtering with nftables
The replacement of iptables is known as nftables. In this article, we learn to install nftables and configure it, to secure your Linux systems.
Summary
Learn how to use nftables in this introduction guide to the tool. With common examples, frequently asked questions, and generic tips.
How to see the version of Oracle Linux
Oracle Linux is based on Red Hat Enterprise Linux. At first, it may be confusing to determine what specific Oracle version of the operating system is used.
Summary
Determine Oracle Linux version Oracle Linux is based on Red Hat Enterprise Linux. At first, it may be confusing to determine what specific operating system is running. This is because both have the /etc/redhat-release file. If that file exists, use the cat command to display the contents. Next step is to determine if there is a /etc/oracle-release file as well. If so, then you can be sure that Oracle Linux is running.
Ubuntu system hardening guide for desktops and servers
Step by step guide to secure any Ubuntu desktop or server. Harden your Ubuntu during installation and afterwards with the available security tips.
Summary
The system hardening process of a system is critical during and after installation. It helps the system to perform its duties properly. This blog post shows you several tips for Ubuntu system hardening. It will dive into the most critical steps to take first. Then more specific hardening steps can be added on top of these. As most security guides only tell you what to do, we will also go into more detail on why a specific security measure is important.
Linux security guide: the extended version
Feeling overwhelmed with the options available to secure your Linux system? With this guide, we walk step-by-step through the option, tools, and resources.
Summary
Feeling overwhelmed with the resources available to secure your Linux system? This security guide will provide you the points where to start. With this Linux security guide, we walk step-by-step through the options, tools, and resources. After reading this article, you will be able to make educated decisions about what Linux security defenses to implement for your systems. You will be introduced to the right tools that help you automate and test your improvements.
Discover to which package a file belongs to
With the right Linux software tools, it is easy to find to which package a file belongs. Or the opposite, what files are part of an installed package.
Summary
Discover quickly which file(s) and package are matched together.
How to use grep (with examples)
Grep is a powerful utility on Linux. Want to get more out of the tool? This article will show you how to use it including many practical examples.
Summary
The grep command is one of the oldest tools for Linux and other platforms. Actually, it is older than Linux itself. It was written by Ken Thompson more than 45 years ago! The name grep stands for “globally regular expression print”. This name comes from its predecessor ed and the specific mode in which you would globally search, using a regular expression, and print the output. The related command was “g/re/p”.
How to solve an expired key (KEYEXPIRED) with apt
Software updates and package management is easy, until you get a KEYEXPIRED message. In this article we should how it happens and the way to solve it.
Summary
Software updates and package management is easy with systems based on Debian or Ubuntu. Just apt-get update (or apt update) and run an upgrade. But sometimes you may encounter the following situation: a KEYEXPIRED message. KEYEXPIRED message # apt-get update && apt-get upgrade Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Hit:2 http://nl.archive.ubuntu.com/ubuntu xenial InRelease Get:3 http://nl.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB] Hit:4 http://nl.archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:5 https://packages.cisofy.com/community/lynis/deb stable InRelease Get:6 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [373 kB] Ign:7 http://nginx.
Troubleshooting Linux Time Synchronization with NTP
Time synchronization is an important system administration task for Linux systems. This guide explains how to configure, and also troubleshoot time issues.
Summary
Time Synchronization The network time protocol helps computer systems to synchronize their time. We know this protocol by its shorter name NTP. In the past, it was not really a big issue if your system was a few minutes off. This changed with the interconnected world we are now living in. One of the better examples is networks relying on the authentication protocol Kerberos. If your system time is not correct, you may not be able to authenticate.
Mosh, the SSH Alternative Option for System Administration
Learn about Mosh, an alternative for SSH. Let's dive into the reasons why it makes sense to learn about Mosh.
Summary
Mosh, or mobile shell, is the ideal tool for remote system administration. While SSH is great, Mosh beats it in several areas. Let’s dive into the reasons why it makes sense to learn about Mosh. Pros Session Resumption Remember the last time your connection was interrupted? It it frustrating and sometimes even leads to losing some of your work. The stable TCP connection is not always a blessing. Mosh comes to the rescue, especially for less stable connections.
