Show vulnerable packages on Arch Linux with arch-audit

Vulnerable Software Packages on Arch Linux Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages. After all […]

Read more

Why Auditing and Vulnerability Scanning are Different Things

Why Auditing and Vulnerability Scanning are Different Things As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both. Vulnerability Scanning Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping […]

Read more

Vulnerability Scanning: The Destiny to Disappointment?

The Need Of Vulnerability Management Our digital world is full of hardware and software components. The big difference between the two is the quality. When hardware ships with defects, people will return it and talk badly about it. For software it is fine if things are not perfect from the beginning. It can be improved upon in steps, until most of its users are happy with it. Developers of this software often are some level of pressure. We already know […]

Read more

Understanding Linux Privilege Escalation and Defending Against It

Linux Privilege Escalation How it works, and what steps you can take to protect yourself Privilege escalation in another term for the elevation of permissions, of a normal user. This means that a normal user on Linux can become root, or get the same permissions as root. This can be authorized usage, with the use of the su or sudo command. It can also be unauthorized, for example when an attacker gains too many permissions. In this case often with […]

Read more

Linux Vulnerabilities Explained: From Detection to Treatment

Linux Vulnerabilities Explained If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although GNU/Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it. The goals? Know which vulnerabilities exists […]

Read more

Forget Linux Vulnerability Scanning: Get Better Defenses

Building Defenses Beyond Linux Vulnerability Scanning Every month or so, I get a few questions about the vulnerability capabilities Lynis has to offer. It made me think about this subject and I realized something: Many security professionals are still focusing too much on vulnerabilities. They want to know their security gaps, so they can know where they stand. While this isn’t a bad approach, there might be a better solution. The solution I will discuss today is to focus on (permanent) […]

Read more

Vulnerabilities and Digital Signatures for OpenBSD Software Packages

Vulnerabilities and Digital Signatures Auditing OpenBSD Software Packages If you audit systems on a regular basis, you eventually will come across an OpenBSD system. OpenBSD is known for its heavy focus on security, resulting in an operating system with a low footprint and well-audited source code. While most operating systems are pretty secure, they quickly will introduce new security holes when installing external software components. Although OpenBSD does careful checks for packages they add, those might be containing still a […]

Read more

Perform NetBSD security audit with pkg_admin

Perform NetBSD security audit Security audit of NetBSD software packages with pkg_admin NetBSD is especially known for it’s diverse platforms it can run on. What is less known is the ability to audit the installed packages. In this article we have a look on how to audit NetBSD and ensure the file integrity of your packages. Performing a security audit is easy, as long as you use the right tool! Packages When using packages, their metadata will be installed in […]

Read more
12