Linux Security Scanning for Dummies

Linux Security Scanning for Dummies Every system needs some level of protection. Still, many people simply forget to do it, or can not find the time to properly do it. To be as efficient and effective as possible, let’s take at a structured way for security scanning your Linux machines. The 5 dummy steps are: 1. Focus on risk Like not every company is a bank, our systems are not all part of a top secret mission. We have to […]

Read more

Linux security: Reviewing log files

Linux security: Reviewing log files Log files are the precious collection of system events. Still many people don’t use them, until it is really needed. Let’s go from the reactive use of log files to a proactive stance. The Logging Dilemma Capturing events helps in troubleshooting. By defining what events are ignored and which ones are logged, we get a quick overview on the status of a system. The dilemma is usually in how much logging is enough to get […]

Read more

How to audit AIX Unix systems with Lynis

How to audit AIX Unix systems with Lynis Each system is as strong as its weakest link. Also for systems running on AIX this rule applies. Therefore a regular audit can help finding the weakest links. Next step is then the fortification of these weakened areas and implementing system hardening measures. What to audit? There is a lot to look for when auditing a system running AIX. Let’s have a look at the most important areas. File systems Monitor alterations […]

Read more

OpenSSH security and hardening

OpenSSH security SSH (Secure SHell) is a commonly used protocol for secure data communications between systems. It is rare to find systems not having this service running. As this opens up a potential gateway into the system, hardening the configuration of the SSH server is an important step in server hardening. In this guide,¬†we will harden OpenSSH and increase its security defenses. We will focus on several common configuration options of SSH and learn how to improve it. Use of […]

Read more

Linux audit – Log files in /var/log/audit

Linux audit – Log files /var/log/audit By default the Linux audit framework logs all data in the /var/log/audit directory. Usually this file is named audit.log. /var/log/audit/audit.log This is the default log file for the Linux audit daemon. The file has a capture of all related audit events. It has been configured in auditd.conf: root@server# cat /etc/audit/auditd.conf log_file = /var/log/audit/audit.log   Usually there is no reason to alter this location, unless a different storage location is preferred. For safeguarding of the […]

Read more

Unix security audit: Perform an audit in 3 minutes

Unix security audit: Perform an audit in 3 minutes Want to know the vulnerabilities of a Unix/Linux system is in just 3 minutes? How? Perform a scan with Lynis, the open source Unix security audit tool! Lynis Lynis is open source software (GPLv3), released in 2007 and a popular choice by many security professionals and system administrators. Hundreds of downloads in the first week of each release and with a lot of community feedback, Lynis is the right tool for […]

Read more

Auditing Linux: what to audit?

Auditing Linux: what to audit? In this article we answer the big question on Linux systems “what to audit?”. Where do you start and what is useful to audit? We apply our three C‘s in this article to determine what we should look for when auditing a Linux system. Current state What is the current state of the system and how does it compare to previous time? Ideal situation: compare current state of the system with a predefined baseline or […]

Read more

Central audit logging: Configuration and collecting of Linux audit events

Central audit logging: Configuration and collecting Linux audit events This guide is to help our users of the Lynis Enterprise Suite to configure a central node to receive Linux audit events. It provides some pointers on how to do a quick set-up, to store and forward events. This information is very valuable for forensic investigations and intrusion detection. Configure the server First start by configuring the server. Since this is a central log host, it should have enough disk capacity […]

Read more
1234