EnGarde Secure Linux: Why not give it a try?
EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
Linux Security Howto Glossary
Included below are several of the most frequently used terms in computer security. A comprehensive dictionary of computer security terms is available in the LinuxSecurity.com Dictionary
- authentication: The process of knowing that the data received is the same
as the data that was sent, and that the claimed sender is in fact the actual
sender.
- bastion Host: A computer system that must be highly secured because it
is vulnerable to attack, usually because it is exposed to the Internet and
is a main point of contact for users of internal networks. It gets its name
from the highly fortified projects on the outer walls of medieval castles.
Bastions overlook critical areas of defense, usually having strong walls,
room for extra troops, and the occasional useful tub of boiling hot oil for
discouraging attackers.
- buffer overflow: Common coding style is to never allocate large enough
buffers, and to not check for overflows. When such buffers overflow, the executing
program (daemon or set-uid program) can be tricked in doing some other things.
Generally this works by overwriting a function's return address on the stack
to point to another location.
- denial of service: An attack that consumes the resources on your computer
for things it was not intended to be doing, thus preventing normal use of
your network resources for legitimate purposes.
- dual-homed Host: A general-purpose computer system that has at least two
network interfaces.
- firewall: A component or set of components that restricts access between
a protected network and the Internet, or between other sets of networks.
- host: A computer system attached to a network.
- IP spoofing: IP Spoofing is a complex technical attack that is made up
of several components. It is a security exploit that works by tricking computers
in a trust relationship into thinking that you are someone that you really
aren't. There is an extensive paper written by daemon9, route, and infinity
in the Volume Seven, Issue Forty-Eight issue of Phrack Magazine.
- non-repudiation: The property of a receiver being able to prove that the
sender of some data did in fact send the data even though the sender might
later deny ever having sent it.
- packet: The fundamental unit of communication on the Internet.
- packet filtering: The action a device takes to selectively control the
flow of data to and from a network. Packet filters allow or block packets,
usually while routing them from one network to another (most often from the
Internet to an internal network, and vice-versa). To accomplish packet filtering,
you set up rules that specify what types of packets (those to or from a particular
IP address or port) are to be allowed and what types are to be blocked.
- perimeter network: A network added between a protected network and an external
network, in order to provide an additional layer of security. A perimeter
network is sometimes called a DMZ.
- proxy server: A program that deals with external servers on behalf of internal
clients. Proxy clients talk to proxy servers, which relay approved client
requests to real servers, and relay answers back to clients.
- superuser: An informal name for root.
From the Linux Security HowTo by Dave Wreski:
/howtos
LinuxSecurity.com Feature Extras:
EnGarde Secure Linux v3.0.6 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.6 (Version 3.0, Release 6). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New awstats packages fix arbitrary command execution | ||
| 18th, May, 2006
Updated package. advisories/debian/debian-new-awstats-packages-fix-arbitrary-command-execution-97479 |
||
| Debian: New quagga packages fix several vulnerabilities | ||
| 19th, May, 2006
Updated package. advisories/debian/debian-new-quagga-packages-fix-several-vulnerabilities |
||
| Debian: New kernel-patch-vserver packages fix privilege escalation | ||
| 19th, May, 2006
Updated package. advisories/debian/debian-new-kernel-patch-vserver-packages-fix-privilege-escalation |
||
| Debian: New popfile packages fix denial of service | ||
| 19th, May, 2006
Updated package. advisories/debian/debian-new-popfile-packages-fix-denial-of-service |
||
| Debian: New phpgroupware packages fix execution of arbitrary web script code | ||
| 19th, May, 2006
Updated package. advisories/debian/debian-new-phpgroupware-packages-fix-execution-of-arbitrary-web-script-code |
||
| Debian: New cscope packages fix arbitrary code execution | ||
| 19th, May, 2006
Updated package. advisories/debian/debian-new-cscope-packages-fix-arbitrary-code-execution-15882 |
||
| Debian: New hostapd packages fix denial of service | ||
| 20th, May, 2006
Updated package. advisories/debian/debian-new-hostapd-packages-fix-denial-of-service |
