Software Management

Audit SuSE with zypper: vulnerable packages

Stay up-to-date with security patching is part of a decent security management process. This article looks into vulnerable packages on OpenSuSE and how to detect them.

Summary of Audit SuSE with zypper: vulnerable packages

Proper software management is an important part in keeping your system secured. Acting on time is important, especially when network services have discovered security vulnerabilities. Vulnerable packages Usually packages with known security vulnerabilities, get priority and updates are soon available. The risk in installing these packages is fairly low, as they don’t introduce new features. Instead, they fix the related security hole, which sometimes is nothing more than 1 single character!

Read the full article…

How to solve an expired key (KEYEXPIRED) with apt

Software updates and package management is easy, until you get a KEYEXPIRED message. In this article we should how it happens and the way to solve it.

Summary of How to solve an expired key (KEYEXPIRED) with apt

Software updates and package management is easy with systems based on Debian or Ubuntu. Just apt-get update (or apt update) and run an upgrade. But sometimes you may encounter the following situation: a KEYEXPIRED message. KEYEXPIRED message # apt-get update && apt-get upgrade Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Hit:2 http://nl.archive.ubuntu.com/ubuntu xenial InRelease Get:3 http://nl.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB] Hit:4 http://nl.archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:5 https://packages.cisofy.com/community/lynis/deb stable InRelease Get:6 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [373 kB] Ign:7 http://nginx.

Read the full article…

Showing Available Security Updates with DNF

Systems running Fedora have the DNF utility. With DNF it becomes easily to install packages and stay up-to-date with security related updates.

Summary of Showing Available Security Updates with DNF

Checking Security Updates for your Software Packages DNF is the default package manager since Fedora 22. As it is considered to be a better version of YUM, some of our Lynis users asked for DNF support. With focus on auditing and security patching, we definitely wanted to see that for ourselves. While building support, I’ve gathered the most important commands. In this blog post we will have a look how we can leverage the DNF output to show only the available security updates.

Read the full article…

Software Patch Management for Maximum Linux Security

Linux systems have a lot of software packages, resulting in regular upgrades and updates. Proper software patch management is key and we share how to do it.

Summary of Software Patch Management for Maximum Linux Security

Maximum Linux security with proper software patch management Software upgrades are almost as old as the first lines of software code. Still companies struggle to properly update software, also when it comes to security patching. In this article we have a look at the reason behind patching and some methods to keep your systems humming, with fresh packages. Why Update? To most of us, it instantly makes sense to keep the software on your systems up-to-date.

Read the full article…

Upgrading External Packages with unattended-upgrade

The unattended-upgrade tool is a great way to keep your system automatically updated. Learn how it works and how configure it.

Summary of Upgrading External Packages with unattended-upgrade

The unattended-upgrade tool is a great way to keep your system automatically updated. While you might not always want to do that for all packages, it definitely can be a great way to assist in your security efforts. In that case, tell it to track security updates and install the related packages. If you are using third-party packages (e.g. via PPAs), the system has no idea about security updates for those packages.

Read the full article…

Vulnerabilities and Digital Signatures for OpenBSD Software Packages

When coming across an OpenBSD system, one can not ignore auditing the OpenBSD software packages and its configuration. With support for digital signatures and focus on security, it is a great...

Summary of Vulnerabilities and Digital Signatures for OpenBSD Software Packages

Auditing OpenBSD Software Packages If you audit systems on a regular basis, you eventually will come across an OpenBSD system. OpenBSD is known for its heavy focus on security, resulting in an operating system with a low footprint and well-audited source code. While most operating systems are pretty secure, they quickly will introduce new security holes when installing external software components. Although OpenBSD does careful checks for packages they add, those might be containing still a vulnerability, waiting to be discovered.

Read the full article…