Dealing with a compromised Linux system

Compromised Linux system Before we dive deep into this subject of dealing with a compromised Linux system, we have the answer the biggest question: how do we know we are compromised? Usually some signs are a clear give-away: The website hosted was altered and replaced with a “You have been hacked” page The system is missing essential binaries, or they all crash after executing Unauthorized users have been created and the system is hosting movies and music, which is not […]

Read more

Auditing Linux: Software Packages and Managers

Auditing Linux: Software Packages and Managers No system can do its job without any installed software packages. However after installation of the system, or running it for a while, it often becomes unclear why some software was ever installed. This article looks at methods on auditing installed software, check for security updates and the related follow-up. Package managers To enable system administrators to properly manage software and upgrading them, Linux uses a package manager. This suite often consists of a […]

Read more

Lynis Hardening Index

Lynis Hardening Index At the end of each Lynis scan the report will be displayed. This report will include the findings (warnings and suggestions) and general information like the amount of security tests performed. Additionally the location of the log file and report data will be displayed. Between all this information there is a “Lynis hardening index” displayed. This index is  unique to Lynis. The index gives the auditor an impression on how well a system is hardened. This number […]

Read more

Securing Linux: Audit with Lynis (an introduction into auditing)

Introduction Securing a Linux system can take a lot of time. For this purpose we have written Lynis, a quick and small audit tool. It’s an open source tool and freely available. You just need root permissions and a common shell and you’re ready to do your first audit. The main audience for this tool is auditors, security professionals, penetrating testers and system administrators. First audit Most Linux distributions already have Lynis in their software repository. If not, then download Lynis […]

Read more

Linux Audit: Auditing the Network Configuration

Introduction Within this article we have a look on how to audit and check the network configuration of Linux and other systems. The main focus is on gathering information and discover how systems are configured. By taking these steps we will do a manual audit. For efficiency reasons we suggest to use an automated tool like Lynis. Where to start? Each Linux distribution has their own way and files to configure the network. Therefore we look at the basic components […]

Read more

Lynis stuck during testing

Introduction Normal Lynis scans take a few minutes to complete, therefore any test taking more than 1 minute, might be stuck during its test. Within this article we have a look at a few things you can do. Stuck When a particular test is taking a long time, the test might be stuck. However, that’s not always the case. To determine what Lynis is doing, open up a second terminal and start with running ps aux to see what processes […]

Read more
1252627