Discover to which package a file belongs to

Determine the package a file belongs do Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. CentOS, Fedora, RHEL Show files per installed package To show what files are in a package, use the rpm command. rpm -ql […]

Read more

How to solve an expired key (KEYEXPIRED) with apt

Updating expired keys on Debian and Ubuntu Software updates and package management is easy with systems based on Debian or Ubuntu. Just apt-get update (or apt update) and run an upgrade. But sometimes you may encounter the following situation: a KEYEXPIRED message. root# apt-get update && apt-get upgrade Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Hit:2 http://nl.archive.ubuntu.com/ubuntu xenial InRelease Get:3 http://nl.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB] Hit:4 http://nl.archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:5 https://packages.cisofy.com/community/lynis/deb stable InRelease Get:6 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [373 kB] Ign:7 […]

Read more

Linux Vulnerabilities Explained: From Detection to Treatment

Linux Vulnerabilities Explained If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although GNU/Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it. The goals? Know which vulnerabilities exists […]

Read more

Determine Processes Which Need a Restart with checkrestart/needrestart

Determine which processes need a restart after software patching Proper software patch management helps reducing weaknesses on your systems. But even if you patched an outdated system, old processes and libraries can continue to run in memory. For example when a library is updated, an active program might still use the old version. To really finish the process of software patching, we have to do more. This includes preparation, performing the update and finally check if we need a restart […]

Read more

Using unattended-upgrades on Debian and Ubuntu

Using unattended-upgrades on Debian and Ubuntu To counter the biggest threat to software packages, they should be updated on a regular basis. Vulnerabilities are discovered on a daily basis, which also requires we monitor daily. Software patching takes time, especially when testing and reboots are needed. Fortunately, systems running Debian and Ubuntu can use unattended-upgrades to achieve automated patch management for security updates. Installation With most software packages, unattended-upgrades has to be installed. root@system:~# apt-get install unattended-upgrades If you are […]

Read more

How to solve Shellshock on Debian and Ubuntu

Protect against Shellshock For Debian and Ubuntu Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much efforts and remotely exploit systems, it has a maximum vulnerability score according to CVSS. Upgrade Bash First update the software repository with apt-get, using the update parameter. apt-get update && apt-get install –only-upgrade bash Your system should now have a newer version […]

Read more

Check for required reboot on Debian, Ubuntu and others

Check for required reboot on Debian, Ubuntu and others Users of Debian-based systems know they have to reboot their systems, just like any other Linux distribution. However, why is the reboot needed? Could we monitor for which systems need an actual reboot? Required reboot Tracking which servers need a required reboot is important to limit any vulnerabilities. Especially weaknesses in the kernel or related to important components (e.g. OpenSSL), should be solved as soon as possible. Therefore patching them is […]

Read more