Audit SuSE with zypper: vulnerable packages

Stay up-to-date with security patching is part of a decent security management process. This article looks into vulnerable packages on OpenSuSE and how to detect them.

Summary of Audit SuSE with zypper: vulnerable packages

Proper software management is an important part in keeping your system secured. Acting on time is important, especially when network services have discovered security vulnerabilities. Vulnerable packages Usually packages with known security vulnerabilities, get priority and updates are soon available. The risk in installing these packages is fairly low, as they don’t introduce new features. Instead, they fix the related security hole, which sometimes is nothing more than 1 single character!

Read the full article…

Discover to which package a file belongs to

With the right Linux software tools, it is easy to find to which package a file belongs. Or the opposite, what files are part of an installed package.

Summary of Discover to which package a file belongs to

Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions. Most options used in this article have also a long format option.

Read the full article…

Show vulnerable packages on Arch Linux with arch-audit

With the right tool, arch-audit in this case, we can find any vulnerable package that is installed on a Arch Linux system. Learn how it works.

Summary of Show vulnerable packages on Arch Linux with arch-audit

Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages.

Read the full article…

Showing Available Security Updates with DNF

Systems running Fedora have the DNF utility. With DNF it becomes easily to install packages and stay up-to-date with security related updates.

Summary of Showing Available Security Updates with DNF

Checking Security Updates for your Software Packages DNF is the default package manager since Fedora 22. As it is considered to be a better version of YUM, some of our Lynis users asked for DNF support. With focus on auditing and security patching, we definitely wanted to see that for ourselves. While building support, I’ve gathered the most important commands. In this blog post we will have a look how we can leverage the DNF output to show only the available security updates.

Read the full article…

Updating all OpenBSD packages with pkg_add

To ensure your system is secure and stable, package management is an important task. To achieve that, use pkg_add to update your installed OpenBSD packages.

Summary of Updating all OpenBSD packages with pkg_add

Using pkg_add Keeping your systems stable and secure Every system needs to stay up-to-date with its packages, including OpenBSD. Most OpenBSD users already use pkg_add for the installation of packages. This utility can also be used for package upgrades. Option 1: Use /etc/installurl Newer OpenBSD versions use the file /etc/installurl to select the mirror for pkg_add. Option 2: PKG_PATH The first thing to do is defining your PKG_PATH. This will usually be the address of a FTP or HTTP server, which has the latest packages available.

Read the full article…

Yum plugins: Available plugins and built-in security support

To determine the available yum plugins, we analyze them for our goal: discovering if security support is in the yum plugins itself or built-in by default.

Summary of Yum plugins: Available plugins and built-in security support

Enhancing yum Determine available plugins and built-in security support To enhance the support in our auditing tool Lynis, we wanted to know if yum supports security related functions by using a plugin or having it as built-in functionality. Yum Yum, or Yellowdog Updater Modified, is a software management tool for Linux based systems. Usually it is used on systems running SuSE or Red Hat based (like RHEL, Fedora or CentOS). Plugins extend the functionality of yum, to improve its functionality.

Read the full article…