The Linux security blog about Auditing, Hardening, and Compliance
Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it. The unknown file You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal. Here is […]
Read moreWhat is a rootkit? A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools. Hiding by manipulation The tools in the rootkit are typically altered binaries that provide an alternative truth. They will display everything a typical command would do, except those parts that […]
Read moreConfiguring and auditing Linux systems with Audit daemon The Linux Audit Daemon is a framework to allow auditing events on a Linux system. Within this article we will have a look at installation, configuration and using the framework to perform Linux system and security auditing. Auditing goals By using a powerful audit framework, the system can track many event types to monitor and audit the system. Examples include: Audit file access and modification See who changed a particular file Detect […]
Read moreOne day your web hoster or yourself may discover that your Linux system is slow. Upon logging in, you see a high load consumed by a suspicious process name or maybe just the Apache web server. Is your system compromised? How do you know it is? Let’s have a look at how to deal with security breaches and incident response. Recognizing a security breach Not all security breaches are directly visible. Attackers may have compromised your system a while ago […]
Read more