A Linux system has two kinds of users: ordinary users and the root user. Each ordinary user has a robust set of permissions to manage his or her own files (and files that belong to a group that he or she is a member of), but an ordinary user cannot affect system configuration, start or stop essential services such as the SSH daemon, and cannot reserve a so-called privileged port, or any networking port numbered less than 1,024. The root user, though, is free to access and modify any file, perform any task, and affect the system at will.
We have all used sudo some point in using Linux but do you know the importance of sudo to Linux security? This article guides the user through everything a Linux user needs to know about sudo.
If you're concerned about protecting world-writeable shared directories such as /tmp or /var/tmp from abuse, a Linux® Pluggable Authentication Module (PAM) can help you. The pam_namespace module creates a separate namespace for users on your system when they login. This separation is enforced by the Linux operating system so that users are protected from several types of security attacks. This article for Linux system administrators lays out the steps to enable namespaces with PAM.
Have you heard about PAM? All Linux user's use PAM every time they use Linux. This article does a great job at explaining how PAM helps improve Linux user's security.
A Linux system has two kinds of users: ordinary users and the root user. Each ordinary user has a robust set of permissions to manage his or her own files (and files that belong to a group that he or she is a member of), but an ordinary user cannot affect system configuration, start or stop essential services such as the SSH daemon, and cannot reserve a so-called privileged port, or any networking port numbered less than 1,024. The root user, though, is free to access and modify any file, perform any task, and affect the system at will.
It's an important to learn how to use sudo securely. This article does a good job at helping users to setup sudo for their systems.
The containers developers have what would seem to be a relatively straightforward problem: they would like to control access to devices on a per-container basis. Then containers could safely be granted access to specific devices without compromising the overall security of the system - even if a container has a root-capable process which can create new device files.
Kernel security is a very importance part of the overall security of ones system. This article goes into one part of kernel security containerization.
Source: Rational Survivability - Posted by Ryan Berens
VMware and virtualization security is just beginning to heat up. In this article, we get an interesting view into the nature of this debacle. Should it be a surprise that security is going to be such an issue? According to this blogger, far, far from it; virtualization provides such a compelling shift in computing, that being caught "flatfooted" is embarrassing...
For the purpose of this post, I'm going to focus on the security implications of virtualization and simply summarize by suggesting that virtualization up until now has quietly marked a tipping point where we see the disruption stretch security architectures and technologies to their breaking point and in many cases make much of our invested security portfolio redundant and irrelevant.
Ouch! Read on...
According to an anlysis of malware in Sophos's Linux honeypots, it has shown that almost 70 percent of the infections are due to this six-year-old malicious program. SophosLabs has made a small detection tool available to help users find out whether they have been infected with this virus.
Patches for a much publicized Linux kernel local root exploit were released today as 2.6.24.2, 2.6.23.16, and 2.6.22.18. The latest bug, labeled as CVE-2008-0600, was introduced by the vmsplice() system call and added into the 2.6 kernel in 2.6.17. It is the third in a series of root exploits surrounding the same system call, the two earlier bugs being CVE-2008-0009 and CVE-2008-0010. Easily obtained exploits exist for both the older CVE-2008-0010 which affected the 2.6.23 and 2.6.24 kernels, and the latest CVE-2008-0600, allowing a local non-root user to gain root permissions.
You mostly likely heard about the local root exploit patch which was released a few days ago. Any exploit dealing with the root users can be a serious problem. Have you patched your Linux Kernel yet?
In this review from Linux.com, you get into some of the details on our Open Source tool of the month. The Zenmap front end for Nmap is covered, its new enhancements as well as what to do with the Command Wizard. It also covers some of the basics on port scanners too...
Sometimes criticized for helping the bad guys find opening in the cracks of sites on the Internet, their real value is in allowing network security pros -- and those trying to protect their own machines and networks -- to test their own defenses. They can help ordinary users learn more about networking and network security.
AntiTamper is an Apache 2.x module that could be used to prevent some sort of url and cookie tampering.
Specifically, AT could stop a lot of those malicious bots that take advantage from search engines. Moreover, attack techniques like HTTP Response Splitting and session hijacking/fixation will be mitigated.
I am interested if anyone has tested out mod_anti_tamper. I like using mod_security but mod_anti_tamper look like it will work well side my side with mod_security increase a web servers security.
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Anything which helps Web application to be more secure is a very good thing. Have you implemented ModSecurity on your Apache server?
