Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
open-sourcecybersecuritysecurity insightsInsights From Jon Maddog Hall On Linux Evolution And Open Source Security
maddog, as he’s affectionately known throughout the Linux and open source community, has made a career of being in the trenches with the Linux developers, teaching them the way of Open Source and Free Software development after decades of being involved with technology and education. . In an exclusive interview with LinuxSecurity researchers, Jon "maddog" Hall, often referred to as “the Godfather of Linux”, reveals his history with Linux, some of his contributions to the community, a bit about its evolution, and his thoughts on what we might see with Linux in the coming years. LinuxSecurity: When was the first time you realized Linus really had something special with the creation of Linux and it was going to change the world the way it has? It took a while. When I first met Linus at DECUS in May of 1994 I saw an interesting project that could help develop research on 64-bit address spaces on top of the Alpha processor. As I talked with Linus I liked him both for his technical expertise, as well as for his personality. I also tried Linux on an Intel computer and was impressed with the speed and “feel” of the system. Later I began to think about having the same “Unix-like” system, with source code, available across all the different systems. Remember that BSD was still going through the lawsuit and was not available for free distribution. LinuxSecurity: You've talked about "world domination" with free and open-source software in the past - do you believe we've reached that point now? We have reached a lot of that in High-Performance Computing, Embedded Systems, Servers, and Android phones, but we are still not quite there on desktops and laptops (although Android-based Chromebooks are biting into that). LinuxSecurity: What do you think are some of the biggest open source accomplishments? High-Performance Computing (based on the work of the “Beowulf” systems by Donald Becker and Dr. Thomas Sterling), and the work on the Internet, including the World Wide Web. LinuxSecurity: How have the Linux and open source communities changed over the last twenty years? A lot more “Open Source Developers” are employed by companies or have their own companies based on “Open Source” and Free Software. LinuxSecurity: What impact has the pandemic had on Linux development, implementation, and features? Not much, since most FOSS projects were developed over the Internet anyway. I would say there has been a large increase in video conferencing tools, and ones that were marginal have many more features and scalability today. LinuxSecurity: Where do you think Linux has been most successful? Is there a specific industry that has benefited most, like healthcare or finance, or a specific field, like security or web hosting? Definitely web hosting and virtualization, and with that, security, which is very necessary in an Internet-based environment. LinuxSecurity: We've talked a bit about open source versus proprietary software as it relates to security. While the application of open-source may not inherently be more secure, open-source design and the concept of "many eyes" provides the ability for it to be more secure. Do you believe this is one of the successes of Linux and open source? What role does the "many eyes" aspect of open source have to the overall security of Linux? Actually, I do not believe in the “many eyes” aspect. I know of FOSS projects that have only one set of eyes on the code, and while many people *could* look at the sources, only the one person *does* look at it. Of course, the same can be said of much-closed source code too. I also do not believe in the concept that FOSS is more susceptible to security breaches because bad actors can “see where the bugs are”. If obscurity was the basis of security, then Microsoft would be the most secure system in the world…… In my mind the true benefit of Free Software (and I use that term instead of Open Source) is that the end-user has access to the source code so they can fixthe bug when it is found….in professional terms “Mean Time To Fix (MTTF)”. I have worked on (and owned) closed source systems. When the company that developed and shipped that system lost interest in it, you could no longer get security patches for it, even though many people might still be using it. The company might tell you to update to a newer version of their software, but they do not seem to realize (or care) that you can not do that. You do not have the money to buy new hardware to run the new operating system. The device controller that you have does not work with the new operating system or the new motherboard you have. The software that you use has not been ported to the new operating system or hardware. The reasons go on and on. While Windows XP was retired more than a decade ago, it is estimated that .6% of the PC base is still running Windows XP. That does not sound like a lot until you do the math and realize it is over 12 million systems. If Microsoft had released the source code for Windows XP, then owners of the systems could have formed a community to keep the system software securely patched… or at least as secure as it ever is. When Free Software developers detect a bug, they usually supply a source code patch that can be applied across multiple distributions, multiple hardware architectures, and multiple editions of Linux within hours. Some people say “Oh maddog! I do not have the expertise to apply those patches”. That might be true, but you have the ability to hire someone to apply those patches. It is