Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -2 articles for you...
102
information securityreconnaissancenetwork analysisExploring Open Source Intelligence (OSINT) Techniques And Tools For Cybersecurity Applications
Open Source Intelligence (OSINT) is the practice of collecting information from published or publicly available sources for intelligence purposes. . The term ‘Open Source’ within Open Source Intelligence refers to the public nature of the analyzed data; publicly available information includes blogs, forums, social media sites, traditional media (TV, radio, and publications), research papers, government records, and academic journals. The scope of this information is almost infinite, concerning various people, companies, and organizations. Individuals who leverage Open Source Intelligence can span from IT security professionals and state-sanctioned intelligence operatives with ethical intentions to malicious hackers with unethical intentions. Understanding The History of Open Source Intelligence The history of Open Source Intelligence dates back to the emergence of intelligence to support a government’s decisions and actions. However, it was not used in a systematic way until the United States established the Foreign Broadcast Monitoring Service (FBMS) in response to the Japanese attack on Pearl Harbor. In 1947, it was renamed the Foreign Broadcast Intelligence Service (FBIS) under the newly established CIA. In 2005, following the 9/11 attacks and the passage of the Intelligence Reform and Terrorism Prevention Act, FBIS - with other research elements - was transformed into the Director of National Intelligence's Open Source Center (OSC). Since its establishment, the OSINT effort has been responsible for filtering, transcribing, translating/interpreting, and archiving news items and information from many foreign media sources. What Role Does Open Source Intelligence Play in Different Industries? OSINT is essential for many fields, such as law enforcement, risk and fraud management, human resources, cybersecurity, and military operations. It can be used to identify data breaches, uncover vulnerabilities, back up decision-making processes, aid customer due diligence, or help users stayupdated. In business, OSINT can be used for penetration testing, breach detection, ethical hacking, and chatter monitoring. Using OSINT is also crucial when keeping tabs on vast amounts of information. Information technology users using OSINT often target three essential tasks: discovering public-facing assets, discovering relevant information outside the organization, and collecting and grouping discovered information into an actionable form. By finding public-facing assets using OSINT, IT professionals can find information that anyone can find on or about a company's assets without resorting to unethical means such as hijacking. Using OSINT to discover relevant information outside an organization helps IT professionals expand from exploring only tightly defined networks, thus increasing their scope of discovery. Using OSINT tools to help collect and group this discovered information helps shape this information into more valuable and actionable intelligence. Within fraud detection and prevention, OSINT can be used as manual review support for anti-fraud systems. For instance, if an anti-fraud system’s ruleset was insufficient to assess the case correctly, OSINT can be used as a backup assessment. OSINT can also search carder forums or the dark web to see what information is trending and what professionals should prepare for. What Techniques Are Used in Open Source Intelligence? OSINT reconnaissance involves using publicly available resources to gather information on a person or organization. OSINT reconnaissance techniques fall into three categories: passive, semi-passive, and active. Passive reconnaissance often involves searching the web using applications such as search engines. This reconnaissance method is hard to detect since no direct engagement is involved, and only archived information is collected. Semi-passive reconnaissance usually consists of searching the web to find data, but can also utilize software solutions to non-intrusively gather information. Active reconnaissance is when data iscollected directly from the target, offering more accurate and timely information. This type of probing can be detectable. The best reconnaissance technique is dependent on the organizational needs of a team. However, following a general process helps lay the foundations for effective intelligence gathering. The Open Web Application Security Project (OWASP) outlines this 5-step OSINT process. This process begins with source identification, where we can find the information for the specific intelligence requirement. Next comes harvesting, collecting relevant information from the identified source. Data processing deals with processing the identified source’s data and extracting meaningful insights. The analysis step combines the processed data from multiple sources. Reporting is the last step, creating a final report on the findings. Using OSINT investigative skills , such as identifying visual clues in photos (e.g., terrain, architecture, shadows, street signs) and leveraging tools like Google Earth or reverse image search, investigators can geolocate