System Auditing

Auditing is the process of ensuring correct implementation with predefined policies. This blog focuses on the specifics when it comes to technical system auditing.

Vulnerability Scanning: The Destiny to Disappointment?

The Need Of Vulnerability Management Our digital world is full of hardware and software components. The big difference between the two is the quality. When hardware ships with defects, people will return it and talk badly about it. For software it is fine if things are not perfect from the beginning. It can be improved upon in steps, until most of its users are happy with it. Developers of this software often are some level of pressure. We already know […]

Read more

Linux Vulnerabilities Explained: From Detection to Treatment

Linux Vulnerabilities Explained If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although GNU/Linux and most software are open sourceĀ and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it. The goals? Know which vulnerabilities exists […]

Read more

In-depth Linux Guide to Achieve PCI DSS Compliance and Certification

Linux Guide for PCI DSS Certification, Compliance, and Auditing If you work for a company which accepts, processes or stores credit card details, you might be very familiar with the PCI Data Security Standard (DSS). The standard itself is detailed, yet sometimes unclear on what specifically to implement (and when). This guide will help with translating the PCI standard to technical security controls on Linux systems. It is based on the current version of PCI DSS, which is now version […]

Read more

Tiger is History, Long Live Modern Alternatives!

The History and Alternatives to the Tiger Security Tool Recently I saw some tweets showing up from an old friend: Tiger. Surprised to see it being promoted, as I know the tool for years, but never seen any new releases in the last years. Both are actually a shame. An outdated tool is usually of lower value. Promoting old tools might actually disappoint others and harm the initial trust in the software. History of Tiger In its day, the tool […]

Read more

Security Defenses to Fortify your Linux Systems

How to Fortify your Linux Systems Create a Linux security fortress; implementing security defenses using towers, bridges, and guards. Still many companies have difficulties implementing basic security measures. Even after years of websites being defaced, and customer records stolen, the same mistakes are made over and over again. While this all might sound like an unsolvable situation, information security is getting attention from more people. If you are responsible for the system management of Linux systems, ignoring security is no […]

Read more

PCI DSS (v3) Linux: Logging of administrative actions with root privileges (10.2.2)

PCI DSS: Logging of administrative actions with root privileges Companies who need to comply with the PCI DSS standard need to log all actions which are executed by the root user, or similar administrative privileges. 10.2.2 Verify all actions taken by any individual with root or administrative privileges are logged. The Linux kernel allows to monitor commands. By configuring the Linux audit framework, we can monitor the right system calls and create an audit trail. Configure logging To capture executed […]

Read more

Using Open Source Auditing Tools as alternative to CIS Benchmarks

Using Open Source Auditing Tools An alternative to CIS Benchmarks and hardening guides Hardening guides, and the CIS benchmarks in particular, are a great resource to check your system for possible weaknesses and conduct system hardening. But who has the time to read it cover to cover, and apply every single step? In this article, we have a look at the alternative: open source auditing tools. Time.. Hardening is a time-consuming task. As security specialists, we know that. It involves […]

Read more

PCI DSS (v3) for Linux: Auditing application processes (A.1.2.a)

PCI DSS (v3) Linux: Auditing application processes (A.1.2.a) A.1.2.a Verify the user ID of any application process is not a privileged user (root/admin). For Unix and Linux based systems, processes should run as a non-privileged user where possible. However to be able to start, a process is usually started with root permissions (uid 0). This is required to open the required sockets (e.g. bind to port 80). After the initial start, the process drops its privileges by switching to another […]

Read more