YOUR choice, and YOUR control of YOUR software. With Microsoft you have no control ….it is not YOUR software . Jon Hall auf der CeBIT 2015 in Hannover, Olaf Kosinsky, Wikimedia Open-source security is big business. Many of the world's largest organizations have now contributed to the Open Source Security Foundation (OpenSSF) and others to improve the security of open-source software. Google committed $1 million to a new Linux Foundation opensource security rewards program after the Linux Foundation raised $10M itself to support open source security projects. Google has committed $100 million overall to support third-party foundations that manage open source security priorities and help fix vulnerabilities. LinuxSecurity: This is especially important at a time when we've seen an increase in supply chain attacks and ransomware attacks on the nation's infrastructure. Do you think Linux vendors are doing enough to protect their users? Where do you think the most significant improvements need to take place? As organizations shift more resources to the cloud, do you think this is a priority for organizations today? Do you think open source could be the solution to these national cybersecurity concerns? Security is a big problem and getting bigger and more intense as more and more systems control our daily lives. We can no longer fly planes or use elevators without computers. Autonomous cars are on the horizon. Years ago OpenBSD had a “side project” of developing security-related software and OpenSSH and OpenSSL were created. Much work was done to eliminate buffer overflows, etc. But more work has to be done. On the other hand, many security issues come from “bad user on device” or improper system and network administration techniques, so even the most secure code in the world will not protect your network… this is where security training and certification efforts like LPI’s come in. We need to build security in, not have it as an add-on later. We need to train “Mom&Pop” in basic security techniques and not to paste their passwords as a “sticky” on their screens or under their keyboards. LinuxSecurity: What's next for Linux in the security arena? I do not know what is “next”, but what I would like to see is a trusted system that enables a secure boot and trusted applications, built-in with a Free Software model and with certificates that can be generated by anyone, not just Microsoft. LinuxSecurity: We've talked about how Microsoft has discontinued support for many of their products, leaving tens of millions of users unable to keep their legacy systems secure. Do you think Microsoft should open source their legacy applications they no longer support? Do you think this would help to address the outstanding security concerns? I have discussed some of this above, and I think it would be great if Microsoft was to Open Source all of their products, but I do not believe that will happen, nor may it even be possible. Large corporations like Microsoft often buy technology from other companies or use technologies under license or NDA that may not allow them to share the source code with end-users. Likewise, it is not just the source code that has to be released, but the build environment that has to be duplicated to maintain a whole system. This would cost a lot of money. LinuxSecurity: What do you attribute the increase in malware/ransomware attacks on Linux systems, or even the use of Linux systems to conduct these attacks? The greater number of Linux systems doing ever more valuable things is the reason. Crackers have long used FOSS tools to attack systems to find holes in the target systems due to the flexibility of the systems. Many of these same people typically build better, more secure systems with the information that they find. LinuxSecurity: Microsoft has changed its position on Linux a few times over the years. Not only are they a member of the Linux Foundation, but they are also submitting patches to the Linux kernel "to create a complete virtualization stack with Linux and Microsoft hypervisor." How do you believe this benefits the Linux community to have an inherently private organization with a history of "embrace and extend" now contributing to the development of Linux? Do you believe they are making valuable contributions to open source initiatives, or just making it easier for their own applications to interoperate in an open-source world? Microsoft contributes toprojects that benefit Microsoft . I do not blame them for that, they are a corporation with stockholders and a particular business plan. I will point out that Microsoft (and many other vendors) love “Open Source” (that mostly benefits the developer) rather than “Free Software” which benefits the developer and the end user by making sure the end user has all the software and facilities they need to rebuild their environment. Likewise Microsoft has been coming to FOSS events for years, talking about their products and developments and contributions to FOSS people. Yet NOT ONE TIME has Microsoft allowed Free Software people to come to their USER GROUP meetings to freely talk about the benefits of Free Software to their end-users. Microsoft did, one time, allow Richard Stallman to talk to their research group, but not to their end-users. Imagine if Microsoft end users understood that they, the end-user, could have CONTROL of their own systems?... If Microsoft wanted to embrace Free Software they might start by making Microsoft Office more compatible with Libre Office through the support of Open fonts and Excel macros and ODF, and other methods. But no…. Jon Hall with his gadgets 1, AbhiSuryawanshi, Wikimedia LinuxSecurity: Projects you're