images effectively to uncover critical insights, enhancing their OSINT investigative expertise. What Types of Open Source Intelligence Tools Exist? OSINT tools can be divided into three main categories. Discovery tools are used to search for any information that might be found on the web. Good discovery tools can be as simple as search engines. Scraping tools ensure only the required information is filtered through for extraction to a database. Scraping tools are helpful in hiding the presence of bulky data transfers and preventing irrelevant information from mixing with relevant information. Aggregation tools help combine related information from scraping tools to display a clearer picture of what the data represents, all in a presentable format. These can be instances of relations and connections between datasets. There are many free and paid open source intelligence tools available for a variety of purposes, such as searching metadata andcode, researching phone numbers, investigating identities, verifying email addresses, analyzing images, detecting wireless networks, and analyzing packets. However, some of these tools are limited by a paywall. Here is a list of the latest open-source intelligence tools that are free and can be used to their full potential: Nmap Scraping Tool Nmap (Network Mapper) is a free, open-source tool for vulnerability checking , port scanning, and network mapping. It allows you to scan your network and discover everything connected to it, and a wide variety of information about what’s connected and other valuable information. At its heart lies port scanning, which is helpful for administrators. Nmap utilizes a large number of scanning techniques, such as UDP, TCP connect (), TCP SYN (half-open), and FTP. It also offers various scan types such as Proxy (bounce attack), Reverse-ident, ICMP (ping sweep), FIN, ACK sweep, Xmas, SYN sweep, IP Protocol, and Null scan. Nmap can also do limited deployments of network port scans or scheduled network port scans, which is helpful since massive port scans would likely trigger security alerts by the target. Users can control the depth of each scan with light or limited scans for information regarding the port status or more detailed scans for relaying information about the operating systems using these ports. Nmap can do operating system detection via TCP/IP fingerprinting, stealth scanning, dynamic delay and retransmission calculations, parallel scanning, detection of down hosts via parallel pings, decoy scanning, port filtering detection, direct (non-portmapper) RPC scanning, fragmentation scanning, and flexible target and port specification. These qualities make Nmap very versatile. Previously, controlling these scans used to require training in console commands. However, with the new Zenmap graphical interface , experienced admins can more easily use commands to help them identify a target. This makes Nmap a helpful tool for experts and professionals involved inpenetration testing. However, the tool is still very technical and not recommended for novice users. Use Scenario: A user wants to use Nmap to identify a host’s operating system. They want to identify the host’s operating system because they are performing an inventory sweep of their network and want to identify any older assets. The user uses the- A switch to determine the OS for a remote system. For example, running: $ nmap -A localhost. yields an output that says the host is running Linux 3.7 - 3.9. Using Nmap, the user could identify that the host was running a deprecated operating system. Wireshark Scraping Tool A packet analyzer tool, Wireshark, effectively lets users put their network traffic under a microscope, allowing them to zoom in on the root cause of a particular problem. Wireshark captures network traffic on local networks such as Ethernet, Bluetooth, Wireless (IEEE.802.11), Token Ring, etc (packet capture). It then breaks the packets of these local networks down (filtering) before storing the data from these packets for purposes such as offline analysis (visualization). Wireshark has many uses within the industry, such as network analysis and network security. For instance, network administrators may use Wireshark to troubleshoot network problems, while network security engineers may use Wireshark to examine security problems. Quality assurance engineers may use Wireshark to verify network applications, while developers may use it to debug protocol implementations. Beyond these uses in the industry, Wireshark can also be used as a learning tool. Those new to information security can use Wireshark to understand network traffic analysis, how communication occurs when particular protocols are involved, and where it goes wrong when certain issues present themselves. Wireshark can also help novice users learn more about network protocol internals, such as those concerning TCP/IP. However, to properly use Wireshark, a user should first learn exactly how a network operates,such as understanding the three-way TCP handshake and various protocols, including TCP, UDP, DHCP, and ICMP. Use Scenario: A user has an issue with their home network; their internet connection is very slow. Using Wireshark, the user drills down into a packet to identify a network problem. They discovered quickly that their router thought