Monitoring Linux File access, Changes and Data Modifications

Monitoring File access, Changes and Data Modifications   Linux has several solutions to monitor what happens with your data. From changing contents to who accessed particular information, and at what time. For our auditing toolkit Lynis, we researched and tested several solutions over the last few years. In this article we have a look at these solutions to monitor file access, changes and modifications to the data and beyond. What is Data? Data is a collection of bits, ordered in […]

Read more

Vulnerabilities and Digital Signatures for OpenBSD Software Packages

Vulnerabilities and Digital Signatures Auditing OpenBSD Software Packages If you audit systems on a regular basis, you eventually will come across an OpenBSD system. OpenBSD is known for its heavy focus on security, resulting in an operating system with a low footprint and well-audited source code. While most operating systems are pretty secure, they quickly will introduce new security holes when installing external software components. Although OpenBSD does careful checks for packages they add, those might be containing still a […]

Read more

PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)

PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4) PCI describes in control 10.2.4 to monitor for “invalid logical access attempts”. Another way of saying to monitor attempts which are not allowed, like accessing a file you are not supposed to. Another indication might be brute force attempts to log in, which result in several failed logins. To monitor for invalid access attempts, we can use the Linux audit framework. This framework has been created and maintained by Red Hat […]

Read more

Monitoring Linux Systems for Rootkits

Monitoring Linux Systems Detecting and preventing rootkits Rootkits are considered to be one of the most tricky pieces of malware. Usually they are loaded onto the system by exploiting weaknesses in software. Next phase is being installed and hide as good as possible, to prevent detection. We have a look at a few security measures you can take to prevent this kind of threat.   System Protection Kernel The kernel is the brain of the software system and decides what […]

Read more

PCI DSS (v3) Linux: Logging of administrative actions with root privileges (10.2.2)

PCI DSS: Logging of administrative actions with root privileges Companies who need to comply with the PCI DSS standard need to log all actions which are executed by the root user, or similar administrative privileges. 10.2.2 Verify all actions taken by any individual with root or administrative privileges are logged. The Linux kernel allows to monitor commands. By configuring the Linux audit framework, we can monitor the right system calls and create an audit trail. Configure logging To capture executed […]

Read more

Product comparison: Lynis VS Nessus

Lynis VS Nessus Comparison of both products Professionals ask us often how Lynis is different than Tenable Nessus. As the original author of Lynis, let me address that very interesting question.   Different goal Nessus is focused on vulnerability scanning, or in other words, finding weaknesses in you environment. The huge amount of plugins and their actions show that this is the primary focus. Along the way it started to implement others services, like compliance checking. Lynis also detects vulnerabilities, […]

Read more

tlsdate: The Secure Alternative for ntpd, ntpdate and rdate

tlsdate The Secure Alternative for ntpd, ntpdate and rdate The common protocol to synchronize the time, is named Network Time Protocol, or NTP. While this protocol works great for synchronizing systems to one or more multiple time sources, it is not always easy to set-up. One alternative is using tlsdate, a secure replacement to keep your systems in sync. About the Project The software is written in 2012 by Jacob Appelbaum and can be found at GitHub: tlsdate. With the […]

Read more

Using Open Source Auditing Tools as Alternative for CIS Benchmarks

Using Open Source Auditing Tools An alternative to CIS Benchmarks and hardening guides Hardening guides, and the CIS benchmarks in particular, are a great resource to check your system for possible weaknesses and conduct system hardening. But who has the time to read it cover to cover, and apply every single step? In this article we have a look at the alternative: open source auditing tools. Time.. Hardening is a time consuming task. As security specialists, we know that. It […]

Read more
1151617181929