Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
software updatepatch managementdisaster recoveryKey Strategies For Effective Linux Patching And Recovery Planning
Patching and upgrading software requires more than running a few commands. Having a patch recovery plan, communicating with developers on that server, and knowing who to contact in case of a botched patch job is critical.. I wonder what goes through Jay. F.'s head when I send another patch update with a few dozen servers to patch. Patch Management can be a headache, especially in a large network environment. It can also be disastrous if someone doesn't read the documentation that comes with patches or types the wrong command to upgrade a software package. Consequently, knowing how to back out of a botched patch job is just as important as knowing how to apply the patch. Don't apply multiple patches at once. Apply patches in increments, it makes recovering from a problem with one patch a whole lot easier. Patching will require you to know the functionality of services running and the current security settings. Some patches may disable security settings, overwrite a configuration file or may start services that were shut down or weren't even previously enabled. Backup configuration files for a software package before applying a patch to it. Also, run the following commands to see if something was started or disabled after the patch was applied. /bin/ps -ef > before-patches-ps.txt and /bin/netstat -an > before-patches-netstat.txt. Then after the patches run: /bin/ps -ef > after-patches-ps.txt and /bin/netstat -an > after-patches-netstat.txt Run diff or sdiff on the those files to see if anything has changed. /usr/bin/sdiff before-patches-ps.txt after-patches-ps.txt Also, check your file-integrity program to see what changes were made to the system. File-integrity programs have more uses than just looking for intruders. Many vendors have a patch management program that will check your system against the most recent software versions available and download or send an email with the latest available versions. It isrecommended to only allow these automated programs to alert you when there are new packages available . Others have mailing list and some vendors publish updates on Bugtraq. Before you patch your systems: Know who to contact before applying a patch, in case something goes wrong. Write down the current version of the software to be patched. Have that version on standby in case something goes wrong. Write down the version to be updated. Read the documentation about the patch before applying it. Check the website's mailing lists, if any, to see if others have had a problem with that patch. Take a deep breath and apply it. Before patching, talk to the programmers and others who use the system about what is going to be done. If patching will break an existing service, for sure, then monitor that service more closely and document (GASP!! THE "D" WORD) why the service can't be patched and give a copy to your supervisor. Last, but not least, email the software's developers and explain that the patch didn't work properly. Case example K.D. was upgrading packages on his Linux server and he ran the commands: /bin/rpm -Uhv *.rpm and /sbin/reboot The server rebooted but his Linux installation didn't boot. His system was hosed and had to reinstall the whole system. After reinstalling, applying updates, and restoring from backups, a half a day had gone by and this was a critical server. The error in K.D.'s case was that the latest kernel was within the rpms that he upgraded. He didn't know that the kernel should be installed with the command: /bin/rpm -ihv kernel-version.rpm instead of: /bin/rpm -Uvh kernel-version.rpm The switches, " ivh " installs the new kernel and modules and keeps the original kernel and modules. The switches " Uhv " removes the current kernel and modules and installs the new kernel and modules. He also didn't edit the boot loader configuration file to point to the new kernel. K.D. had backups but nopatch management recovery plan. K.D. was in an organization where he could have had a plan written up and reviewed by others. If K.D. had a recovery plan and communicated with the right people he could have gone into rescue mode, edited the boot loader configuration file, and rebooted with the new kernel with minimal down time. Managers, require your admins to provide you a written patch management plan. The plan should include: Sites, mailing lists, and other sources to monitor for each service running on the servers they maintain. The primary and backup person to apply patches and their contact information. Contact information for any developers, programmers, or other admins running mission critical programs on that system. What is to be done if a patch breaks soemthing eg. what is the backup procedure and who to contact. What system to test patches on. Some organizations may not have the luxury of having test systems. That shouldn't be a problem because there are many operating system emulators available An investment in VMWare may be worth pennies compared to a day of lost revenue because a single patch broke your companies credit-card processing system. There is also the excellent GPL'd program User-mode Linux which emulates a Linux environment. With either program you can setup your production servers same software configuration and apply patches and see if it causes any problems. Having a patch management disaster recovery plan, good communication, and cooperation will make patch management a seamless process. Also, Managers we need your support. Duane Dunston is a Computer Security Analyst at STG Inc. for the National Climatic Data Center in Asheville, NC. He received his B.A. and M.S. degrees from Pfeiff er University and he has his GSEC certification from SANS. He hangs out at Old Europe Cafe, Early Girl's eatery, Annton y's, and any place with good tea and hot chocolate. Duane has been working in security for 5 years and wishes he had thefunding for a "Basic Security Tour" so he could provide the world with hands-on training on how to implement the security recommendations from the Sans Top 20 List of the most common vulnerabilities. He knows that applying these recommendations to any network can minimize the most com mon types of attacks. Not only does he enjoy his work in computer security, he also likes to get involved in its ever-g rowing technologies. Duane says, "Security is one of those jobs where you have to stay abreast of new technologies and new ways that attackers are compromising computer systems. Security keeps evolving and the industry has to keep up w ith it, that is why we need well-trained, evolving security professionals supportive managers to help us with this ongo ing process". . I wonder what goes through Jay. F.'s head when I send another patch update with a few dozen servers . patching, upgrading, software, requires, running, commands, having, patch, recovery. . Duane Dunston
