Stay Ahead With Linux Security Features
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
cloud security security monitoring Linux rootkits are old, but they never really disappeared. They just stopped attracting the same attention. . Most malware wants to execute and spread. A rootkit wants to stay invisible long enough that nobody notices the compromise until the damage is already done, and on Linux systems, that still works more often than many teams are comfortable admitting. That difference matters because modern infrastructure runs heavily on Linux underneath. Cloud workloads, ESXi hosts, telecom appliances,...
Jun 01, 2026
access control open-source A production Linux server gets rebuilt from an old image. A contractor leaves. A CI/CD job is retired. Months later, the same SSH public keys are still sitting in authorized_keys, silently trusted by root or a service account nobody owns anymore. . That is how SSH key sprawl usually happens. It rarely stems from one obvious failure. Instead, it accumulates through years of small access decisions that never expire. For attackers, those forgotten keys are not clutter; they represent silent SSH...
May 27, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
data protectionaccess controldatabase securitySecuring MySQL & MariaDB: Data Breach Prevention Best Practices
Data leaks are extremely prominent in the cyber world due to lack of proper or adequate security implementation. Securing databases is an essential practice to ensure that consequences such as data loss to even unauthorized access or system downtime is avoided. . There are many challenges when it comes to database security, as the more accessible a database is, the less secure it is. Some of the common security challenges when it comes to database security include human error, malware, physical location security, and software vulnerabilities. However, there are many steps that can be taken to ensure that a database is secured, and therefore avoid any of the issues mentioned above. Moreover, database encryption is an essential step in securing all data. Linux has a variety of tools that can be used to guarantee database security. In this article, we will be introducing some of these tools that can be used for database assessment and others that will help in securing these databases. MySQL & MariaDB Database Best Practices MySQL and MariaDB are some of the most popular database servers used today. While the flexibility and scalability of these servers make them very popular choices among organizations of all sizes, they still have security issues that can be discovered and exploited by attackers. Some of the common security threats include DDoS attacks, SQL injection attacks, Man in the Middle attacks, weak passwords, data corruption, race condition, mismanagement of account access, as well as the occasional vulnerabilities. Fortunately, there are many practices that can be adopted to be able to avoid these security concerns. Encryption Encryption is one of the most effective and important practices that should always be used when storing data. MySQL and MariaDB can both encrypt the data directly or encrypt the container it is held in. For MySQL, some of the tools that can be used for encryption are asymmetric encryption, symmetric encryption, public/private key generation, digitalsignatures, and transparent data encryption. As for MariaDB, there is at-rest data encryption, in-transit data encryption, TLS/SSL certificates, and Cipher Block Chaining. Moreover, to ensure database security, other useful practices to keep in mind are conditional access, and auditing. For conditional access, it is always useful to apply least privilege. It is very important to only grant the least amount of privileges needed for a user to be able to complete the job. As for auditing, there are a range of tools that can be used to audit databases such as ClusterControl and Cloud SQL for MySQL, while MariaDB has its own audit plugin that can be used. Restrict Access & Customize Default Settings The next steps to take to secure a MySQL database should include removing default accounts, port mappings, and customizing default settings. It is very critical to remove the test database as all users have full access to it. Remote access should also be restricted. Network access should only allow the minimum required, as is the case for many security practices, including the mentioned least privilege approach. All remote access should be monitored and controlled. Ensure that Servers Are Physically Secure An important step that is frequently ignored is making sure the servers are physically secure. If you are using cloud providers such as AWS, GCP, or Azure this is automatically covered. One of the most essential steps in securing anything, not just databases, is ensuring the use of strong authentication credentials. Weak passwords can be easily brute-forced granting attackers access to the servers. Therefore, make sure only strong passwords are used that contain a mix of upper-case and lower-case characters, numbers, and special characters. Moreover, authn and authz, which refer to authentication and authorization, allow you to control user access to elements within the database. Use Database Security Assessment Tools A critical step to take to secure a database is using database securityassessment tools. These tools review the environment of a database and recognize the threats that are present in the environment. Other