Secure Software Development: CII Best Practices

Best Practices from the Core Infrastructure Initiative Last month the Core Infrastructure Initiative, or CII, launched their CII best practices project. Its primary goal is to gamify the process of building more secure software. Let’s have a look at the project, and how it can help. Open Source and Security If we look in the open source world of software, we see that many projects were created by volunteers. While doing this voluntary, this doesn’t say anything about the quality of the […]

Read more

Automatic Security Updates with DNF

Automatic Security Updates The Dandified YUM tool, DNF, has become a powerful package manager for systems running Fedora. One of the great options is that security patches easily requested. This allows us for automatically security patching of our systems. Let’s explore the options and see how dnf-automatic can help us with fully automated patching. Security Patches The newer versions of Fedora use DNF. To check available security patches, use the dnf command. dnf updateinfo list security While this output is […]

Read more

Showing Available Security Updates with DNF

Checking Security Updates for your Software Packages DNF is the default package manager since Fedora 22. As it is considered to be a better version of YUM, some of our Lynis users asked for DNF support. With focus on auditing and security patching, we definitely wanted to see that for ourselves. While building support, I’ve gathered the most important commands. In this blog post we will have a look how we can leverage the DNF output to show only the […]

Read more

Linux Vulnerabilities Explained: From Detection to Treatment

Linux Vulnerabilities Explained If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although GNU/Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it. The goals? Know which vulnerabilities exists […]

Read more

Forget Linux Vulnerability Scanning: Get Better Defenses

Building Defenses Beyond Linux Vulnerability Scanning Every month or so, I get a few questions about the vulnerability capabilities Lynis has to offer. It made me think about this subject and I realized something: Many security professionals are still focusing too much on vulnerabilities. They want to know their security gaps, so they can know where they stand. While this isn’t a bad approach, there might be a better solution. The solution I will discuss today is to focus on (permanent) […]

Read more