Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: April 7th, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Proxy Strike: Active Web Application Proxy," "Analyzing Malicious SSH Login Attempts," and "Using a Pluggable Authentication Module."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
Open Source Tool of March: ZoneMinder - For January and February, we chose some of the staples of open source security (GnuPG and Nmap) as the tool of the month. And deservedly so; both have just celebrated their ten-year anniversary in the open source realm, a rare feat for any open source project, much less one founded on security.
But for the month of March, we wanted to move ahead and change gears. This month's Open Source Tool is no newbie for sure, but we bet that most of you reading haven't heard of it. While most Linux security tools deal with digital security, this month's tool is one of the few to cross that divide;
Welcome to Zone Minder, the Open Source Tool for March...
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community v3.0.18 Now Available! (Dec 4)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.18 (Version 3.0, Release 18). This release includes the brand new Health Center, new packages for FWKNP and PSAD, updated packages and bug fixes, some feature enhancements to Guardian Digital WebTool and the SELinux policy, as well as other new features.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database and e-mail security, integrated intrusion detection and SELinux policies and more.
ProxyStrike - Active Web Application Proxy (Apr 4)
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so ProxyStrike was born.
Read on for further detail into how ProxyStrike helps you realize just what is happening behind the scenes as you browse sites. See if the sites you frequent are doing anything malicious behind your back!
Tresys have announced the release of the latest version of Reference Policy. A notable highlight in this release is the addition of core infrastructure for X window (XACE/XSELinux). There’s also new support for wireshark, policy refinements for several already supported applications, and general enhancements including 64-bit capability support and updates for labeled networking.
One interesting part of this release is XSELinux. Do you think this will improve the usability and security of x-windows? I personal don't have any experience with (XACE/XSELinux) so if anyone does feel free on make a comment about it.
After nearly 10 years of developement Wireshark (formely known as Ethereal) has finally reached version 1!
For those that don’t know, Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
Great news for this amazing complement to tcpdump! Check out the article for a list of enhanced features and experience packet visualization at its best!
The SELinux Developer Summit for 2008 has been announced. It will be held in Ottawa on the 22nd of July in conjunction with the Linux Symposium. This will be an open event for developers of SELinux and Flask/TE projects, as well as those with a strong technical interest. For more details, see the SELinux Developer Summit page.
Have you heard that the 2008 SELinux Developer Summit for 2008 is going to be held in Ottawa Canada? What do you think will come out of this Summit and are you planning on going?
Malicious SSH login attempts have been appearing in some administrators' logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one's system against these attacks.
We have all see in your log files attempts on trying to login in to our Linux machines through ssh. If you are interesting in learning more about what they are doing then trying to login in to your machine, setting up a honeypot is a great way to learn. This article explains everything you need to know about honeypots.
Linux Wins The Security Showdown! Now What? (Apr 2)
So now that Ubuntu Linux was "last man standing" in the PWN to OWN contest at CanSecWest, does this mean open source has it all over the competition when it comes to security? It can, and it ought to -- but it's not a guarantee. And we need to not think it is.
The writer brings up several valid points in this article - even though the Linux computer outlasted the Apple and Windows machines, any successful exploitation of the machine resulted in true "spoils of war" - they got to keep the laptop! Can the "success" of Linux at CanSecWest be a result of "security through obscurity" and the fact that you could win a shiny new MacBook Air through cracking it?
If you're concerned about protecting world-writeable shared directories such as /tmp or /var/tmp from abuse, a Linux® Pluggable Authentication Module (PAM) can help you. The pam_namespace module creates a separate namespace for users on your system when they login. This separation is enforced by the Linux operating system so that users are protected from several types of security attacks. This article for Linux system administrators lays out the steps to enable namespaces with PAM.
Have you heard about PAM? All Linux user's use PAM every time they use Linux. This article does a great job at explaining how PAM helps improve Linux user's security.
How To Set Up SSH With Public-Key Authentication On Debian Etch (Apr 1)
This mini-howto explains how to set up an SSH server on Debian Etch with public-key authorization (and optionally with disabled password logins). SSH is a great tool to control Linux-based computers remotely. It's safe and secure.
There's no warranty that it'll work for you. All of these settings are applicable for Debian and -like systems! There may be slightly changes on other systems as well.
Know your role and your SSH! There's nothing like a concise HowTo on getting things done, and in this case you can get your SSH woes out of the way with this article. Check one of our feature stories by Ryan W. Maple for an even more in depth view SSH best practices!
A Linux system has two kinds of users: ordinary users and the root user. Each ordinary user has a robust set of permissions to manage his or her own files (and files that belong to a group that he or she is a member of), but an ordinary user cannot affect system configuration, start or stop essential services such as the SSH daemon, and cannot reserve a so-called privileged port, or any networking port numbered less than 1,024. The root user, though, is free to access and modify any file, perform any task, and affect the system at will.
It's an important to learn how to use sudo securely. This article does a good job at helping users to setup sudo for their systems.
Project Announcement - oCERT - Open Source CERT (Mar 31)
We are pleased to announce a new project called oCERT, the Open Source Computer Emergency Response Team.
The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.
If you are a small project lacking security handling resources we can aid you in tracking down the extent and nature of potential compromises and security vulnerabilities and co-ordinate with all affected parties (like projects that ship your code).
If you are a big project and/or Open Source vendor we can promptly communicate with you reports and vulnerabilities that might affect your codebase and infrastructure and help you out with your security requirements.
Just because a project is open source does not ensure that it is totally secure. Check out the oCERT project for an attempt to help make open source security even better!
