2015-02-02 Michael BoelenLinux Leave a comment

An Introduction Into Linux Security Modules

An Introduction Into Linux Security Modules Background Like normal kernel modules, security modules extend the basic functionality of the Linux kernel. The need for a modular structure was proposed when SELinux was being introduced. There was a little discussion to use modules or not, as SELinux was the only one being available. Some people proposed apply it as a kernel patch, but in the end Linux creator Torvalds, decided to make this type of functionality modular. The first security module […]

2015-01-22 (last updated at March 23rd, 2017) Michael BoelenContainers Leave a comment

Docker Security: Best Practices for your Vessel and Containers

Docker Security Everything you need to know about Docker security. Introduction into Docker Docker became very popular in a matter of just a few years. Operating systems like CoreOS use Docker to power the system by running applications on top of their own lightweight platform. Docker in its turn, provides utilities around technologies like Linux container technology (e.g. LXC, systemd-nspawn, libvirt). Previously Docker could be described as the “automated LXC”, now it’s actually even more powerful. What it definitely […]

PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4)

PCI DSS (v3) Linux: Invalid logical access attempts (10.2.4) PCI describes in control 10.2.4 to monitor for “invalid logical access attempts”. Another way of saying to monitor attempts which are not allowed, like accessing a file you are not supposed to. Another indication might be brute force attempts to log in, which result in several failed logins. To monitor for invalid access attempts, we can use the Linux audit framework. This framework has been created and maintained by Red Hat […]

Screenshot of Lynis running PCI DSS audit on Linux

2015-01-05 (last updated at July 23rd, 2018) Michael BoelenCompliance, PCI DSS compliance Leave a comment

PCI DSS (v3) Linux: Logging of administrative actions with root privileges (10.2.2)

PCI DSS: Logging of administrative actions with root privileges Companies who need to comply with the PCI DSS standard need to log all actions which are executed by the root user or those accounts with similar administrative privileges. 10.2.2 Verify all actions taken by any individual with root or administrative privileges are logged. The Linux kernel allows the monitoring of executed commands. This monitoring and logging can be done with the Linux audit framework. Using this framework, we can monitor […]

2014-12-15 (last updated at January 4th, 2015) Michael BoelenLinux, Monitoring, System Administration 9 comments

How to check if your Arch Linux system needs a reboot

Arch Linux reboots How to check if a reboot is needed By default Arch will install the kernel in /boot with the name vmlinuz-linux. To determine if the system is running the latest kernel, we can compare the running kernel and the one on disk. Running kernel One way to determine the running kernel is with the uname command. By default installed and with the -r parameter it will provide the kernel release version. [root@archlinux ~]# uname -r 3.17.4-1-ARCH Kernel […]

2014-12-09 (last updated at November 23rd, 2016) Michael BoelenFirewall One comment

Exporting nftables rules and configuration

Exporting nftables rules The usage of nftables will slowly grow in the upcoming years, with the goal to become the successor of iptables. Where iptables rules are harder to parse, nftables comes by default with an exporting facility. Exports formats include JSON and XML. Command syntax When using the command line utility nft for the first time, it looks a little bit unfriendly to the user. No suggestions on what to do, nor clear help on often used commands. To […]

2014-11-30 (last updated at July 25th, 2018) Michael BoelenHardening, Linux, System Administration Leave a comment

Linux capabilities 101

Security of Linux systems and applications can be greatly improved by using hardening measures. One of these measures is called Linux capabilities. Capabilities are supported by the kernel for some while now. Using capabilities we can strengthen applications and containers. Unfortunately, this powerful tool is still underutilized. Time to change that! This article helps to understand and apply them. What are Linux capabilities? Normally the root user (or any ID with UID of 0) gets a special treatment when running processes. […]

