OpenSCAP on CentOS 7 – Installing from source

OpenSCAP on CentOS 7 Installing from source Security automation is hot and we love it. One way is using the OpenSCAP toolkit. Unfortunately it is not mature enough, so you might want to build and install it from source. We share our findings while creating our test environment. Install required components On our minimum installed CentOS 7 system, we need to install a few components. Most are related to compiling C++ and parsing XML files. Since we like to use […]

Read more

Yum plugins: Available plugins and built-in security support

Enhancing yum Determine available plugins and built-in security support To enhance the support in our auditing tool Lynis, we wanted to know if yum supports security related functions by using a plugin or having it as built-in functionality. Yum Yum, or Yellowdog Updater Modified, is a software management tool for Linux based systems. Usually it is used on systems running SuSE or Red Hat based (like RHEL, Fedora or CentOS). Plugins extend the functionality of yum, to improve its functionality. […]

Read more

Protect Linux systems against SSLv3 Poodle vulnerability

What is the Poodle vulnerability ? The “Poodle” vulnerability is basicly an attack on the SSL 3.0 protocol. It is discovered in October 2014. The flaw is in the protocol itself (not implementation), which makes the issue applicable for all products using SSL 3.0. TLS 1.0 and later are considered safe against the attack. How does the attack work? While we won’t go into too much depth of encryption and ciphers, we will share some basics. When SSL 3.0 is […]

Read more

Installation of Lynis on Arch Linux systems

Install Lynis on Arch Linux Tutorial for Lynis installation on Arch Linux Pacman Arch Linux is getting more popular, due to its great community support and the way it is organized. Being a “rolling release” system, it is continuously up-to-date. Of course you want to make sure your security defenses are equally up-to-date, so that’s where Lynis comes in. Normally pacman is used for installing new packages. Unfortunately, the lynis package does not show up. [root@archlinux ~]# pacman -Ss lynis […]

Read more

How to solve Shellshock on Debian and Ubuntu

Protect against Shellshock For Debian and Ubuntu Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much efforts and remotely exploit systems, it has a maximum vulnerability score according to CVSS. Upgrade Bash First update the software repository with apt-get, using the update parameter. apt-get update && apt-get install –only-upgrade bash Your system should now have a newer version […]

Read more

Linux Security for DevOps

Linux Security for DevOps During the last years the role of DevOps evolved. This person could be described as the hybrid: a system administrator with development skills, or the developer which is also infrastructure savvy. With Linux and so many available tooling, it is becoming easier for people to learn both development and managing infrastructures. We are especially interested in Linux security for DevOps and what they can apply. Automation is key Repeating work is not only boring, but also […]

Read more
1345