2017-09-06 (last updated at June 22nd, 2018) Michael BoelenSystem Administration Leave a comment

Troubleshooting a full /boot partition on Ubuntu

A regular issue with systems running Ubuntu is that may fill up the /boot partition. You might have discovered it when running apt, which refused to work. That is unfortunate, as you also need apt to resolve the issue. After trying several options, we found a way to resolve this catch 22, with just three steps. Opposed to other solutions, you don’t need to move files or do other tricky things on your system. Still a word of caution: any tasks you […]

2016-09-26 (last updated at July 18th, 2018) Michael BoelenHardening 6 comments

Ubuntu system hardening guide for desktops and servers

The system hardening process of a system is critical during and after installation. It helps the system to perform its duties properly. This blog post shows you several tips for Ubuntu system hardening. It will dive into the most critical steps to take first. Then more specific hardening steps can be added on top of these. As most security guides only tell you what to do, we will also go into more detail on why a specific security measure is […]

2016-09-19 (last updated at March 12th, 2017) Michael BoelenSoftware, System Administration 4 comments

Discover to which package a file belongs to

Related Packages and Files Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions. CentOS, Fedora, RHEL Show files for RPM packages rpm -qlp /path/to/file.rpm Show files for packages on […]

2016-08-21 (last updated at June 24th, 2018) Michael BoelenSystem Administration 41 comments

How to solve an expired key (KEYEXPIRED) with apt

Updating expired keys on Debian and Ubuntu Software updates and package management is easy with systems based on Debian or Ubuntu. Just apt-get update (or apt update) and run an upgrade. But sometimes you may encounter the following situation: a KEYEXPIRED message. root# apt-get update && apt-get upgrade Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Hit:2 http://nl.archive.ubuntu.com/ubuntu xenial InRelease Get:3 http://nl.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB] Hit:4 http://nl.archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:5 https://packages.cisofy.com/community/lynis/deb stable InRelease Get:6 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [373 kB] Ign:7 […]

2015-11-17 Michael BoelenSystem Administration Leave a comment

How to Disable “System program problem detected”

Quick Ubuntu Tips: System program problem detected Sometimes programs crash, usually for a different variety of reasons. While it is good to do research and find the underlying cause, sometimes you simply want to disable any reporting. Clean up /var/crash First thing to do is check your /var/crash directory and see if there are any “crash” files. These are just normal text files and include details about a process. If you have a process crashing regularly, you most likely want to […]

2015-11-03 (last updated at July 5th, 2018) Michael BoelenVulnerabilities Leave a comment

Linux vulnerabilities: from detection to treatment

If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it. This guide explains what is available, from vulnerability to […]

2015-03-09 (last updated at September 26th, 2016) Michael BoelenAutomation, Software, System Administration 3 comments

Using unattended-upgrades on Debian and Ubuntu

Using unattended-upgrades on Debian and Ubuntu To counter the biggest threat to software packages, they should be updated on a regular basis. Vulnerabilities are discovered on a daily basis, which also requires we monitor daily. Software patching takes time, especially when testing and reboots are needed. Fortunately, systems running Debian and Ubuntu can use unattended-upgrades to achieve automated patch management for security updates. Installation With most software packages, unattended-upgrades has to be installed. root@system:~# apt-get install unattended-upgrades If you are […]

2015-02-03 (last updated at May 27th, 2018) Michael BoelenAuditing, Lynis Leave a comment

What’s New in Lynis 2: Features

Lynis 2.x Features Lynis 2.x will bring security auditing of Linux and Unix systems to a new level. In this blog post we share some exciting new features. Release of Lynis 2 is planned for February 2015. Overview: History Lynis 2.x Plugins Systemd Support File Integrity Monitoring Containers & Virtualization Operating Systems Focus on Simplicity Free and Commercial Support History Lynis has been created in 2007, as a follow-up on the well-known tool Rootkit Hunter (rkhunter). Both tools are […]

2014-10-09 (last updated at June 30th, 2018) Michael BoelenSystem Administration, Vulnerabilities Leave a comment

How to solve Shellshock on Debian and Ubuntu

Protect against Shellshock Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much effort and remotely exploit systems, it has a maximum vulnerability score according to CVSS. Upgrade Bash First update the software repository with apt-get, using the update parameter. apt-get update && apt-get install –only-upgrade bash Your system should now have a newer version of bash. You can […]

2014-08-06 (last updated at March 6th, 2017) Michael BoelenLinux Leave a comment

Check for a required reboot on Debian and Ubuntu systems

Required restart required? Administrators of Debian-based systems know they have to reboot their systems, just like any other Linux distribution. However, why is the reboot needed? Could we monitor for which systems need an actual reboot? Required reboot Software can contain issues, which we call bugs. Most bugs are just annoying if you encounter them and can be fixed by upgrading to a newer version of the software. Other bugs are special in the way that they may leak sensitive […]