working on for 2022? Caninos Loucos, a long-running program to develop completely open single-board computers in Latin America. It is going slower than I hoped, but it is still moving along. Project Caua , a program to help college students with paying for “incidental expenses” (room, board, books, computers, internet, transportation, etc.) in countries that have free Federal and State tuition for qualified students. More than forty percent of the qualified students can not take advantage of the free tuition because they are too poor to afford the “incidentals”. Project Caua could help students start their own business supporting small business owners who can not afford a full-time systems administrator. I am also very interested in theRISC-V architecture and FPGAs. Finally I am cleaning my house, where I have been “collecting” things for fifty years… it may take me another fifty to get rid of it all. Conclusion Jon ‘maddog’ Hall has made a lasting impact on open-source and free software development and continues to be one of the leading voices in Linux. maddog’s expert opinion has given us an idea of what the future might hold for the open source community and where some of the developments have fallen short. Thank you, maddog, for your time and for answering our questions. . In a fascinating discussion, tech visionary Jon 'maddog' Hall reflects on the growth of Linux, its importance in cybersecurity, and the ongoing progress within the open-source community.. Jon Maddog Hall, Linux Evolution, Open Source Contributions, Free Software Insights, Cybersecurity Developments. . Brittany Day
Feb 03, 2022
•
102
open-sourcesoftware developmentemail securityApache SpamAssassin 18th Anniversary: A Leading Anti-Spam Platform
Apache SpamAssassin celebrates its 18th birthday this year, a huge accomplishment for everyone who has contributed to the open-source project for nearly the past two decades. SpamAssassin, a renowned and respected open-source anti-spam platform, provides a secure, reliable framework upon which companies can build highly effective spam filtering and email security solutions. . The project is the epitome of an open source success story: expert engineers and developers volunteered their time to combat the unsolicited email problem. The team demonstrated innovation, leadership and perseverance in the face of both success and adversity. Along the way, they incorporated enterprise functionality into the platform they had created as a means to solve real-world issues. Kevin McGrail, a cyber security and privacy expert and one of the lead developers for the SpamAssassin project since 1996, also considers SpamAssassin an open source success story, stating in a recent conversation with the LinuxSecurity team, “It protects millions of users every day and provides the inspiration if not the foundation of numerous commercial solutions for battling spammers.” Over the years McGrail has served as a developer, administrator, project chair and release manager for the SpamAssassin project. He is still involved with the project to this day. McGrail is also Director of Business Growth at InfraShield.com and serves as a Top Contributor, Developer Expert and Evangelist for Google G Suite. The History of SpamAssassin: How an Ingenious Idea Evolved into a World-Renowned Anti-Spam Platform SpamAssassin was created by Justin Mason, a software engineer who had maintained a number of patches against an earlier program named filter.plx by Mark Jeftovic. Mason rewrote all of Jeftovic’s code and uploaded the rewritten codebase to SourceForge on April 20, 2001. At the time, spam email was becoming increasingly problematic and no real tools existed to effectively combat it. Bill Cole, one ofthe lead developers involved in the SpamAssassin project, recalls, “2001 was a low point in the ‘arms race’ against spam and new tools were needed.” Engineers and developers saw potential in the SpamAssassin project and began to get involved. In the summer of 2004, Spamassassin became an Apache Software Foundation project and was officially renamed Apache SpamAssassin . Support and critique provided by the open source community drove rapid innovation and notable improvements during the project’s initial years. In an interview with the LinuxSecurity team, Bill Cole explains that he was impressed by the project’s rapid evolution, and that his outlook on the project changed drastically as he got involved. Cole was initially highly skeptical of the core mechanisms of SpamAssassin on both ethical and technical grounds. He admits that he was not an early fan due to “some ill-considered rules and sarcastic commentary.” However, by 2004 a combination of Cole’s experience with other tools and techniques to fight spam in corporate environments and improvements that had been made to the SpamAssassin project converted him from a heckler to a user. In 2018, Cole was invited to join the Apache PMC and has served there ever since. Over the past decade, SpamAssassin has evolved into a well-known anti-spam platform utilized by companies worldwide. The project now has 32 committers and 13 PMC members, and the radical transparency required of ASF projects provides a reputation of trustworthiness that the pre-ASF SpamAssassin had a hard time earning. Over the years, SpamAssassin has evolved significantly, still leveraging the scoring and rule framework that have made it successful and future-proof. SpamAssassin: A Highly Effective Open-Source Scoring Framework with Enterprise Functionality SpamAssassin does not simply block or accept mail; it analyzes it. Each message is given both a binary spam/not-spam decision and a simple numeric score