Automatic Security Updates with DNF
The dnf package manager and dnf-automatic tool can be used for automated security patching on Linux systems. It requires only a few steps to set it up.
Summary
The Dandified YUM tool, DNF, has become a powerful package manager for systems running Fedora. As it looks now, it will become also the default package manager for CentOS 8 and RHEL 8. One of the benefits from dnf is the option to retrieve security information very easily. This allows us to use it for automatic security patching of our Linux systems. Let’s explore the options and see how dnf-automatic can help us with fully automated patching.
How to Disable “System program problem detected”
This article shows how to deal with the message System program problem detected
Summary
Sometimes programs crash, usually for a different variety of reasons. While it is good to do research and find the underlying cause, sometimes you simply want to disable any reporting. Clean up /var/crash First thing to do is check your /var/crash directory and see if there are any “crash” files. These are just normal text files and include details about a process. If you have a process crashing regularly, you most likely want to report it, so the vendor can implement a fix.
Find differences between two daily Lynis audits
It can be useful to see the differences between scans of Lynis, especially when running it daily. Learn how to do this with just a few steps
Summary
Lately I saw a great feature request for Lynis, to detect differences between two runs of Lynis. Wouldn’t it be great to run Lynis daily and then see if anything changes and act upon those differences? While our auditing tool doesn’t have such an option itself, it is very easy to implement something and fine-tune it to your needs. Report Lynis has two important files to which is logs data:
Missing Packages: Don’t Trust External Repositories!
Should you external repositories or not? In this article we look at why trusting external repositories might be a bad thing.
Summary
If you are in the business of system administration, you know the big dilemma when it comes to installing software: missing packages. Yes, a lot of packages are available in the repositories of your Linux distribution, but not the one you need. Or when it is, it is horribly outdated. So you reach out to external resources, like community maintained repositories, right? With Lynis, we face this same issue. While most of the distributions have Lynis in the repository, it is often outdated.
Monitor file access by Linux processes
Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.
Summary
Processes are the running workforce on a Linux system. Each process has a particular goal, like forking child processes, handling incoming user requests of monitoring other processes. As a system administrator or IT auditor, you might want to know at some point what disk activity occurs in a process. In this article, we have a look at a few options to quickly reveal what is occuring in a process, including disk and file activity.
Installing ClamAV on CentOS 7 and Using Freshclam
By default a ClamAV installation on CentOS 7 is not working. In this blog post we reconfigure the required systemd and configuration files for freshclam and clamd.
Summary
Including the usage of Freshclam To get ClamAV on CentOS installed, we have to use the EPEL repository (Extra Packages for Enterprise Linux). Fortunately, the Fedora project provides this with an easy installation. Unfortunately the default configuration is not properly working. In this post we collect some of the issues and required changes. Let’s start with installing the EPEL support. yum install epel-release Next step is installing all ClamAV components.
Determine Processes Which Need a Restart with checkrestart/needrestart
Just patching software packages is not enough. We cover a few utilities which help you to determine which processes need a restart to complete software patch management.
Summary
Proper software patch management helps reducing weaknesses on your systems. But even if you patched an outdated system, old processes and libraries can continue to run in memory. For example when a library is updated, an active program might still use the old version. To really finish the process of software patching, we have to do more. This includes preparation, performing the update and finally check if we need a restart of software components.
Using SSH keys instead of passwords
Linux systems are usually managed remotely with SSH, with many system administrators still using passwords. Time to switch over to SSH keys and here is how to do that.
Summary
Linux systems are usually managed remotely with SSH (secure shell). Still many administrators are using passwords, instead of keys. Keys not only boost security, it also makes managing systems much easier. Instead of entering your password for each server, you only have to do it once per session. When managing several systems per day, you will be wondering why you ever used password based authentication before. Generating the SSH key Depending on your desktop platform, we first have to create a key pair.
