Software
How to show all installed packages with pacman
Query the pacman package manager on systems like Arch to show installed packages.
Summary
Querying pacman
How to show all installed packages on Ubuntu
Query the package manager to show installed packages on Ubuntu systems including version details.
Summary
Query tools like dpkg to show installed packages
Package manager: Frequently Asked Questions
Frequently asked questions about software, such as package manager, package versions, and how to configure them.
Summary
List installed packages on a Linux system
Learn how to show all installed packages on Linux systems including AlmaLinux, Debian, OpenSUSE, and Ubuntu.
Summary
Show installed package on the most common Linux distributions
Package manager
Everything related to package managers like apt, dnf, yum, and zypper. Learn how to use the tools to install and configure packages.
Summary
Software
Everything related to software, including package managers, building software packages, and more.
Summary
Show vulnerable packages on Arch Linux with arch-audit
With the right tool, arch-audit in this case, we can find any vulnerable package that is installed on a Arch Linux system. Learn how it works.
Summary
Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman
.
One problem that remained was the inability to quickly test if you have any vulnerable packages. After all running pacman -Suy
daily works, but that doesn’t say much if known issues were found. Till now, with the new arch-audit
tool.
Find and Disable Insecure Services on Linux
Learn how to find and disable those services on Linux that are nowadays are considered to be unsafe or known for the weak security.
Summary
The world has changed a lot in the last era, especially when it comes to computing. This applies also to the services we run on our Linux systems. Some of these services (like rlogin), were previously the defacto tools to do administration. Now they are considered to be bad and insecure.
What makes a service insecure?
Services can become insecure when they have characteristics like:
- No (or weak) authentication
- No (or weak) encryption
- Insecure protocols
- Running as root
Authentication insecurities
One example might be if a program only requires a password or pin, without any information like an username. This happens often in physical solutions, but sometimes also in software. The risk involved is two-folded: it is easy to guess and provides no (or weak) accounting.
Missing Packages: Don’t Trust External Repositories!
Should you external repositories or not? In this article we look at why trusting external repositories might be a bad thing.
Summary
If you are in the business of system administration, you know the big dilemma when it comes to installing software: missing packages. Yes, a lot of packages are available in the repositories of your Linux distribution, but not the one you need. Or when it is, it is horribly outdated. So you reach out to external resources, like community maintained repositories, right?
With Lynis, we face this same issue. While most of the distributions have Lynis in the repository, it is often outdated. We could do packaging ourselves, and most likely will in the future. But for now, that task is taking too much time with the regular updates we provide. Packaging, testing, and checking is a delicate process, often better done by people who know that specific Linux distribution from the inside out.
Updating all OpenBSD packages with pkg_add
To ensure your system is secure and stable, package management is an important task. To achieve that, use pkg_add to update your installed OpenBSD packages.
Summary
Using pkg_add
Keeping your systems stable and secure
Every system needs to stay up-to-date with its packages, including OpenBSD. Most OpenBSD users already use pkg_add for the installation of packages. This utility can also be used for package upgrades.
Option 1: Use /etc/installurl
Newer OpenBSD versions use the file /etc/installurl to select the mirror for pkg_add.
Option 2: PKG_PATH
The first thing to do is defining your PKG_PATH. This will usually be the address of a FTP or HTTP server, which has the latest packages available. To have this variable set every time you log in, use the file .profile in your home directory (e.g. /root/.profile). Add the full export line below:
Software Patch Management for Maximum Linux Security
Linux systems have a lot of software packages, resulting in regular upgrades and updates. Proper software patch management is key and we share how to do it.
Summary
Maximum Linux security with proper software patch management
Software upgrades are almost as old as the first lines of software code. Still companies struggle to properly update software, also when it comes to security patching. In this article we have a look at the reason behind patching and some methods to keep your systems humming, with fresh packages.
Why Update?
To most of us, it instantly makes sense to keep the software on your systems up-to-date. But still, sometimes we have to explain others why we do actually need a process to apply software updates and patches.
Vulnerabilities and Digital Signatures for OpenBSD Software Packages
When coming across an OpenBSD system, one can not ignore auditing the OpenBSD software packages and its configuration. Learn more what OpenBSD has to offer.
Summary
If you audit systems on a regular basis, you eventually will come across an OpenBSD system. OpenBSD is known for its heavy focus on security, resulting in an operating system with a low footprint and well-audited source code.
While most operating systems are pretty secure, they quickly will introduce new security holes when installing external software components. Although OpenBSD does careful checks for packages they add, those might be containing still a vulnerability, waiting to be discovered. So in this article we have a close look at dealing with packages and what to look for when auditing them.
How to solve Shellshock on Debian and Ubuntu
Also Debian and Ubuntu are vulnerable for Shellshock vulnerability in Bash. That's why it is important to run apt update and perform an upgrade of Bash.
Summary
Protect against Shellshock
Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much effort and remotely exploit systems, it has a maximum vulnerability score according to CVSS.
Upgrade Bash
First update the software repository with apt-get, using the update parameter.
Are security hardening guides still useful?
With Linux being decently hardened by default, would it make sense to invest in reading hardening guides? The short answer: yes!
Summary
This was the big question we asked ourselves recently, when reading a few of them. With Linux and other Unix systems being decently hardened by default, would it still make sense to invest a lot of time to harden your system?
Hardening guides
Years ago both Windows and Linux were easy targets. A lot of system software was installed by default and these services were targeted often by malicious people and scripts. Then hardening guides came along on how to secure these services and protect systems.
Difference between Lynis and Lynis Enterprise
Quick guide about the differences between Lynis and the Lynis Enterprise Suite and what version is best suitable for your Linux or Unix environment.
Summary
People wonder about the main differences between Lynis and the Lynis Enterprise version. In this article we have a look on what both products are and how you can choose between the two.
Lynis
Lynis is a security auditing tool for Linux and Unix based systems. With its GPLv3 license it’s open source and freely available. The tool was first released in 2007 and has undergone a lot of development during the years. Lynis is a popular tool (1000+ downloads in just a few weeks after each release) and used by many system administrators, security professionals and auditors.
Auditing Linux: Software Packages and Managers
Article about how to audit and check installed software packages and their security by using the related package managers.
Summary
No system can do its job without any installed software packages. However after installation of the system, or running it for a while, it often becomes unclear why some software was ever installed. This article looks at methods on auditing installed software, check for security updates and the related follow-up.
Package managers
To enable system administrators to properly manage software and upgrading them, Linux uses a package manager. This suite often consists of a package database, the software packages itself and several support tools. These tools in particular are used to query the database, install/remove software and assist in the upgrade process. But as usual, there are often some less known parameters which might make your job easier. For auditors it is especially interesting to know what options are available, to gather more specific information focused on proper software management.