than just highlighting the existing vulnerabilities present in the environment, these tools also assess the implemented security measures to check for effectiveness. I will be introducing five of the top Linux database security assessment tools to use for ensuring you have a secure database. SQLMap SQLMap is a python-based open-source SQL injection tool. This is a great tool to use as it offers a variety of features. These features include detecting and exploiting different types of injection attacks, brute-forcing password hashes, uploading or downloading files from the database, can be used to directly connect to the database through SQL injection, and is customizable. SQLNinja SQLNinja is a Perl-based tool that can be used with applications using Microsoft SQL servers as their backend for exploiting SQL injection vulnerabilities. SQLNinja features include the ability to fingerprint remote SQL servers, data extraction, upload executables, exploit injection vulnerability to gain access to the database, brute-force passwords using dictionary attacks and privilege escalation attacks if brute-force is successful. BBQSQL BBQSQL , like SQLMap, is an open-source python-based tool. BBQSQL is used to exploit SQL injection vulnerabilities and focuses on blind SQL vulnerability. This tool requires certain information to be used, which include URL, HTTP method, cookies, and so on. However, it is a great tool as it is very fast in finding and exploiting vulnerabilities, it is customizable, it carries out input validation on all configuration options, and it can even patch the detected vulnerabilities.JSQL Injection JSQL Injection , as the name indicates, is also an SQL injection tool that is java-based. It can be used to find and exploit injection vulnerabilities. It can be used across 33 database engines, carry out multiple types of injectionattacks, create a web shell and SQL shell on a remote server, used to brute-force hashes, and much more. OScanner OScanner is an Oracle assessment framework that is java-based. It can be used for SID enumeration, brute-force passwords, enumerate version, account roles, privileges, and password policies, audit information, and database links. OScanner gives the results in a graphical java tree format. These tools that we have mentioned are critical in ensuring that your database is secure. They can be used to check what steps need to be taken to make sure databases are secure, and they can also be used after taking these steps to evaluate the effectiveness of the procedure followed. Installing, Configuring, & Securing MySQL &MariaDB Databases To install the database, start with typing sudo apt-get install mysql-server in the command line. Once that is complete, type sudo mysql_install_db . Next, run sudo mysql_secure_installation . This step is essential as it will remove some defaults that present security threats. Once that is complete and the database is installed, we can start on the next steps to improve security of the database. To begin with, we need to change some settings in the my.cnf file which is the main configuration file for MySQL. To do that, we first run sudo nano /etc/mysql/my.cnf . Make sure that the server is not accepting connections except from the local machine by checking the bind address setting, which should be bind-address = 127.0.0.1 . A more secure way to connect to other machines would be through SSH. Next, we will be adding local-infile=0 to patch a vulnerability that allows access to the underlying file system. As we have mentioned previously, a security practice that should be implemented is auditing. While there are many tools to do that, we can do it by adding log=/var/log/mysql-logfile . The log files should not be world readable by running sudo ls -l /var/log/mysql* . This will show the permission for the log files. If you want tochange those permissions, you can do that by using the chmod command. However, as mentioned before, least privilege should be applied and users should only be granted the minimum access needed. Moreover, there are more steps that can be taken while using MySQL to improve database security. After logging in by typing mysql -u root -p and entering the password, start by securing passwords and host associations. This is done by first making sure there are no users that do not have a password. Run SELECT User, Host, Password FROM mysql.user; . If the results return a user with no password, you can add a password by running UPDATE mysql.user SET Password=PASSWORD(‘newpassword’) WHERE User=”user-name”; . While the steps taken to install the database should have eliminated any blank users, we can still make sure there aren’t any of them by running DELETE from mysql.user WHERE User=’’; . Once we are done running the previously mentioned commands, we run FLUSH PRIVILEGES; to implement the changes. If you want to change the specific permissions for specific users, this can be done by running GRANT SELECT, UPDATE, DELETE ON dbname.* to ‘username’@’localhost’; . To change these permissions we can run something like REVOKE UPDATE ON dbname.