Optimize SSL/TLS for Maximum Security and Speed
Everyone loves secure websites, as long as they are quick. Let's configure our website for maximum security and performance, at the same time.
Summary
Recently we changed our corporate website into a “HTTPS only” version. Most of the content is not secret information, still we have some sensitive areas. The ordering section and downloads, and additional our portal. While some areas were already covered with a lock, we felt it was time to make the jump to cover it all. Additionally, we believe that we doing everything we can on our website, practicing security hardening ourselves.
Using unattended-upgrades on Debian and Ubuntu
To counter the biggest threat to software packages, Debian and Ubuntu based systems can use unattended-upgrades, to install security patches automatically.
Summary
To counter the biggest threat to software packages, they should be updated on a regular basis. Vulnerabilities are discovered on a daily basis, which also requires we monitor daily. Software patching takes time, especially when testing and reboots are needed. Fortunately, systems running Debian and Ubuntu can use unattended-upgrades to achieve automated patch management for security updates. Installation With most software packages, unattended-upgrades has to be installed. apt install unattended-upgrades
Updating all OpenBSD packages with pkg_add
To ensure your system is secure and stable, package management is an important task. To achieve that, use pkg_add to update your installed OpenBSD packages.
Summary
Using pkg_add Keeping your systems stable and secure Every system needs to stay up-to-date with its packages, including OpenBSD. Most OpenBSD users already use pkg_add for the installation of packages. This utility can also be used for package upgrades. Option 1: Use /etc/installurl Newer OpenBSD versions use the file /etc/installurl to select the mirror for pkg_add. Option 2: PKG_PATH The first thing to do is defining your PKG_PATH. This will usually be the address of a FTP or HTTP server, which has the latest packages available.
Software Patch Management for Maximum Linux Security
Linux systems have a lot of software packages, resulting in regular upgrades and updates. Proper software patch management is key and we share how to do it.
Summary
Maximum Linux security with proper software patch management Software upgrades are almost as old as the first lines of software code. Still companies struggle to properly update software, also when it comes to security patching. In this article we have a look at the reason behind patching and some methods to keep your systems humming, with fresh packages. Why Update? To most of us, it instantly makes sense to keep the software on your systems up-to-date.
Linux Audit Framework 101 – Basic Rules for Configuration
The Linux audit framework is a very powerful tool to monitor files, directories and system calls. It helps with troubleshooting, accounting and intrusion detection.
Summary
Starting with Linux auditing can be overwhelming. Fortunately, there is a great feature in the Linux kernel to watch events and log them for us. To give you a quick start to use the Linux Audit Framework, we have collected some basic rules for configuring the audit daemon and its rules. Main Configuration By default the configuration values in /etc/audit/audit.conf are suitable for most systems. If you know your system is very low or very high (e.
Tlsdate: The Secure Alternative for ntpd, ntpdate and rdate
Normal NTP can be difficult to set-up, especially for desktop systems which don't need a very accurate time. The tool tlsdate might be a great alternative.
Summary
The Secure Alternative for ntpd, ntpdate and rdate The common protocol to synchronize the time, is named Network Time Protocol, or NTP. While this protocol works great for synchronizing systems to one or more multiple time sources, it is not always easy to set-up. One alternative is using tlsdate, a secure replacement to keep your systems in sync. About the Project The software is written in 2012 by Jacob Appelbaum and can be found at GitHub: tlsdate.
How to check if your Arch Linux system needs a reboot
Want to check if a reboot of the system is needed on Arch Linux? Here is how that can be done including the relevant commands.
Summary
By default Arch will install the kernel in /boot with the name vmlinuz-linux. To determine if the system is running the latest kernel, we can compare the running kernel and the one on disk. Running kernel One way to determine the running kernel is with the uname command. By default installed and with the -r parameter it will provide the kernel release version. # uname -r 3.17.4-1-ARCH Kernel on disk Checking the latest kernel on disk is almost as easy.