||
| Debian: New phpbb2 packages fix execution of arbitrary web script code | ||
| 20th, May, 2006
Updated package. advisories/debian/debian-new-phpbb2-packages-fix-execution-of-arbitrary-web-script-code |
||
| Debian: New Linux kernel 2.4.16 packages fix several vulnerabilities | ||
| 20th, May, 2006
Updated package. advisories/debian/debian-new-linux-kernel-2416-packages-fix-several-vulnerabilities |
||
| Debian: New fbi packages fix denial of service | ||
| 20th, May, 2006
Updated package. advisories/debian/debian-new-fbi-packages-fix-denial-of-service |
||
| Debian: New Linux kernel 2.4.18 packages fix several vulnerabilities | ||
| 20th, May, 2006
Updated package. advisories/debian/debian-new-linux-kernel-2418-packages-fix-several-vulnerabilities-98916 |
||
| Debian: New Linux kernel 2.4.19 packages fix several vulnerabilities | ||
| 21st, May, 2006
Updated package. advisories/debian/debian-new-linux-kernel-2419-packages-fix-several-vulnerabilities |
||
| Debian: New Linux kernel 2.4.18 packages fix several vulnerabilities | ||
| 21st, May, 2006
Updated package. advisories/debian/debian-new-linux-kernel-2418-packages-fix-several-vulnerabilities-98916 |
||
| Debian: New MySQL 3.23 packages fix several vulnerabilities | ||
| 22nd, May, 2006
Updated package. advisories/debian/debian-new-mysql-323-packages-fix-several-vulnerabilities |
||
| Debian: New Nagios packages fix arbitrary code execution | ||
| 22nd, May, 2006
A buffer overflow has been discovered in nagios, a host, service and network monitoring and management system, that could be exploited by remote attackers to execute arbitrary code. advisories/debian/debian-new-nagios-packages-fix-arbitrary-code-execution |
||
| Debian: New MySQL 4.1 packages fix several vulnerabilities | ||
| 22nd, May, 2006
Several vulnerabilities have been discovered in MySQL, a popular SQL database. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2006-0903, CVE-2006-1516, CVE-2006-1517, CVE-2006-1518 |
||
| Debian: New mpg123 packages fix arbitrary code execution | ||
| 24th, May, 2006
Updated package. advisories/debian/debian-new-mpg123-packages-fix-arbitrary-code-execution |
||
| Mandriva | ||
| Mandriva: Updated kernel packages fix multiple vulnerabilities | ||
| 18th, May, 2006
Prior to Linux kernel 2.6.16.5, the kernel does not properly handle uncanonical return addresses on Intel EM64T CPUs which causes the kernel exception handler to run on the user stack with the wrong GS. |
||
| Mandriva: Updated gstreamer-plugins packages fix audio CD bug | ||
| 21st, May, 2006
The gnome-cd program would hang on certain audio CDs due to a regression in gstreamer-cdparanoia. Updated packages have been patched to correct this issue. |
||
| Mandriva: Updated kernel packages fixes netfilter SNMP NAT memory corruption | ||
| 24th, May, 2006
Memory corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed. The provided packages are patched to fix this vulnerability. Users who may be running netfilter on important servers are encouraged to upgrade to these updated kernels. |
||
| Mandriva: Updated hostapd package to address DoS vulnerability | ||
| 24th, May, 2006
Hostapd 0.3.7 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. Packages have been patched to correct this issue. |
||
| Mandriva: Updated kphone packages fixes permissions issue with .qt/kphonerc | ||
| 24th, May, 2006
Kphone creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. Packages have been patched to correct this issue. |
||
| Mandriva: Updated shadow-utils packages fix mailbox creation vulnerability | ||
| 24th, May, 2006
A potential security problem was found in the useradd tool when it creates a new user's mailbox due to a missing argument to the open() call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before the proper fchmod() call is executed. Packages have been patched to correct this issue. |
||
| Mandriva: Updated php packages fix vulnerabilities | ||
| 24th, May, 2006
An integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow (CVE-2006-1990). |
||
| Red Hat | ||
| RedHat: Moderate: xscreensaver security update | ||
| 23rd, May, 2006
An updated xscreensaver package that fixes two security flaws is now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-xscreensaver-security-update-RHSA-2006-0498-01 |
||
| RedHat: Moderate: php security update | ||
| 23rd, May, 2006
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-php-security-update-38610 |
||
| RedHat: Important: postgresql security update | ||
| 23rd, May, 2006
Updated postgresql packages that fix several security vulnerabilities are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-postgresql-security-update-35316 |
||
| RedHat: Important: kernel security update | ||
| 24th, May, 2006
Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