* FROM ‘username’@’localhost’; . The command FLUSH PRIVILEGES; needs to be run in order to implement the privilege changes. To check for the current user privileges, you can run SHOW GRANTS FOR ‘username’@’localhost’; . Another practice that could be very helpful in ensuring a database is secure is changing the username of the root user. This will help by making the attacker have to go through a lot more to be able to find the new username rather than just use the preset name of “root”. To do that we can run rename user ‘root’@’localhost to newusername’@’localhost’;. Like the previous commands, FLUSH PRIVILIGES; needs to be run to implement the change. Conclusion As I have mentioned, data breachesand leaks are one of the most prevalent cyber incidents. These leaks include all types of sensitive data that should not be revealed. There are many steps that can be taken to ensure Linux database security, and therefore, avoid data breaches or leaks. These steps include best practices that are useful in ensuring a safe and secure database server by auditing, encryption, and other methods which include applying least privilege, using strong credentials, removing default accounts, port mapping, restricting remote access, physically securing servers, and changing default settings. . Database integrity demands secure encryption, stringent access management, audit frameworks, and strong password policies to protect against unauthorized access.. Database Security, MySQL Best Practices, Cyber Threats, Encryption Tools, SQL Injection Prevention. . Zaid AlBukhari
Nov 07, 2022
•
102
security advisorypassword managementpenetration testingLinux Security Resolutions: 2005 Best Practices for Administrators
As a preface to this paper, I wanted to take a moment mourn the loss of the many tsunami victims worldwide. Our thoughts and prayers are with each of the victims and families. Donations to help in the relief effort can be made through the following organizations; World Vision ; American Red Cross ; Oxfam ; and many others. . Introduction Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide. Whether it be physical terrorism, or malicious acts of information security, we have all raised our level of awareness. For many across the world, the new year brings a sense of rebirth and recommitment. All of us take time to reflect on the past year, reexamine our lives, and focus on how we can do better the upcoming year. Some have career related goals, others only wish to make more time for their family because of the realization that those close to you are in fact the real and only reason for everything. Personally, I am one who loves to set goals. Without a mission and plan, very little gets accomplished. The new year should not only be a time to set personal goals such as an exercise regiment, but also a time to focus on security practices and configurations. 2005 will be hostile, now is the time to prepare. Reflect on Present Those of us long-time security gurus always chant the mantra "security is a process, not a product; repeat." The new year should be a time to refine that process. Take a moment to analyze and ask the following questions: Are we doing everything the way we should? What areas of our operation need to be improved? Are we following security best practices? Do I feel confident about our security practices? Do I have metrics to provideassurance about our security? Are we proactive, or do we always seem to be catching up? Although many network environments are similar, it is important to keep the questions as broad as possible. It is necessary to reflect on the overall picture of security. Some of you may be responsible for hundreds of servers, others may only keep a hobby-server running on a DSL line. Security should be important to all in every situation, and many of the broad concepts of security are the same. For example, the first question says "Are we doing everything the way we should?" Although simple, and warrants only a YES/NO response, it is loaded with other questions. One of the most obvious ones, do you take shortcuts? I'll admit, I'm sometimes guilty. Rather than taking the time to do something completely right the first time, I focus all of my time on functionality, and once it is working, move on to more pressing matters. One must be dedicated in making sure that severs are setup and configured in the most sound way possible. It's not enough for something just to work; it should be configured to reduce as much risk as possible. One of the more pointed questions above is about security confidence. While too much confidence can lead to disaster, too much paranoia can drive someone mad. The obvious balance is in the middle. Security personnel should strive to be confident, but paranoid. It sounds like an oxymoron, but its not. It is important to have faith in one's own system, but always be aware and ready for emerging threats. For example, early 2004 was inundated with Linux kernel vulnerabilities. Although I was confident that my EnGarde Linux servers would hold up; I didn't ignore the bugs completely. It is important to keep up with vulnerability news and apply patches when available. Confidence(trust) can be obtained through good security practices. Using standards such as BS7799/ISO17799, ISF Best Practices, as well as others can help establish a program for building securityconfidence. Documentation such as the Linux Security Howto, Linux Security Administrators Guide, as well as NIST's dozens of configuration guides can ensure software has been setup and configured properly. Its not enough just to be confident. One must have assurance that the systems in place will provide adequate protection for its information assets. Weather its trade secrets to protect, or just protecting a website from defacement, the information security principles are the same. Layer, layer, layer! Provide