Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Security Week: September 22nd, 2008
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, perhaps the most interesting articles include "Apache Log Analyzer for Security," "Securing Your Network Premises With Endian," "Nameserver (DNS) Security Scanner."
Linux+DVD
Magazine Our magazine is read by professional network and database administrators,
system programmers, webmasters and all those who believe in the power of Open
Source software. The majority of our readers is between 15 and 40 years old.
They are interested in current news from the Linux world, upcoming projects
etc.
In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
LinuxSecurity.com
Feature Extras:
Review: Hacking Exposed Linux, Third Edition - "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.
Security Features of Firefox 3.0 - Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security.
Read on for more security features of Firefox 3.0.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
EnGarde Secure Community 3.0.20 Now Available (Aug 19)
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.20 (Version 3.0, Release 20). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.
In distribution since 2001, EnGarde Secure Community was one of the very first security platforms developed entirely from open source, and has been engineered from the ground-up to provide users and organizations with complete, secure Web functionality, DNS, database, e-mail security and even e-commerce.
Work on the Fedora infrastructure has returned to normal at this point. Updates are once again available for Fedora 8 and Fedora 9, our current releases, using the new package signing key we've implemented. To read more about the new package signing key, refer to:
https://fedoraproject.org/wiki/New_signing_key, and https://fedoraproject.org/wiki/Enabling_new_signing_key.
In addition, Rawhide has returned to service, as well as our other services such as Fedora Hosted.
Looks like the people behind the Fedora project are continuing to investigate the security issue they were having. What do you think will be the result of this investigation?
Scalp! is a log analyzer for the Apache web server that aims to look for security problems. The main idea is to look through huge log files and extract the possible attacks that have been sent through HTTP/GET (By default, Apache does not log the HTTP/POST variable). Scalp is basically using the regular expression from the PHP-IDS project and matches the lines from the Apache log. These regexp has been chosen because of their quality and the top activity of the team maintaining that project.
Have you ever used a log analyzer called Scalp? This project tries to look for possible security issues with your Apache web server implementation by checking the logs from your webserver. Do you use any other tools for checking your Apache logs or do you just check your only logs by eye.
Securing Your Network Premises With Endian (Sep 17)
Unified Threat Management (UTM) devices unify all network security elements into a single device. They often include a combination of routing, firewall, intrusion detection, content filtering, URL filtering, spam filtering, VPN, and antivirus functionalities. These devices usually cost thousands of dollars and require subscriptions. However, you can secure your network and save money at the same time with Endian Firewall Community, a free, open source alternative to costly UTM devices
Do you want to secure your network with a free open-source UTM system based on Red Hat? Check out its functionality and performance in this informative article.
A common (and commonly ignored) step when rebuilding Source RPMs from a remote archive is that of verification of the authenticity of the content.
An archive maintainer may choose to sign, or to not sign RPM (and thus SRPM) content it releases. Implicitly, an archive which does sign its content provides a way for a consumer of that content, remote in time or at another site, to verify the authenticity, integrity, and provenance of that package. An earlier post discussed using GPG to verify signed content generally.
Have you ever wondered what the importance of using a signing key with RPM? This article discuses how to use them to make your RPM packages more secure.
How To Block Spammers/Hackers With Apache2's mod_spamhaus (Sep 16)
mod_spamhaus is an Apache module that uses DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address.
What to do when you find your site to be spam by attackers using your web forms? This article looks at one way of helping this problem which the Apache module called mod_spamhaus.
This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.
Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread.
With the threat on DNS increasing and it's importance to the internet as a whole it's something that system administrator's need to take seriously. This article looks at the security tool for bind called PorkBind.
