2016-10-15 Michael BoelenMac Leave a comment

Changing file permissions on macOS (and using flags)

Using file flags on macOS While performing system hardening on macOS, you may encounter a typical chmod error. Something like this: chmod: Unable to change file mode on /usr/bin/gcc: Operation not permitted Even with root permissions, you can’t change the permissions of some files. How is this possible? This is caused by flags. Showing file permissions and flags To see if a file has any flags set, use the ls command with the l (el) and O (capital o). ls -lO /usr/bin/gcc […]

2016-01-21 (last updated at September 14th, 2019) Michael BoelenFile Integrity 3 comments

File permissions of the /etc/shadow password file

Linux password files and permissions The password files are an important cornerstone of the security of your Linux system. Commonly they are /etc/passwd and /etc/shadow, and installed by default. Sometimes we receive questions what the right permissions of these files should be. Therefore this blog post to have a look at the file permissions (and ownership) of both files. Passwd file The password file stores local accounts of the system. It is a readable text file and uses colons (:) […]

2014-11-15 Michael BoelenHardening, System Administration 16 comments

Linux Capabilities: Hardening Linux binaries by removing setuid

Linux Capabilities Hardening Linux binaries by removing setuid Normally Unix based systems use two kind of processes: privileged and unprivileged. The first category is usually used for administrative purposes, like starting and stopping other processes, tuning the kernel and opening sockets. Root permissions The command ping is a great example why even small programs needs root permissions. In a first glance you might consider this tool to be simple: send a package to a host and see if it responds. The […]

2014-10-16 Michael BoelenAuditing, Compliance, PCI DSS compliance Leave a comment

PCI DSS (v3) Linux: Restrict log file viewing (A.1.2.d)

Restrict log file viewing A.1.2.d Verify that viewing of log entries is restricted to the owning entity. To limit exposure to information, PCI DSS requires access of logging to only the entity owning that log file. In other words, we have to search for those entries which can be seen by others. Search related log files By default, most log files on Linux based systems will be stored in /var/log. We can do a quick check for any files which […]

2014-07-06 (last updated at July 13th, 2018) Michael BoelenAccess Control List, Auditing, File System Leave a comment

Plus sign in ls output

What is the + sign when using ls? Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL. total […]

2014-04-21 (last updated at June 23rd, 2018) Michael BoelenAuditing, Linux

Conducting a Linux Server Security Audit

Conducting a Linux Server Security Audit Auditing a system can be a time-consuming job, which is no different when conducting a Linux server security audit. Within this article, we give some highlights regarding the audit and tips to automate them by using Lynis. The business goal Before auditing any system, determine the business goal of the system. How critical is this system for doing business? What if the system goes down? Usually each system has a clear role or multiple […]