multiple levels of security through authentication, access control, network traffic regulation and segmentation, and the use of strong cryptography. Know your system inside and out by monitoring logs, system events, as well as understanding legitimate activity. Being able to quantitate the number of failed unauthorized attempts provides a level of assurance and demonstrates the value of each security control. A proactive security process is a combination of knowing your assets, knowing your systems, understanding its threats and vulnerabilities, while working in a prioritized manner to reduce the risk of each. A Security Resolution Rather than focus on management related security issues such as policy development, security awareness & training, and risk analysis, I am writing resolutions that can be directly applied by system administrators. Also, please beware that the issues I touch here are by no means a complete list of security issues that should be examined. I would be writing for weeks if I attempted to cover all issues that affect Linux administrators. Change Passwords/Keys: We all have our favorite passwords and passphrases. We get comfortable with them and become reluctant to change them. For many, it is a huge job. However, maintaining fresh passwords is important to the security of a system. Using the same root password for three years is simply unacceptable. Make it a habit to change major password regularly. If you haven't done it recently, change themnow. Apply System Patches/Keep Software Up-to-Date: Yes, all of us can get lazy, but that is simply no excuse if you wish to maintain a secure system. Vulnerability advisories are released by Linux vendors every day, it should be top priority to test and then apply appropriate patches to production systems. If it is just simply too much work to apply them manually; consider subscribing to an automated distribution service such as those offered by Red Hat and Guardian Digital. Analyze Accounts/Permissions: It has been said that a large number of corporate information security break-ins are a result of stale user accounts. Do you have accounts left on your system for people that quit or were fired six months ago? If so, that's a huge risk. Perhaps quarterly, review the accounts on your system and verify their necessity and validity. It is also important to review file critical file permissions. Sometimes testing a system warrants a permission changes, and then an administrator forgets to set it back to its original state. Review Backup/Restore Procedures: Are the systems being backed? If on tape, how old are the tapes? Have the tapes been verified to ensure that they are actually backing up the correct data, and do the restore procedures work? In an emergency, one does not have the luxury of spare time. It is important to sort through the problems beforehand. Review Logs/Intrusion Detection: Are there procedures in place to periodically review system activity? Nearly every system keeps some form of logs, but very few administrators actually review frequently. Now is a good time implement an automated alert system and refine exactly what information is logged and determine responses to specific events. Physical Security: Ensure all system are running in a safe and secure operating environment. Is the room adequately cooled and ventilated, is it connected to a UPS, is the room locked physically? Physical access to a system opens the door of vulnerabilitymuch wider. Use Encryption: These days, there are no excuses. We should all be using GnuPG to sign and encrypt emails. The software is free, its easy to use, and provides a high level of security. When e-mailing sensitive information to fellow administrators, using cryptography should be a no-brainer. Penetration Testing: After hardening your severs, put them to test. With the advent of OSSTMM (Open Source Security Testing Methodology Manual), light penetration testing is possible for everyone. Using the techniques in OSSTMM and learning to think like the enemy is a skill that can help and administrator improve security greatly. Document Configurations/Settings: There's not much worse than loosing application configuration settings. Security often requires a lot of tweaking, which is easy to forget. Document the settings in critical applications to ensure that the system can be restored in the event of corruption. Learn Something New: What have you just been itching to know about? Have you always wanted to setup a honeypot, or learn more about SELinux? Now is the time! Rather than keep pushing it off to 'when I have time,' setup a schedule to begin learning about it. None of us have three hours a day to dedicate to reading, but all of us can make five minutes. As months pass, knowledge will accumulate and you'll be a well-rounded administrator. Final Remarks It has been another great year, and I look forward to the next. To have a successful and productive year, planning is the key. Whatever your security challenges be, now is the time to address them. We've all been there. Get help by asking questions in forums, asking colleagues, reading howtos, etc. The information is out there, it is up to you to take the initiative. . Fortify your Linux system security by implementing key strategies for robust installation and ongoing upkeep.. Linux Security Practices, System Hardening Techniques, Secure Setup. . Benjamin D. Thomas
Dec 30, 2004
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More