2014-11-27 Michael BoelenDevelopment, Hardening, Software Leave a comment

Protect against ptrace of processes: kernel.yama.ptrace_scope

Protect against the usage of Ptrace Hardening the kernel with kernel.yama.ptrace_scope Ptrace is a great troubleshooting tool for developers to determine how a process functions. It can be used to find programming flaws, like memory leakage. On the other hand, the tool also be used by people with malicious intent. For example to debug a process as a non-privileged user and find the contents of application memory. Yama Linux has the ability to include Linux Security Modules, to provide additional […]

2014-11-12 Michael BoelenAuditing, Compliance, PCI DSS compliance Leave a comment

PCI DSS (v3) Linux: No write access to shared system binaries (A.1.2.c)

No write access to shared system binaries A.1.2.c Verify that an entity’s users do not have write access to shared system binaries Shared system binaries should be protected, as they form the basis of your system. PCI compliance (A.1.2.c) demands that users do not have write access to shared systems binaries. The only exception is of course the root user, so software upgrades are still possible. Paths for system binaries Depending on the distribution used there are several directories which […]

2014-11-01 Michael BoelenAuditing, Automation, Configuration Management, Hardening, Lynis, Monitoring, Software, System Administration Leave a comment

Alternatives to Bastille Linux: system hardening with Lynis

System hardening with Lynis Many people used Bastille Linux to harden their Linux systems. Unfortunately the website of Bastille seems very outdated, including the tool. This resulted in people searching for a great alternative to replace this tool. We found the alternative by actually combining different solutions, being more powerful. Security automation is hot, so forget Bastille and do it the right way. Automatic hardening makes sense Most system administrators can’t keep up with the new technologies and security threats. […]

2014-08-30 (last updated at October 20th, 2014) Michael BoelenAuditing Leave a comment

Linux Security Scanning for Dummies

Linux Security Scanning for Dummies Every system needs some level of protection. Still, many people simply forget to do it, or can not find the time to properly do it. To be as efficient and effective as possible, let’s take at a structured way for security scanning your Linux machines. The 5 dummy steps are: 1. Focus on risk Like not every company is a bank, our systems are not all part of a top secret mission. We have to […]

2014-08-06 (last updated at March 6th, 2017) Michael BoelenLinux Leave a comment

Check for a required reboot on Debian and Ubuntu systems

Required restart required? Administrators of Debian-based systems know they have to reboot their systems, just like any other Linux distribution. However, why is the reboot needed? Could we monitor for which systems need an actual reboot? Required reboot Software can contain issues, which we call bugs. Most bugs are just annoying if you encounter them and can be fixed by upgrading to a newer version of the software. Other bugs are special in the way that they may leak sensitive […]

2014-07-30 (last updated at December 12th, 2015) Michael BoelenLinux Leave a comment

Security Program: Implementing Linux Security

Security Program: Implementing Linux Security Information security is possibly one of the hardest subjects in IT. Doing too less and you risk of security breaches. Doing too much will restrict the core businesses of your organization. With a proper security program, implementing Linux security can be greatly simplified. By having a structured approach, the strength of the defenses will increase, while risks decrease. In this article, we have a look at how to properly prepare security projects and changes. This […]

2014-07-24 (last updated at October 20th, 2014) Michael BoelenAuditing, Compliance, Hardening Leave a comment

Do NOT use Linux hardening checklists for your servers

Do NOT use Linux hardening checklists for your servers Quality is an interesting word. It describes, well, the quality of something. Quality is just another word for how well can you repeat something. The goal is to get each time exactly the same result. Whenever it’s a physical product, or rolling out a new Linux system, you want great quality. One method to increase quality is using checklists. However we strongly advice against using Linux hardening checklists.. But checklists are […]

2014-07-15 (last updated at October 20th, 2014) Michael BoelenDevelopment, Linux, System Administration Leave a comment

Linux Security for DevOps

Linux Security for DevOps During the last years the role of DevOps evolved. This person could be described as the hybrid: a system administrator with development skills, or the developer which is also infrastructure savvy. With Linux and so many available tooling, it is becoming easier for people to learn both development and managing infrastructures. We are especially interested in Linux security for DevOps and what they can apply. Automation is key Repeating work is not only boring, but also […]

«1 234 5 »