Jan 20, 2003
•
102
remote accessdisaster recoverydata integrityARCserveIT v6.61: Comprehensive Backup Solution for Linux Users
ARCServeIT, the Computer Associates Backup Software Solution for Linux, Helps Linux Users Stay on Top of Storage Issues/Disaster Recovery . Introduction: Data backup and recovery is one of the most essential parts in administering computer networks. Up to this point, many system administrators have relied on a combination of shell scripts and dump to backup their system. Many administrators have already found from experience that this combination has limited functionality and often requires custom scripting to fit the needs of each individual. Last month, Computer Associates, Inc . asked us to review ARCserveIT v6.61 Advanced Edition for Linux. The initial installation was not complicated and each function executed as documented. The Advanced Edition for Linux has many interesting features. Perhaps the most interesting one is the Java interface. ARCserveIT requires apache and installs the Java control panel at ( ) It can be accessed locally or via a network. This makes ARCserveIT administration easy. ARCserveIT also can be access and controlled from the command line. The appearance, ease of use, and functionality of ARCserveIT were all excellent. In the two week testing period, ARCserveIT remained stable, executed all jobs, and logged all events. If you are looking for a better Linux backup solution, ARCserveIT may be what you need. To the left: A screen shot of ARCServeIT's Java based user interface. After apache is configured, this interface can be called from any remote location with WWW access. Overall Grade: A Features of ARCserveIT v6.61: Integrated Client Support Multiple Server Support (Deploy ARCserveIT to backup unlimited servers throughout the network.) Integrated Tape and Optical Library Support Extensive Device Support Advanced Scheduling Data Verification (CRC - byte by byte verification) Parallel Streaming (Back up/restore data simultaneously, to or fromup to 32 devices) Automatic Alerts ARCserveIT writes data to tape using the Universal Tape Format (UTF). Functions of ARCserveIT v6.61: Backup: (Backup Manager) This section is used to configure which computer(s) on the network you wish to back up, path, destination media, and backup schedule. Restore: (Restore Manager) This section is obviously for restoring previous backups. It can be used to restore local or networked machines. Job Status: (Job Status Manager) This section displays the current jobs to be executed. It can also be used to configure more advanced backup schedules. Backup schedules can be extremely complex. (ie. M-W-F full backup, T-H incremental, every 6 days regardless, full backup, etc. ) Devices: (Device Manager) This section gives a detailed summary of the backup devices installed. Other commands such as format, erase, compress, clean, can be executed. Database: (Database Manager) This section gives a more detailed view of the hard drive, network, and ARCserveIT configuration. Merge: (Merge Manager) This section is used to determine/choose how a particular media source is merged. Scan: (Scan Manager) This section is used to configure backup scans. Reports: (Report Manager) This section is used to organize log messages, and to gatherbackup job reports. Profiles: (Profile Manage) This section is used to add, remove, and configure backup managers. *NOTE: It is extremely important that you set a password for the arcroot user. The default password is blank. Evaluation Platform: Pentium 466 mhz, 64 mb Ram, SyQuest Syjet 1.5GB Portable SCSI tape Backup, Red Hat Linux v6.1, Apache 1.3.12 System Software Requirements: Apache Web Server and pdksh need to be preinstalled. pd-ksh is a clone of the Korn Shell.The ksh shell is a command interpreter intended for both interactive and shell script use. Ksh's command language is a superset of the sh shell language. Browser With Java Support, and at least 800x600 resolution to view httpd interface frames correctly. Supported Distributions: Red Hat 6.1, SuSE 6.3 , Caldera OpenLinux 2.3 , Turbo Linux 6.0 Hardware Requirements:(server) Pentium class processor with minimum 64 mb RAM, although it did not seem to be RAM intensive Minimum of 30 mb Hard Disk space. You must have at least one tape drive. ARCserveIT supports any drive that is supported under Linux. Restore Basics: ARCserveIT can restore entire hosts, drives, file systems, and volumes. The restore capabilities are flexible enough to backup/restore the data from Linux, Unix, Netware, and Windows servers. In order to restore a host back its original filestate, ARCserveIT must be reinstalled on the system. To perform the restore, pull up the administrative menus ( ), and follow the restore wizard menus. General ARCserveIT Security: ARCserveIT has built-in data encryption functionality to better secure critical data against malicious activities. ARCserveIT also has its own methods of data verification to help ensure data integrity and minimize errors. The security of ARCserveIT is comparable to other backup packages. The http administrative menus have password protection by default. If you are planning to use the http administrative menus remotely, I would suggest adding password protection to the general web directory. This can be done by adding a .htaccess file to the default web directory. ( ie. /opt/ARCservIT/httpd ) - Use htpasswd to generate a password file: # htpasswd .password_file_name username - A general .htaccess file ( located in /opt/ARCservIT/httpd ) should look like: AuthUserFile /path/to/.password_file_name AuthName "ARCserveIT Backup" AuthType Basic deny from all allow from 123.123.123.123
Apr 25, 2000
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More