Determine Processes Which Need a Restart with checkrestart/needrestart

Determine which processes need a restart after software patching Proper software patch management helps reducing weaknesses on your systems. But even if you patched an outdated system, old processes and libraries can continue to run in memory. For example when a library is updated, an active program might still use the old version. To really finish the process of software patching, we have to do more. This includes preparation, performing the update and finally check if we need a restart […]

Read more

Using SSH keys instead of passwords

Using SSH keys instead of passwords Linux systems are usually managed remotely with SSH (secure shell). Still many administrators are using passwords, instead of keys. Keys not only boost security, it also makes managing systems much easier. Instead of entering your password for each server, you only have to do it once per session. When managing several systems per day, you will be wondering why you ever used password based authentication before. Creating the key Depending on your desktop platform, […]

Read more

Optimize SSL/TLS for Maximum Security and Speed

Optimize SSL/TLS for Maximum Security and Speed High Goal Setting Recently we changed our corporate website into a “HTTPS only” version. Most of the content is not secret information, still we have some sensitive areas. The ordering section and downloads, and additional our portal. While some areas were already covered with a lock, we felt it was time to make the jump to cover it all. Additionally, we believe that we doing everything we can on our website, practicing security […]

Read more

Using unattended-upgrades on Debian and Ubuntu

Using unattended-upgrades on Debian and Ubuntu To counter the biggest threat to software packages, they should be updated on a regular basis. Vulnerabilities are discovered on a daily basis, which also requires we monitor daily. Software patching takes time, especially when testing and reboots are needed. Fortunately, systems running Debian and Ubuntu can use unattended-upgrades to achieve automated patch management for security updates. Installation With most software packages, unattended-upgrades has to be installed. root@system:~# apt-get install unattended-upgrades If you are […]

Read more

Updating all OpenBSD packages with pkg_add

Using pkg_add Keeping your systems stable and secure Every system needs to stay up-to-date with its packages, including OpenBSD. Most OpenBSD users already use pkg_add for the installation of packages. This utility can also be used for package upgrades. Option 1: Use /etc/installurl Newer OpenBSD versions use the file /etc/installurl to select the mirror for pkg_add. Option 2: PKG_PATH The first thing to do is defining your PKG_PATH. This will usually be the¬†address of a FTP or HTTP server, which […]

Read more

Software Patch Management for Maximum Linux Security

Linux Patch Management Maximum Linux security with proper software patch management   Software upgrades are almost as old as the first lines of software code. Still companies struggle to properly update software, also when it comes to security patching. In this article we have a look at the reason behind patching and some methods to keep your systems humming, with fresh packages. Why Update? To most of us, it instantly makes sense to keep the software on your systems up-to-date. […]

Read more

Linux Audit Framework 101 – Basic Rules for Configuration

Linux Audit Framework 101 Basic Rules for Configuration Starting with Linux auditing can be overwhelming. Fortunately there is a great tool available to tell the Linux kernel to watch some events and log them for us. To give you a quick start to use the Linux Audit Framework, we have collected some basic rules for configuring the audit daemon and its rules. Main Configuration By default the configuration values in /etc/audit/audit.conf are suitable for most systems. If you know your […]

Read more

tlsdate: The Secure Alternative for ntpd, ntpdate and rdate

tlsdate The Secure Alternative for ntpd, ntpdate and rdate The common protocol to synchronize the time, is named Network Time Protocol, or NTP. While this protocol works great for synchronizing systems to one or more multiple time sources, it is not always easy to set-up. One alternative is using tlsdate, a secure replacement to keep your systems in sync. About the Project The software is written in 2012 by Jacob Appelbaum and can be found at GitHub: tlsdate. With the […]

Read more
12345