Security Defenses to Fortify your Linux Systems

How to Fortify your Linux Systems Create a Linux security fortress; implementing security defenses using towers, bridges, and guards. Still many companies have difficulties implementing basic security measures. Even after years of websites being defaced, and customer records stolen, the same mistakes are made over and over again. While this all might sound like an unsolvable situation, information security is getting attention from more people. If you are responsible for the system management of Linux systems, ignoring security is no […]

Read more

Quick Tip: Disable Adobe Flash Player in Chrome

How to disable Flash The end of Adobe’s Flash Player is near. Most of the remaining Flash on the web are advertisements or “fancy” movies, created years ago. If you don’t need Flash any longer, these steps help you to disable it in Chrome. Step 1: Open plugins Go to chrome://plugins This will show an overview of all your plugins. Step 2: Disable Abode Flash Player Press Disable on the Adobe Flash Player. The color of the plugin changes and […]

Read more

The ultimate strace cheat sheet

Strace cheat sheet The strace utility is very powerful to learn what a new or running process is doing. Due to its diversity of monitoring options, the tool is less accessible at first. This strace cheat sheet helps with getting the best out of this tool. Normally cheat sheets come in a single 1 page PDF. In this case, we combined it all within a blog post. First section shows an explanation per area, the bottom of the post contains […]

Read more

Monitor file access by Linux processes

Process Auditing: Disk and File Activity Processes are the running workforce on a Linux system. Each process has a particular goal, like forking child processes, handling incoming user requests of monitoring other processes. As a system administrator or IT auditor, you might want to know at some point what disk activity occurs in a process. In this article, we have a look at a few options to quickly reveal what is occuring in a process, including disk and file activity. Monitor syscalls […]

Read more

Three Lessons for Security Professionals: Be a Donkey!

Security Professionals: Be a Donkey! How being a donkey can help you succeed in your daily work. The donkey is considered to be a stupid animal in most of the western world. Actually, we might be pretty wrong about our current believes. As security professionals, we can definitely learn something from these friendly-looking creatures. 1) Learn Quickly We have a Dutch saying “A donkey does not bump into the same stone twice”. The thought is that if you make the […]

Read more

Forget Linux Vulnerability Scanning: Get Better Defenses

Building Defenses Beyond Linux Vulnerability Scanning Every month or so, I get a few questions about the vulnerability capabilities Lynis has to offer. It made me think about this subject and I realized something: Many security professionals are still focusing too much on vulnerabilities. They want to know their security gaps, so they can know where they stand. While this isn’t a bad approach, there might be a better solution. The solution I will discuss today is to focus on (permanent) […]

Read more

Linux System Integrity Explained: Ensure Data, Logging and Kernel Integrity

Linux System Integrity Explained From Data and Logging, up to Kernel Integrity Systems exist for one primary goal, which is processing data. Information security helps protecting this valuable data, by ensuring its availability, integrity, and confidentiality. In other words, data should be available when we need it. Then it should be properly transmitted and stored, without errors. Our last goal ensures that it is only available to those with a need to know. Many open source software components are available […]

Read more

Installing ClamAV on CentOS 7 and Using Freshclam

Install and Configure ClamAV on CentOS 7 Including the usage of Freshclam   To get ClamAV on CentOS installed, we have to use the EPEL repository (Extra Packages for Enterprise Linux). Fortunately, the Fedora project provides this with an easy installation. Unfortunately the default configuration is not properly working. In this post we collect some of the issues and required changes. Let’s start with installing the EPEL support. yum install epel-release Next step is installing all ClamAV components. yum install […]

Read more

Determine Processes Which Need a Restart with checkrestart/needrestart

Determine which processes need a restart after software patching Proper software patch management helps reducing weaknesses on your systems. But even if you patched an outdated system, old processes and libraries can continue to run in memory. For example when a library is updated, an active program might still use the old version. To really finish the process of software patching, we have to do more. This includes preparation, performing the update and finally check if we need a restart […]

Read more

Budgeting for Techies: How to Get Money for a New Security Tool

Budgeting for techies How to Get Money for a New Security Tool We all know the common answer when asking for a new software tool: “sorry, no budget”. But why is that? Often because we, as technical oriented people, simply don’t know how budgeting works. Not surprising, as no one taught us. The downside is that it limits us seriously, to obtain the right tools for the job. Time to combine tech, money, and skills, to get finally that new […]

Read more

Kernel hardening: Disable and blacklist Linux modules

Disable and black Linux kernel modules The Linux kernel is modular, which makes it more flexible than monolithic kernels. New functionality can be easily added to a run kernel, by loading the related module. While that is great, it can also be misused. You can think of loading malicious modules (e.g. rootkits), or unauthorized access to the server and copy data via a USB port. In our previous article about kernel modules, we looked at how to prevent loading any […]

Read more

Increase kernel integrity with disabled Linux kernel modules loading

Increasing Linux kernel integrity Disable loading kernel module on Linux systems The Linux kernel can be configured to disallow loading new kernel modules. This feature is especially useful for high secure systems, or if you care about securing your system to the fullest. In this article, we will have a look at the configuration of this option. At the same time allowing legitimate kernel modules to be loaded. Disable kernel modules Newer kernel modules have a sysctl variable named kernel.modules_disabled. Sysctl […]

Read more

Logging root actions by capturing execve system calls

Logging root actions Capturing execve system calls and store them in the audit log For compliance or security reasons you might want to capture all commands executed by the root user. Fortunately enough the Linux audit framework helps with capturing the right system calls and log it to the audit file. Configure audit To enable auditing, use the following commands: auditctl -a exit,always -F arch=b64 -F euid=0 -S execve -k root-commands auditctl -a exit,always -F arch=b32 -F euid=0 -S execve […]

Read more

Simplifying Security: Choose the Right Toolkit, not Tool.

Simplifying Security I applaud many of our customers for being smart. Not to say other people are not, but they have made a specific choice in the past based on an understanding. They understand that a single security solution to make your IT environment safe, simply does not exist. It is the combination of tools, or your toolkit, which does. For this same reason, a carpenter has a tool chest, not a single tool. As a founder, I get to […]

Read more

DevOps vs Security: Can Docker make a difference?

One of the pioneers in the world DevOps, is the company Docker Inc. Known for its toolkit around Linux container technology, they propel the way this technology evolves and is promoted to the world. With great achievements and interest from the outside world, also comes a lot of pressure. Competing products are showing up, resulting in a battle for features, pricing and customers. Unfortunately for security professionals like us, the many security lessons from the past seems to be forgotten. […]

Read more
15678915