Perform NetBSD security audit with pkg_admin
NetBSD can perform a security audit on its packages with the pkg_admin tool. With the check and audit parameters it can perform security check in seconds.
Summary
Security audit of NetBSD software packages with pkg_admin NetBSD is especially known for it’s diverse platforms it can run on. What is less known is the ability to audit the installed packages. In this article we have a look on how to audit NetBSD and ensure the file integrity of your packages. Performing a security audit is easy, as long as you use the right tool! Packages When using packages, their metadata will be installed in directory within /var/db/pkg.
Finding boot logs in systemd journals
This article shows how to find boot logs in the systemd journal. Learn the commands to query all relevant information.
Summary
Systemd used a binary log to store information about specific events. These events include the boot sequence and the related output. In this article we have a look at finding our boot logs in systemd journals. Binary logging When using systemd, boot data is stored in journals, a binary format. There is big benefit of saving boot data in a binary format: log information of each boot can be stored separately, linked to other pieces of information, and queried easier and quicker.
Alternative for netstat: ss tool
Newer distributions do not use netstat anymore in favor of other tools like ss. This alternative tool can show in-depth information about socket statistics.
Summary
The ss tool helps system administrators and security professionals to display information about network connected applications. Learn how to maximize its potential and get everything out of this nifty tool.
Linux capabilities 101
Introduction guide and tutorial about the inner workings of Linux capabilities and how these capabilities are applied when running Linux processes.
Summary
Security of Linux systems and applications can be greatly improved by using hardening measures. One of these measures is called Linux capabilities. Capabilities are supported by the kernel for some while now. Using capabilities we can strengthen applications and containers. Unfortunately, this powerful tool is still underutilized. Time to change that! This article helps to understand and apply them. What are Linux capabilities? Normally the root user (or any ID with UID of 0) gets a special treatment when running processes.
Auditing systemd: solving failed units with systemctl
Sometimes systemd units like services and timers may fail. Learn how to troubleshoot such issues and resolve them much easier.
Summary
Solving failed units with systemctl Systemd is an alternative service manager to the more traditional init system. To ensure the system is healthy, failed units should be investigated on a regular basis. Sooner or later a unit might fail and showing up the systemctl listing. In this article we have a look at how to solve it. Why do services fail? During the start of the system, enabled services are started and queued to be executed.
How to clear the ARP cache on Linux?
Clearing the ARP cache on Linux is easy with the arp or ip utility. This blog post will help you to clear the cache with examples for both utilities.
Summary
There are several reasons when you might need to clear your ARP cache. There are two common ways on Linux systems, typically using the arp or ip utility. Depending on your Linux distribution and the availability, we suggest using the ip tool. Clearing cache with ip Newer Linux distributions have the ip utility. The ip tool has a more advanced way to clear out the full ARP cache. ip -s -s neigh flush all
Linux Capabilities: Hardening Linux binaries by removing setuid
Setuid binaries may be a risk for the system. We will investigate how to remove the setuid bit and use Linux capabilities instead, to reduce the risks.
Summary
Hardening Linux binaries by removing setuid Normally Unix based systems use two kind of processes: privileged and unprivileged. The first category is usually used for administrative purposes, like starting and stopping other processes, tuning the kernel and opening sockets. Root permissions The command ping is a great example why even small programs needs root permissions. In a first glance you might consider this tool to be simple: send a package to a host and see if it responds.
GPG key generation: Not enough random bytes available
A common error when creating keys with GnuPG is: Not enough random bytes available. In this article we have a look at the cause and solution to create more random bytes for entropy.
Summary
Anyone who wants to create a new key set via GnuPG (GPG) may run into this error: We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy!
Alternatives to Bastille Linux: system hardening with Lynis
Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille. One example is hardening your system after...
