Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Security Tips
Need a quick security fix? Whether its sudo or lilo, tcp or icmp, you'll find short and straight-to-the point guidance in our listing of Security Tips.

Password Guessing with THC-Hydra
Source: LinuxSecurity Contributors - Posted by Administrator   
Hydra is available for Windows and Linux. I've used both, however if you have the need for speed, Linux is the way to go. I'm sure you're itching to get started so I'll stop yapping.
Linux Mint - The Trio
Source: crushingpackets - Posted by Administrator   
Linux Mint - The Trio. Linux Mint's claim to fame is usability and the search for the perfect Linux desktop. As a distribution Mint arrived on the scene in 2006 with release 1.0 code named "Ada".
Lynis - Security and system auditing tool
Source: - Posted by Ryan Berens   
A Unix-based tool:
Lynis is an auditing tool which tests and gathers information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers.

Lynis features

- System and security audit checks
- File Integrity Assessment
- System and file forensics
- Usage of templates/baselines (reporting and monitoring)
- Extended debugging features
10 Basic Linux Security Tips to Implement
Source: - Posted by Ryan Berens   
From, the top 3 tips: Are there any other tips you think should have been included or that you found to be true?

The following is a list of rules and tips you might find useful in dealing with basic security concerns:

1. Avoid doing your regular jobs when you are logged in as root. This reduces the risk of getting a cuckoo egg or a virus and protects you from your own mistakes.

2. If possible, always try to use encrypted connections to work on a remote machine. Using SSH (secure shell) to replace telnet, ftp, rsh, and rlogin should be standard practice.

3. Avoid using authentic method based on ip address alone.

SELinux and mail() in PHP
Source: Ejohansson Blog - Posted by Ryan Berens   
An interesting and quick tip on how to fix a mail server error while running SELinux:
Since I upgraded my server and activated SELinux I haven't gotten any emails from Wordpress when people post comments on this blog (that's why it has taken my so long time to approve comments). Today I decided it was time to look into the problem...
Password Cracking Wordlists and Tools for Brute Forcing
Source: - Posted by Ryan Berens   
"Know your enemy." So the saying goes in all forms of the attacker/defender relationship. This article is an example of that. One of the most vulnerable forms of security is the password - many people have easy to duplicate passwords, companies often keep default passwords the same, and so on and so forth. Crackers can take advantage of this - especially if they have the right tools. And the better you know those tools, the better you can protect against them. Do note there are also various tools to generate wordlists for brute forcing based on information gathered such as documents and web pages (such as Wyd - password profiling tool) These are useful resources that can add unique words that you might not have if your generic lists.
Detecting / Checking Rootkits with Chkrootkit and rkhunter Software
Source: NixCraft - Posted by Ryan Berens   
A great find (from NixCraft) for a quick overview on the available programs to detect and check for rookits on your machine:

A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms "Administrator" access) of a computer system, without authorization by the systemís owners and legitimate managers.
Customizing xguest Policy
Posted by Ryan Berens   
A quick dose of Linux Security advice from Dan Walsh:

He was asked:
I have switched the user role of an existing account to xguest_u thus enabling kiosk mode for this specific user. Works like a charm, thanks. Now i only need to permit ssh access.

And later: Working towards true Least privilege is a noble goal, but with potentially a large increase in complexity.
SELinux, Subversion and mod_svn
Posted by Ryan Berens   
Here, Erik Johansson goes into upgrading his standard Debian set-up to Debian-Etch. He goes on to say: After upgrading my server (from Debian Sarge to Debian Etch) I decided to enabled SELinux. After reading some documentation (besides Debian's basic setup documentation I can recommend Fedora's SELinux wiki and especially this presentation) I got the basic setup working. Getting Subversion to fully work required a few extra steps. For your convenience and my memory I've listed them below... It's a great, short HOWTO on upgrading your system with SELinux, what to look for, and how to get it all up and running.
Sendmail: BAD Postfix: GOOD Any questions?
Source: - Posted by Ryan Berens   
SPAM: It's evil, everywhere and constant. Oh Joy!

Thankfully, you can help avoid it reaching your client by using the power of Postfix to run your mail. Sendmail, Qmail and others provide mail, sure, but limiting false positives, avoiding server overloads, and establishing a good defense is just plain better with Postfix. Whether you like gray listing, want to configure black lists, or want a step-by-step on setting up secure mail - this is a great, quick overview.
<< Start < Prev 1 2 3 Next > End >>

Results 1 - 10 of 32


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
OpenSSL Mystery Patch is No Heartbleed
Study: One-third of top websites vulnerable or hacked
Threat-sharing cybersecurity bill unveiled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.