EnGarde Secure Linux: Why not give it a try?
EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Developing A Security Policy
Create a simple, generic policy for your system that your users can readily understand and follow. It should protect the data you're safeguarding, as well as the privacy of the users. Some things to consider adding are who has access to the system (Can my friend use my account?), who's allowed to install software on the system, who owns what data, disaster recovery, and appropriate use of the system.
A generally accepted security policy starts with the phrase: "That which is not expressly permitted is prohibited"
This means that unless you grant access to a service for a user, that user shouldn't be using that service until you do grant access. Make sure the policies work on your regular user account, Saying, ``Ah, I can't figure this permissions problem out, I'll just do it as root'' can lead to security holes that are very obvious, and even ones that haven't been exploited yet.
Additionally, there are several questions you will need to answer to successfully develop a security policy:
- What level of security do your users expect?
- How much is there to protect, and what is it worth?
- Can you afford the down-time of an intrusion?
- Should there be different levels of security for different groups?
- Do you trust your internal users?
- Have you found the balance between acceptable risk and secure?
You should develop a plan on who to contact when there is a security problem that needs attention.
There are quite a few documents available on developing a Site Security Policy. You can start with the SANS Security Policy Project.
Information Security Policy Templates | SANS Institute
Excerpt from the LinuxSecurity Administrator's Guide:
/howtos Written by: Dave Wreski (
LinuxSecurity.com Feature Extras:
EnGarde Secure Community 3.0.4 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New dia packages fix arbitrary code execution | ||
| 6th, April, 2006
Updated package. advisories/debian/debian-new-dia-packages-fix-arbitrary-code-execution-40937 |
||
| Debian: New sash packages fix potential arbitrary code execution | ||
| 6th, April, 2006
Updated package. advisories/debian/debian-new-sash-packages-fix-potential-arbitrary-code-execution |
||
| Debian: New mailman packages fix denial of service | ||
| 6th, April, 2006
Updated package. advisories/debian/debian-new-mailman-packages-fix-denial-of-service-84643 |
||
| Debian: New libimager-perl packages fix denial of service | ||
| 7th, April, 2006
Updated package. advisories/debian/debian-new-libimager-perl-packages-fix-denial-of-service |
||
| Debian: New libphp-adodb packages fix several vulnerabilities | ||
| 8th, April, 2006
Updated package. advisories/debian/debian-new-libphp-adodb-packages-fix-several-vulnerabilities |
||
| Debian: New moodle packages fix several vulnerabilities | ||
| 8th, April, 2006
Updated package. advisories/debian/debian-new-moodle-packages-fix-several-vulnerabilities |
||
| Debian: New cacti packages fix several vulnerabilities | ||
| 8th, April, 2006
Updated package. advisories/debian/debian-new-cacti-packages-fix-several-vulnerabilities-10204 |
||
| Debian: New sudo packages fix privilege escalation | ||
| 8th, April, 2006
Updated package. advisories/debian/debian-new-sudo-packages-fix-privilege-escalation-27556 |
||
| Debian: New zope-cmfplone packages fix unprivileged data manipulation | ||
| 12th, April, 2006
Updated package. advisories/debian/debian-new-zope-cmfplone-packages-fix-unprivileged-data-manipulation |
||
| Debian: New horde3 packages fix several vulnerabilities | ||
| 12th, April, 2006
Updated package. advisories/debian/debian-new-horde3-packages-fix-several-vulnerabilities |
||
| Fedora | ||
| Fedora Core 5 Update: xscreensaver-4.24-2 | ||
| 6th, April, 2006
Don't leak zombie processes with the GL SlideShow ScreenSaver advisories/fedora/fedora-core-5-update-xscreensaver-424-2-12-01-00-122254 |
||