Summary
Many people used Bastille Linux to harden their Linux systems. Unfortunately the website of Bastille seems very outdated, including the tool. This resulted in people searching for a great alternative to replace this tool. We found the alternative by actually combining different solutions, being more powerful. Security automation is hot, so forget Bastille and do it the right way. Automatic hardening makes sense Most system administrators can’t keep up with the new technologies and security threats.
OpenSCAP on CentOS 7 – Installing from source
Sometimes we need to build things from source. In this article we install OpenSCAP on CentOS 7 by compiling and installing it manually.
Summary
Installing from source Security automation is hot and we love it. One way is using the OpenSCAP toolkit. Unfortunately it is not mature enough, so you might want to build and install it from source. We share our findings while creating our test environment. Install required components On our minimum installed CentOS 7 system, we need to install a few components. Most are related to compiling C++ and parsing XML files.
Yum plugins: Available plugins and built-in security support
To determine the available yum plugins, we analyze them for our goal: discovering if security support is in the yum plugins itself or built-in by default.
Summary
Enhancing yum Determine available plugins and built-in security support To enhance the support in our auditing tool Lynis, we wanted to know if yum supports security related functions by using a plugin or having it as built-in functionality. Yum Yum, or Yellowdog Updater Modified, is a software management tool for Linux based systems. Usually it is used on systems running SuSE or Red Hat based (like RHEL, Fedora or CentOS). Plugins extend the functionality of yum, to improve its functionality.
Protect Linux systems against SSLv3 Poodle vulnerability
The Poodle vulnerability is discovered in October 2014, putting all systems using SSL 3.0 at risk. We share steps to mitigate this vulnerability on Linux based systems.
Summary
What is the Poodle vulnerability ? The “Poodle” vulnerability is basicly an attack on the SSL 3.0 protocol. It is discovered in October 2014. The flaw is in the protocol itself (not implementation), which makes the issue applicable for all products using SSL 3.0. TLS 1.0 and later are considered safe against the attack. How does the attack work? While we won’t go into too much depth of encryption and ciphers, we will share some basics.
Installation of Lynis on Arch Linux systems
Lynis is available as a package for Arch Linux and installation is just a few steps. We look at the options to install Lynis on your favorite Linux distro.
Summary
Tutorial for Lynis installation on Arch Linux Pacman Arch Linux is getting more popular due to its great community support and the way it is organized. Being a “rolling release” system, it is continuously up-to-date. Still, you want to make sure your security defenses are equally up-to-date, so that’s where Lynis comes in. Normally pacman is used for installing new packages. Unfortunately, the lynis package does not show up. # pacman -Ss lynis # pacman -Ss rkhunter community/rkhunter 1.
How to solve Shellshock on Debian and Ubuntu
Also Debian and Ubuntu are vulnerable for Shellshock vulnerability in Bash. That's why it is important to run apt update and perform an upgrade of Bash.
Summary
Protect against Shellshock Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much effort and remotely exploit systems, it has a maximum vulnerability score according to CVSS. Upgrade Bash First update the software repository with apt-get, using the update parameter. apt-get update && apt-get install -only-upgrade bash Your system should now have a newer version of bash.
Linux Security for DevOps
With security getting more and more attention, we focus on Linux security for DevOps. Also DevOps will need hardening, auditing and dealing with compliance.
Summary
During the last years the role of DevOps evolved. This person could be described as the hybrid: a system administrator with development skills, or the developer which is also infrastructure savvy. With Linux and so many available tooling, it is becoming easier for people to learn both development and managing infrastructures. We are especially interested in Linux security for DevOps and what they can apply. Automation is key Repeating work is not only boring, but also a waste of time.
Auditing Linux processes: The Deep Dive!
In-depth article about auditing Linux processes. Determination of running processes, memory and on-disk structure and the proper tools for analyzing them.
Summary
From the initial start of the Linux operating system, the first processes are already born. In this article we have a look on dealing with processes. In particular we look at how to do process auditing. Whenever you are an auditor, system administrator or just a Linux enthusiast, you can’t ignore processes and should know how to deal with them. Process listing For most people working on Linux systems, it might be obvious to display running processes with ps.