How to check if your Arch Linux system needs a reboot

Arch Linux reboots How to check if a reboot is needed By default Arch will install the kernel in /boot with the name vmlinuz-linux. To determine if the system is running the latest kernel, we can compare the running kernel and the one on disk. Running kernel One way to determine the running kernel is with the uname command. By default installed and with the -r parameter it will provide the kernel release version. [root@archlinux ~]# uname -r 3.17.4-1-ARCH Kernel […]

Read more

Perform NetBSD security audit with pkg_admin

Perform NetBSD security audit Security audit of NetBSD software packages with pkg_admin NetBSD is especially known for it’s diverse platforms it can run on. What is less known is the ability to audit the installed packages. In this article we have a look on how to audit NetBSD and ensure the file integrity of your packages. Performing a security audit is easy, as long as you use the right tool! Packages When using packages, their metadata will be installed in […]

Read more

Finding boot logs in systemd journals

Finding boot logs in systemd journals Systemd used a binary log to store information about specific events. These events include the boot sequence and the related output. In this article we have a look at finding our boot logs in systemd journals. Binary logging When using systemd, boot data is stored in journals, a binary format. There is big benefit of saving boot data in a binary format: log information of each boot can be stored separately, linked to other […]

Read more

Alternative for netstat: ss tool

Alternative for netstat System administrators and security professionals searching for listening ports on a server, are definitely familiar with the netstat command. However, newer distributions do not have the tool default installed anymore. Time to start using ss besides our beloved netstat command. ss Socket statistics, or ss for short, is an easy replacement command for netstat. One way to use it, is with parameters ss -aut -a: show listening and non-listening sockets -u: show UDP -t: show TCP [root@archlinux […]

Read more

Linux Capabilities 101

Linux Capabilities 101 Tutorial about how capabilities work in Linux Even seasoned Linux administrators may not see capabilities a lot in their daily duties, but they are still used all the time. This features was added to Linux 2.2 and gave us new possibilities regarding security. In this guide we have an in-depth look on how can leverage them to increase security. The problem It is good to know why capabilities were implemented at the first place. Let’s assume we […]

Read more

Auditing systemd: solving failed units with systemctl

Auditing systemd Solving failed units with systemctl Systemd is an alternative service manager to the more traditional init system. To ensure the system is healthy, failed units should be investigated on a regular basis. Sooner or later a unit might fail and showing up the systemctl listing. In this article we have a look at how to solve it. Why do services fail? During the start of the system, enabled services are started and queued to be executed. Most processes […]

Read more

Linux Capabilities: Hardening Linux binaries by removing setuid

Linux Capabilities Hardening Linux binaries by removing setuid Normally Unix based systems use two kind of processes: privileged and unprivileged. The first category is usually used for administrative purposes, like starting and stopping other processes, tuning the kernel and opening sockets. Root permissions The command┬áping is a great example why even small programs needs root permissions. In a first glance you might consider this tool to be simple: send a package to a host and see if it responds. The […]

Read more

Alternatives to Bastille Linux: system hardening with Lynis

System hardening with Lynis Many people used Bastille Linux to harden their Linux systems. Unfortunately the website of Bastille seems very outdated, including the tool. This resulted in people searching for a great alternative to replace this tool. We found the alternative by actually combining different solutions, being more powerful. Security automation is hot, so forget Bastille and do it the right way. Automatic hardening makes sense Most system administrators can’t keep up with the new technologies and security threats. […]

Read more
12345