| Fedora Core 5 Update: GConf2-2.14.0-1 | ||
| 6th, April, 2006
Updated package. advisories/fedora/fedora-core-5-update-gconf2-2140-1-12-02-00-122255 |
||
| Fedora Core 5 Update: liboil-0.3.8-1.fc5 | ||
| 6th, April, 2006
This update rebases liboil to 0.3.8 to help resolve issues required by packages in Fedora Extras. advisories/fedora/fedora-core-5-update-liboil-038-1fc5-12-02-00-122256 |
||
| Fedora Core 5 Update: gnome-screensaver-2.14.0-1.fc5 | ||
| 6th, April, 2006
This update corrects a problem where kerberos credentials weren't being properly refreshed when a user successfully authenticates in the unlock dialog. advisories/fedora/fedora-core-5-update-gnome-screensaver-2140-1fc5-12-03-00-122257 |
||
| Fedora Core 5 Update: alsa-utils-1.0.11-4.rc2 | ||
| 6th, April, 2006
Updated package. advisories/fedora/fedora-core-5-update-alsa-utils-1011-4rc2-12-03-00-122258 |
||
| Fedora Core 5 Update: system-config-printer-0.6.151.2-1 | ||
| 6th, April, 2006
With no configured printers, it was not possible to disable automatic browsing for shared printers. advisories/fedora/fedora-core-5-update-system-config-printer-061512-1-12-04-00-122259 |
||
| Fedora Core 5 Update: gnome-screensaver-2.14.0-1.fc5.1 | ||
| 6th, April, 2006
This update fixes problems detecting idle activity. advisories/fedora/fedora-core-5-update-gnome-screensaver-2140-1fc51-12-04-00-122260 |
||
| Fedora Core 5 Update: xsane-0.99-2.2.fc5.4 | ||
| 7th, April, 2006
Updated package. advisories/fedora/fedora-core-5-update-xsane-099-22fc54-09-28-00-122269 |
||
| Fedora Core 5 Update: cairo-1.0.4-1 | ||
| 7th, April, 2006
An updated version of the cairo package fixes several bugs, among them a bug which could lead to Pango crashes with corrupt fonts. advisories/fedora/fedora-core-5-update-cairo-104-1-09-28-00-122270 |
||
| Fedora Core 4 Update: sane-backends-1.0.17-0.fc4.2 | ||
| 7th, April, 2006
Updated package. advisories/fedora/fedora-core-4-update-sane-backends-1017-0fc42-09-29-00-122271 |
||
| Fedora Core 5 Update: subversion-1.3.1-2.1 | ||
| 7th, April, 2006
This update includes the latest upstream release of Subversion, version 1.3.1. This release includes a number of minor bug fixes and improvements. advisories/fedora/fedora-core-5-update-subversion-131-21-09-29-00-122272 |
||
| Fedora Core 5 Update: netpbm-10.33-0.fc5 | ||
| 7th, April, 2006
Updated package. advisories/fedora/fedora-core-5-update-netpbm-1033-0fc5-10-49-00-122273 |
||
| Fedora Core 5 Update: gnbd-kernel-2.6.15-5.FC5.25 | ||
| 8th, April, 2006
Packages update to the latest kernel (2.6.16-1.2080_FC5) and now include xen packages for x86_64. advisories/fedora/fedora-core-5-update-gnbd-kernel-2615-5fc525-18-05-00-122283 |
||
| Fedora Core 4 Update: netpbm-10.33-0.FC4 | ||
| 8th, April, 2006
Updated package. advisories/fedora/fedora-core-4-update-netpbm-1033-0fc4-18-05-00-122284 |
||
| Fedora Core 5 Update: shadow-utils-4.0.14-6.FC5 | ||
| 8th, April, 2006
Updated package. advisories/fedora/fedora-core-5-update-shadow-utils-4014-6fc5-18-06-00-122285 |
||
| Fedora Core 5 Update: cman-kernel-2.6.15.1-0.FC5.18 | ||
| 8th, April, 2006
Packages update to the latest kernel (2.6.16-1.2080_FC5) and now include xen packages for x86_64. advisories/fedora/fedora-core-5-update-cman-kernel-26151-0fc518-18-06-00-122286 |
||
| Fedora Core 5 Update: dlm-kernel-2.6.15.1-0.FC5.16 | ||
| 8th, April, 2006
Packages update to the latest kernel (2.6.16-1.2080_FC5) and now include xen packages for x86_64. advisories/fedora/fedora-core-5-update-dlm-kernel-26151-0fc516-18-07-00-122287 |
||
| Fedora Core 5 Update: GFS-kernel-2.6.15.1-5.FC5.19 | ||
| 8th, April, 2006
Packages update to the latest kernel (2.6.16-1.2080_FC5) and now include xen packages for x86_64. advisories/fedora/fedora-core-5-update-gfs-kernel-26151-5fc519-18-07-00-122288 |
||
| Fedora Core 5 Update: ghostscript-8.15.1-7.2 | ||
| 10th, April, 2006
A problem with converting PS and EPS files into PDF has been fixed. Also, Japanese fonts have been added to the default font path. advisories/fedora/fedora-core-5-update-ghostscript-8151-72-17-45-00-122300 |
