Linux and ASLR: kernel/randomize_va_space

Configuring ASLR with randomize_va_space The Linux kernel has a defense mechanism named address space layout randomization (ASLR). This setting is tunable with the randomize_va_space setting. Before making changes to this setting, it is good to understand what this Linux security measure does. Understanding ASLR In 2001 the term ASLR was first introduced as a patch to the Linux kernel. Its main goal was to randomize memory segments to make abuse by malicious programs harder. A normal program consists of several […]

Read more

The 101 of ELF Binaries on Linux: Understanding and Analysis

Executable and Linkable Format An extensive dive into ELF files: for security incident response, development, and better understanding We often don’t realize the craftsmanship of others, as we conceive them as normal. One of these things is the usage of common tools, like ps and ls. Even though the commands might be perceived as simple, under the hood there is more to it: ELF binaries. Let’s have an introduction into the world of this common file format for Linux and […]

Read more

5 things you didn’t know about shell scripting

5 things you didn’t know about shell scripting Our security auditing tool Lynis is a toolkit consisting of several shell scripts. Many users of the software actually never realized it was written as a bunch of shells scripts.. The secret is out.. But why shell scripting? Here are 5 reasons! 1. Shell scripting is powerful Yes, people asked us why our tool Lynis was not written in Perl, Python, Ruby, C++ etc.. But honestly, why would we? It is portable, […]

Read more

How and why Linux daemons drop privileges

How and why Linux daemons drop privileges In this article we have a look at the privileges of Linux daemons and dropping privileges in particular. The samples provided are in C. Why drop privileges? Some daemons need root permissions to start. This happens for example when a daemon wants to bind to a low port (<1024). However running network based daemons with root permissions is considered to be a serious risk. In case of compromise of the process, an attacker […]

Read more