The state of Linux security in 2017

Linux security (2017 edition) The year is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments. Did we forget something important? Let us know in the comments. This post will remain updated in the upcoming weeks. As this post may appear on HN, Reddit, Slashdot, and other high-traffic sites, this post is heavily cached. Comments may show up with some delay.   January: MongoDB, Debian […]

Read more

The State of Linux Security

Linux Security (2016) Introduction In the last 10 years, GNU/Linux achieved something some foreseen as almost impossible: powering both the smallest and biggest devices in the world, and everything in between. Only the desktop is not a conquered terrain yet. The year 2016 had an impact on the world. Both from a real life perspective, as digitally. Some people found their personal details leaked on the internet, others found their software being backdoored. Let’s have a look back on what […]

Read more

Migration tips for Lynis to version 2.3.1 and beyond

Lynis migration tips Usually a lot of work is put into new releases. So it is a shame if most users don’t use the latest version, right? Surprisingly, that still happens a lot. In the recent past, users of Lynis had to rely on external package maintainers, custom package building, or manually downloading the latest release. Debian and RPM packages If you are running a system that uses the DEB or RPM format, you might want to use our new […]

Read more

Three big changes and reasoning behind Lynis 2.3.0

Lynis 2.3.0 Last two releases we invested a lot of work in rebuilding our auditing tool Lynis. The original code is from 2007, and we have plans to add a lot of new tests. Before doing so, we decided to give Lynis a good spring cleanup and enhance its core. This way it will properly deal with the upcoming weight of the new tests. These major changes also mean a slightly different approach in some areas. So here is the […]

Read more

Quick Tip: Disable Adobe Flash Player in Chrome

How to disable Flash The end of Adobe’s Flash Player is near. Most of the remaining Flash on the web are advertisements or “fancy” movies, created years ago. If you don’t need Flash any longer, these steps help you to disable it in Chrome. Step 1: Open plugins Go to chrome://plugins This will show an overview of all your plugins. Step 2: Disable Abode Flash Player Press Disable on the Adobe Flash Player. The color of the plugin changes and […]

Read more

What’s New in Lynis 2: Features

Lynis 2.x Features Lynis 2.x will bring security auditing of Linux and Unix systems to a new level. In this blog post we share some exciting new features. Release of Lynis 2 is planned for February 2015. Overview: History Lynis 2.x Plugins Systemd Support File Integrity Monitoring Containers & Virtualization Operating Systems Focus on Simplicity Free and Commercial Support   History Lynis has been created in 2007, as a follow-up on the well-known tool Rootkit Hunter (rkhunter). Both tools are […]

Read more

Product comparison: Lynis VS Nessus

Lynis VS Nessus Comparison of both products Professionals ask us often how Lynis is different than Tenable Nessus. As the original author of Lynis, let me address that very interesting question.   Different goal Nessus is focused on vulnerability scanning, or in other words, finding weaknesses in you environment. The huge amount of plugins and their actions show that this is the primary focus. Along the way it started to implement others services, like compliance checking. Lynis also detects vulnerabilities, […]

Read more

How to protect yourself against Shellshock Bash vulnerability

Shellshock vulnerability – Bash Bash is one of the most used shells on Unix based systems. The newly discovered “shellshock” vulnerability affects millions of systems. The weakness abuses an internal check when Bash gets a variable declaration. By defining this variable and putting more “stuff” (commands) in it, Bash will actually execute those commands as well. Unfortunately this results in several possible ways to exploit it by attackers. Websites One way this vulnerability scan be exploited, is by embedding it […]

Read more
12