||
| Fedora Core 5 Update: checkpolicy-1.30.3-1.fc5 | ||
| 11th, April, 2006
Update SELinux policy to current rawhide to fix many policy problems advisories/fedora/fedora-core-5-update-checkpolicy-1303-1fc5-15-41-00-122309 |
||
| Fedora Core 5 Update: libsemanage-1.6.2-2.fc5 | ||
| 11th, April, 2006
Update SELinux policy to current rawhide to fix many policy problems advisories/fedora/fedora-core-5-update-libsemanage-162-2fc5-15-41-00-122310 |
||
| Fedora Core 5 Update: libsepol-1.12.4-1.fc5 | ||
| 11th, April, 2006
Update SELinux policy to current rawhide to fix many policy problems advisories/fedora/fedora-core-5-update-libsepol-1124-1fc5-15-42-00-122311 |
||
| Fedora Core 5 Update: selinux-policy-2.2.29-3.fc5 | ||
| 11th, April, 2006
Update SELinux policy to current rawhide to fix many policy problems advisories/fedora/fedora-core-5-update-selinux-policy-2229-3fc5-15-42-00-122312 |
||
| Fedora Core 5 Update: eclipse-changelog-2.0.2_fc-1 | ||
| 11th, April, 2006
This is a bug-fix update for the Eclipse ChangeLog plugin. It includes fixes to the formatting of multiple ChangeLog entries by the same person. advisories/fedora/fedora-core-5-update-eclipse-changelog-202fc-1-16-53-00-122314 |
||
| Fedora Core 4 Update: gaim-1.5.0-16.fc4 | ||
| 11th, April, 2006
This update fixes Bug #185222 where gaim would crash when you use the buddy blocking feature with the MSN protocol. It also contains a minor logging fix. advisories/fedora/fedora-core-4-update-gaim-150-16fc4-16-54-00-122315 |
||
| Fedora Core 5 Update: gaim-1.5.0-16.fc5 | ||
| 11th, April, 2006
This update fixes Bug #185222 where gaim would crash when you use the buddy blocking feature with the MSN protocol. advisories/fedora/fedora-core-5-update-gaim-150-16fc5-16-54-00-122316 |
||
| Fedora Core 4 Update: squirrelmail-1.4.6-5.fc4 | ||
| 12th, April, 2006
This update fixes revert Squirrelmail encoding behavior for Chinese and Korean languages, in addition to the Japanese fix of the previous update. advisories/fedora/fedora-core-4-update-squirrelmail-146-5fc4-14-29-00-122325 |
||
| Fedora Core 5 Update: squirrelmail-1.4.6-5.fc5 | ||
| 12th, April, 2006
This update fixes revert Squirrelmail encoding behavior for Chinese and Korean languages, in addition to the Japanese fix of the previous update. advisories/fedora/fedora-core-5-update-squirrelmail-146-5fc5-14-29-00-122326 |
||
| Gentoo | ||
| Gentoo: ClamAV Multiple vulnerabilities | ||
| 7th, April, 2006
ClamAV contains multiple vulnerabilities that could lead to remote execution of arbitrary code or cause an application crash. |
||
| Mandriva | ||
| Mandriva: Updated clamav packages fix vulnerabilities | ||
| 7th, April, 2006
Damian Put discovered an integer overflow in the PE header parser in ClamAV that could be exploited if the ArchiveMaxFileSize option was disabled (CVE-2006-1614). |
||
| Mandriva: Updated mplayer packages fix integer overflow vulnerabilities | ||
| 7th, April, 2006
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. |
||
| Mandriva: Updated openvpn packages fix vulnerability | ||
| 10th, April, 2006
A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. Updated packages have been patched to correct this issue by removing setenv support. |
||
| Mandriva: Updated openvpn packages fix vulnerability | ||
| 10th, April, 2006
Tavis Ormandy of the Gentoo Security Project discovered a vulnerability in zlib where a certain data stream would cause zlib to corrupt a data structure, resulting in the linked application to dump core (CVE-2005-2096). |
||
| Mandriva: Updated xscreensaver packages fix clear-text password vulnerability | ||
| 11th, April, 2006
Rdesktop, with xscreensaver < 4.18, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. Updated xscreensaver packages have been patched to correct this issue. |
||
| SuSE | ||
| SuSE: clamav various problems | ||
| 11th, April, 2006
Updated package. |
||
