Vulnerabilities

FreeBSD is definitely another beast than Linux. In some areas, FreeBSD is really a powerful operating system. Package management is maybe not the first one you may think of. Typically FreeBSD users have two options when it comes to installing packages.

Auditing FreeBSD with pkg audit

Ports collection

The ports tree allows the administration to build software they need, with the compilation flags he or she prefers. This makes the software optimized and typically the last versions are available. The downside is in the overhead of compiling software, especially with multiple systems involved.

Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that it becomes available and can be installed with package manager pacman.

One problem that remained was the inability to quickly test if you have any vulnerable packages. After all running pacman -Suy daily works, but that doesn’t say much if known issues were found. Till now, with the new arch-audit tool.

As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both.

Vulnerability Scanning

Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping sweep to detect which systems are alive and providing services. Next step is determining these services, so they can be followed up with more in-depth tests.

Our digital world is full of hardware and software components. The big difference between the two is the quality. When hardware ships with defects, people will return it and talk badly about it. For software it is fine if things are not perfect from the beginning. It can be improved upon in steps, until most of its users are happy with it. Developers of this software often are some level of pressure. We already know that most of the security vulnerabilities are caused by proper training or lack of quality testing. And even then, it is hard to get everything right.

What is Linux privilege escalation?

Privilege escalation is the process of elevating your permission level, by switching from one user to another one and gain more privileges. For example, a normal user on Linux can become root or get the same permissions as root. This can be authorized usage, with the use of the su or sudo command. It can also be unauthorized, for example when an attacker leverages a software bug. Especially this last category of privilege escalations is interesting to understand, so we can better defend our Linux systems.

If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it. This guide explains what is available, from vulnerability to treatment.

Every month or so, I get a few questions about the vulnerability capabilities Lynis has to offer. It made me think about this subject and I realized something: Many security professionals are still focusing too much on vulnerabilities. They want to know their security gaps, so they can know where they stand. While this isn’t a bad approach, there might be a better solution.

The solution I will discuss today is to focus on (permanent) processes, instead of vulnerability scanning. The goal is to reduce weaknesses quicker, and more often. Processes like software patch management, regular audits and security monitoring. So forget about vulnerability scanning and let’s proceed to the next level of security!

If you audit systems on a regular basis, you eventually will come across an OpenBSD system. OpenBSD is known for its heavy focus on security, resulting in an operating system with a low footprint and well-audited source code.

While most operating systems are pretty secure, they quickly will introduce new security holes when installing external software components. Although OpenBSD does careful checks for packages they add, those might be containing still a vulnerability, waiting to be discovered. So in this article we have a close look at dealing with packages and what to look for when auditing them.

Security audit of NetBSD software packages with pkg_admin

NetBSD is especially known for it’s diverse platforms it can run on. What is less known is the ability to audit the installed packages. In this article we have a look on how to audit NetBSD and ensure the file integrity of your packages. Performing a security audit is easy, as long as you use the right tool!

Packages

When using packages, their metadata will be installed in directory within /var/db/pkg. This tree contains information about the packages.

There are several open source vulnerability scanners for Linux, like OpenVAS. While tools like these are powerful as well, we will have a look at Lynis, our auditing tool to detect vulnerabilities of Linux and Unix systems. Why is it different than others and how can it help you in securing your systems?

Vulnerabilities

Every piece of software will have sooner or later a vulnerability, a minor or major weakness which can be abused by evildoers. Within information security we have the goal to protect the confidentiality, integrity and availability of systems and the related information (or data). One of the biggest threats to this goal are people, tools and actions which make “use” of a vulnerability. Sometimes by accident, but usually on purpose, like exploiting toolkits which search the internet for systems with a known vulnerability. Therefore it’s advised to focusing on discovering and reducing the amount of vulnerabilities as soon as possible, to prevent unauthorized people from gaining access to our systems.