indicating how strongly it looks likespam or ham (a.k.a. non-spam). The program operates on the principle that there is no single definitive mechanism to identify spam. Rather, it has a modular plugin architecture that supports a wide range of independent operations that can be correlated to the spam/ham classification. These operations include Bayesian classification (which utilizes Artificial Intelligence and Machine Learning), local history of similar messages, querying of shared reputation systems such as traditional DNSBLs and databases of URLs seen in spam, and identification of patterns in message headers, MIME structure, raw data and rendered content. These mechanisms are used to define "rules," each for a specific characteristic of a message. Each rule has its own score value (positive or negative) and messages are classified as spam or ham based on the sum of the scores of all rules that they match. “Mass-check” is a tool that SpamAssassin uses to maintain the quality and scoring of its default ruleset. It determines which rules are worth promoting as active. Open-source development has had a significant influence on SpamAssassin’s ability to provide companies with a highly flexible, scalable and effective framework for filtering spam. Unlike proprietary anti-spam platforms, SpamAssassin’s open-source, enterprise-grade code is available at no charge. Moreover, the scoring framework that SpamAssassin offers is supported by a knowledgeable, passionate community of mail server experts that help the developers in creating new rules and in developing new ideas that could improve the platform. McGrail summarizes the benefits of open-source development: “Open Source is about controlling your destiny and limiting risk. SpamAssassin is always available and the source code is there for anyone to modify.” ISPs and email security providers recognize and respect SpamAssassin’s transparency and effectivity. However, it is important to note that while SpamAssassin is a great piece of software, it must be implemented as part of acomprehensive email security gateway solution in order to effectively mitigate the risk and aggravation associated with spam email in the enterprise. Guardian Digital uses SpamAssassin’s framework as an element of its multi-tiered, open-source EnGarde Email Security Gateway . SpamAssassin’s scoring platform is a critical part of EnGarde’s spam filtering method. If SpamAssassin’s software indicates that a message resembles spam, EnGarde quarantines the email, preventing it from reaching the inbox. SpamAssassin works in conjunction with multiple other advanced security features to make EnGarde Email Security Gateway highly effective at identifying and blocking spam email, while keeping the rate of false positives impressively low. Guardian Digital CEO and lead architect Dave Wreski states, “Email security is all about defense in depth. No one feature or piece of software alone is enough to protect against sophisticated threats that constitute today’s email threat landscape. However, SpamAssassin’s scoring platform is definitely a key element of our EnGarde Email Security Gateway.” Wreski, who was working as a security engineer at UPS at the time, founded Guardian Digital in 1999 as a means of solving real-world digital problems with open-source software at a level capable of supporting the most intensive enterprise security demands. The company has since narrowed its focus from Internet security to email security, and has evolved into the premier open-source email security provider, successfully meeting the security needs of businesses worldwide. The Future of SpamAssassin: Upcoming Releases, Exciting New Features and Impressive Performance Improvements The future is bright for SpamAssassin, as well as providers and customers benefiting from the project’s valuable technology. Currently, SpamAssassin developers are working hard to finalize v3.4.3 with mostly bug and security fixes, along with as few new features and performance improvements. However, v4.0.0 is wherethe team is putting the majority of the new features that they are in the process of developing. These features and improvements include: Comprehensive Unicode and IDN support Unified common interface to all supported "GeoIP" backends More consistent logging format Asynchronous calls to remote services (Razor, Pyzor, DCC) Additional filtering plugin using "AI" principles Automated rule generation subsystem revived There is no set date or feature set defined for the 4.0.0 release; however, members of the project’s PMC indicate that it is approaching and will be well worth the wait. Giovanni Bechis, a security expert, OpenBSD enthusiast, international speaker and one of the lead developers for the SpamAssassin project, elaborates, “Both our last and our upcoming release have lots of improvements and new features, including antiphishing and antimalware technologies. SpamAssassin is a R&D project, so a lot of the technologies that are used to improve and become more efficient with every release.” The past two years or so have been a period of renewed forward movement for the Apache SpamAssassin project. And, with SpamAssassin’s 20th anniversary on the horizon, this momentum shows no signs of slowing down. McGrail reflects, “I’m proud that we have a stable and mature project that still helps people every day!” . The MySQL database management system marks its 25th anniversary, continuing as a pivotal tool in data handling and web applications.. Apache SpamAssassin, Email Filtering, Open Source Security, Anti-Spam Solutions, Software Evolution. . Brittany Day
Oct 24, 2019
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More