Software

Are security hardening guides still useful?

With Linux and other Unix systems being decently hardened by default, would it make sense to invest a lot of time in reading hardening guides to harden your system?

Summary of Are security hardening guides still useful?

This was the big question we asked ourselves recently, when reading a few of them. With Linux and other Unix systems being decently hardened by default, would it still make sense to invest a lot of time to harden your system? Hardening guides Years ago both Windows and Linux were easy targets. A lot of system software was installed by default and these services were targeted often by malicious people and scripts.

Read the full article…

Auditing Linux: Software Packages and Managers

Article about how to audit and check installed software packages and their security by using the related package managers.

Summary of Auditing Linux: Software Packages and Managers

No system can do its job without any installed software packages. However after installation of the system, or running it for a while, it often becomes unclear why some software was ever installed. This article looks at methods on auditing installed software, check for security updates and the related follow-up. Package managers To enable system administrators to properly manage software and upgrading them, Linux uses a package manager. This suite often consists of a package database, the software packages itself and several support tools.

Read the full article…

Difference between Lynis and Lynis Enterprise

Quick guide about the differences between Lynis and the Lynis Enterprise Suite and what version is best suitable for your Linux or Unix environment.

Summary of Difference between Lynis and Lynis Enterprise

People wonder about the main differences between Lynis and the Lynis Enterprise version. In this article we have a look on what both products are and how you can choose between the two. Lynis Lynis is a security auditing tool for Linux and Unix based systems. With its GPLv3 license it’s open source and freely available. The tool was first released in 2007 and has undergone a lot of development during the years.

Read the full article…

Find and Disable Insecure Services on Linux

Learn how to find and disable those services on Linux that are nowadays are considered to be unsafe or known for the weak security.

Summary of Find and Disable Insecure Services on Linux

The world has changed a lot in the last era, especially when it comes to computing. This applies also to the services we run on our Linux systems. Some of these services (like rlogin), were previously the defacto tools to do administration. Now they are considered to be bad and insecure. What makes a service insecure? Services can become insecure when they have characteristics like: No (or weak) authentication No (or weak) encryption Insecure protocols Running as root Authentication insecurities One example might be if a program only requires a password or pin, without any information like an username.

Read the full article…

How to solve Shellshock on Debian and Ubuntu

Also Debian and Ubuntu are vulnerable for Shellshock vulnerability in Bash. That's why it is important to run apt update and perform an upgrade of Bash.

Summary of How to solve Shellshock on Debian and Ubuntu

Protect against Shellshock Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much effort and remotely exploit systems, it has a maximum vulnerability score according to CVSS. Upgrade Bash First update the software repository with apt-get, using the update parameter. apt-get update && apt-get install -only-upgrade bash Your system should now have a newer version of bash.

Read the full article…

Missing Packages: Don’t Trust External Repositories!

Should you external repositories or not? In this article we look at why trusting external repositories might be a bad thing.

Summary of Missing Packages: Don’t Trust External Repositories!

If you are in the business of system administration, you know the big dilemma when it comes to installing software: missing packages. Yes, a lot of packages are available in the repositories of your Linux distribution, but not the one you need. Or when it is, it is horribly outdated. So you reach out to external resources, like community maintained repositories, right? With Lynis, we face this same issue. While most of the distributions have Lynis in the repository, it is often outdated.

Read the full article…

Show vulnerable packages on Arch Linux with arch-audit

With the right tool, arch-audit in this case, we can find any vulnerable package that is installed on a Arch Linux system. Learn how it works.

Summary of Show vulnerable packages on Arch Linux with arch-audit

Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages.

Read the full article…

Software Patch Management for Maximum Linux Security

Linux systems have a lot of software packages, resulting in regular upgrades and updates. Proper software patch management is key and we share how to do it.

Summary of Software Patch Management for Maximum Linux Security

Maximum Linux security with proper software patch management Software upgrades are almost as old as the first lines of software code. Still companies struggle to properly update software, also when it comes to security patching. In this article we have a look at the reason behind patching and some methods to keep your systems humming, with fresh packages. Why Update? To most of us, it instantly makes sense to keep the software on your systems up-to-date.

Read the full article…

Updating all OpenBSD packages with pkg_add

To ensure your system is secure and stable, package management is an important task. To achieve that, use pkg_add to update your installed OpenBSD packages.

Summary of Updating all OpenBSD packages with pkg_add

Using pkg_add Keeping your systems stable and secure Every system needs to stay up-to-date with its packages, including OpenBSD. Most OpenBSD users already use pkg_add for the installation of packages. This utility can also be used for package upgrades. Option 1: Use /etc/installurl Newer OpenBSD versions use the file /etc/installurl to select the mirror for pkg_add. Option 2: PKG_PATH The first thing to do is defining your PKG_PATH. This will usually be the address of a FTP or HTTP server, which has the latest packages available.

Read the full article…

Vulnerabilities and Digital Signatures for OpenBSD Software Packages

When coming across an OpenBSD system, one can not ignore auditing the OpenBSD software packages and its configuration. With support for digital signatures and focus on security, it is a great...

Summary of Vulnerabilities and Digital Signatures for OpenBSD Software Packages

Auditing OpenBSD Software Packages If you audit systems on a regular basis, you eventually will come across an OpenBSD system. OpenBSD is known for its heavy focus on security, resulting in an operating system with a low footprint and well-audited source code. While most operating systems are pretty secure, they quickly will introduce new security holes when installing external software components. Although OpenBSD does careful checks for packages they add, those might be containing still a vulnerability, waiting to be discovered.

Read the full article…