Packages

Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages.

Discover quickly which file(s) and package are matched together.

Compilers and security Compilers can be the gateway for an attacker. By misusing a possible weakness in your system(s), a compiler is often used to build the related exploit code. One way to prevent this is to determine what compilers are installed and remove (or restrict) them. Comparing Installed Packages and Compilers One way to audit the system is creating a list of common compilers and packages, then match these with the installed packages.

Checking Security Updates for your Software Packages DNF is the default package manager since Fedora 22. As it is considered to be a better version of YUM, some of our Lynis users asked for DNF support. With focus on auditing and security patching, we definitely wanted to see that for ourselves. While building support, I’ve gathered the most important commands. In this blog post we will have a look how we can leverage the DNF output to show only the available security updates.

Using pkg_add Keeping your systems stable and secure Every system needs to stay up-to-date with its packages, including OpenBSD. Most OpenBSD users already use pkg_add for the installation of packages. This utility can also be used for package upgrades. Option 1: Use /etc/installurl Newer OpenBSD versions use the file /etc/installurl to select the mirror for pkg_add. Option 2: PKG_PATH The first thing to do is defining your PKG_PATH. This will usually be the address of a FTP or HTTP server, which has the latest packages available.

Enhancing yum Determine available plugins and built-in security support To enhance the support in our auditing tool Lynis, we wanted to know if yum supports security related functions by using a plugin or having it as built-in functionality. Yum Yum, or Yellowdog Updater Modified, is a software management tool for Linux based systems. Usually it is used on systems running SuSE or Red Hat based (like RHEL, Fedora or CentOS). Plugins extend the functionality of yum, to improve its functionality.

Proper software management is an important part in keeping your system secured. Acting on time is important, especially when network services have discovered security vulnerabilities. Vulnerable packages Usually packages with known security vulnerabilities, get priority and updates are soon available. The risk in installing these packages is fairly low, as they don’t introduce new features. Instead, they fix the related security hole, which sometimes is nothing more than 1 single character!

No system can do its job without any installed software packages. However after installation of the system, or running it for a while, it often becomes unclear why some software was ever installed. This article looks at methods on auditing installed software, check for security updates and the related follow-up. Package managers To enable system administrators to properly manage software and upgrading them, Linux uses a package manager. This suite often consists of a package database, the software packages itself and several support tools.