GDPR Compliance: Technical Requirements for Linux Systems

GDPR for Linux systems What is GDPR? The General Data Protection Regulation (GDPR) is a regulation to protect data stored about individuals from the European Union. When speaking about stored data, it includes the handling of data at any given time, from entry to data deletion. One of the important parts is the right to ‘know’. That means that individuals can ask what data is stored about them. Another request they may make is that this data is deleted. You may know […]

Read more

Configure the minimum password length on Linux systems

Linux and password strength One of the options to improve password security is by setting a minimum length. This prevents users from choosing easy passwords. As part of Linux system hardening, you don’t want your passwords to be cracked too quickly by modern password crackers. Configuration Login settings The first area where you can set a password length is in /etc/login.defs. The related setting is PASS_MINLEN and already tells us it is about the minimum length of a password. Modern Linux […]

Read more

The State of Linux Security

Linux Security (2016) Introduction In the last 10 years, GNU/Linux achieved something some foreseen as almost impossible: powering both the smallest and biggest devices in the world, and everything in between. Only the desktop is not a conquered terrain yet. The year 2016 had an impact on the world. Both from a real life perspective, as digitally. Some people found their personal details leaked on the internet, others found their software being backdoored. Let’s have a look back on what […]

Read more

First-time open source contributor: Eric Light

Thoughts from a first-time contributor to open source software In this article, we learn from a first-time contributor to open source. His name is Eric Light and lives in New Zealand. We came in contact via the Lynis project and I interviewed him to share his experiences. MB: Thanks for taking the time Eric. Can you describe a little bit about yourself? I started working with computers when I was eight years old, back when my uncle gave me an […]

Read more

Beginners Guide to nftables Traffic Filtering

Traffic filtering with nftables Many Linux administrators became familiar with iptables and ip6tables. Less familiar are tools like arptables and ebtables. Meet the successor of them all: nftables, a packet filtering framework, with the goal to replace all the previous ones. After reading this guide you will be able to configure your own firewall configuration. Step by step we will show how nftables work. Although no knowledge of iptables is needed, we will share some differences with iptables where applicable. […]

Read more

How are auditd and Lynis different?

Differences between auditd and Lynis Recently I received the question what the difference is between auditd and Lynis. Both focus on auditing, that part is clear. For someone not familiar with both software tools, the technical differences may not directly be obvious. Time to write about that, for everyone that has the same question. Comparing functionality Let’s start with a quick introduction in both tools. Audit daemon Auditd is the daemon process in the Linux Audit Framework, written and maintained by […]

Read more

Understand and configure core dumps on Linux

Linux and core dumps Every system needs running processes to fulfill its primary goal. But sometimes things go wrong and a process may crash. Depending on the configuration of the system a core dump is created. In other words, a memory snapshot of the crashed process is stored, usually on a disk drive. The term “core” actually refers to the old magnetic core memory from older systems. Although this type of memory is no longer being used, we still use […]

Read more

The purpose of the /etc/networks file

What is /etc/networks file? Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does […]

Read more
123428