a common destination (Youtube) was unreachable using the Wireshark interface. The issue was easy to find since Wireshark’s interface marks any packet in black to reflect an issue. Once realizing this, the user restarts the cable modem to fix the problem. GHunt Discovery Tool This OSINT tool allows users to analyze a target’s Google history based on factors such as a Gmail address. From a Gmail address, GH unt can extract the target’s name, Google ID, Youtube account, and active Google services. GHunt can also discover a target’s phone model and make, firmware and installed software, public photos, and even the target’s physical location with the right data. Within the industry, white hat hackers and penetration testers may use Ghunt to test whether the emails they find are reasonable and whether they can leak other information. However, they can also be used for threat hunting to identify and track threats. This tool can also be used to understand the extent of a user’s or business’s internet footprint. These qualities make GHunt a great threat intelligence collection and attack simulation tool. Use Scenario: A user’s friend has been receiving strange messages from a “secret admirer” through their email. These messages contain statements that make them feel uncomfortable. The user decides to find the identity of this “secret admirer,” but cannot find their name from the Gmail address alone. The user chooses to use GHunt to investigate their Gmail account. By typing: $ python3 hunt.py
Sep 04, 2025
•
102
information securityopen sourcedatabaseRavenDB 5.0: Security-Focused NoSQL Database Meets Open Source Innovation
RavenDB is at the forefront of data management innovation - leveraging open-source development and an intense focus on usability to offer efficient, versatile and highly secure database services to business application developers worldwide. The latest release of the open-source NoSQL document database, RavenDB 5.0, accommodates both local and hosted environments, and adds time series support and document compression to its robust feature set. . As open source security enthusiasts, we are particularly interested in RavenDB’s open-source approach to managing and securing data - and how this approach has enabled RavenDB to surpass competitors in areas including usability, integration and data security. To gain an in-depth understanding of the company’s latest release, we spoke with RavenDB Founder, CEO and Lead Developer Oren Eini about the defining features of RavenDB and RavenDB Cloud, some notable use cases, security considerations - and more. Secure, User-Friendly Data Management for Both On-Premise and Hosted Environments Through RavenDB 5.0 and RavenDB Cloud , the RavenDB 5.0 release brings efficient, integrated and highly secure data management supported by a robust feature set to both on-premise and database-as-a-service clients. All of the purpose-driven components that comprise RavenDB 5.0 were built from the ground up - resulting in a database that is fast, fully integrated and widely available. RavenDB also offers enhanced data security through usability - a defining characteristic that sets the database apart from its competitors. The company uniquely views support as a cost center as opposed to a revenue center. Insight gained through RavenDB support calls is used to modify the database to make such calls unnecessary in the future. Eini explains, “Viewing support as a revenue center disincentivizes vendors to create user-friendly products, which has drastic negative implications for data security. Usability and security are closely tied. Database breaches continuallydemonstrate that having complex security is equivalent to having no security at all.” Eini elaborates, “Our approach to security embodies operational simplicity and automation.” The Power of Community Another defining characteristic of RavenDB is the company’s transparent, open-source approach to development. Eini feels that RavenDB’s use of the open-source development model has both contributed to the popularity of the database and greatly enhanced its feature set. He explains, “Feedback provided by members of the open-source community has been pivotal in improving RavenDB. It is extremely beneficial to be able to engage in a proper discussion with a customer, and the fact that our entire codebase is open-source and available in our code repository has made it easy to get to the root cause of issues quickly.” Eini adds, “Being a part of the open-source community has also enhanced the features we offer. RavenDB’s automatic indexing support and transparent data encryption, for instance, were created by the open-source community and are now among the database’s central features.” The release of RavenDB 5.0 adds two key new features to a rapidly-expanding list: time series support, which enables users to track time serie s data, and document compression, a feature that analyzes documents to identify commonalities between them and efficiently compresses data between documents. The document compression feature cut cloud storage costs in version 5.0 by an impressive 50%. RavenDB vs. RavenDB Cloud: How Do The Two Compare? RavenDB 5.0 and RavenDB Cloud make the RavenDB 5.0 release ideal for developers looking to deploy an on-premise database, as well as those seeking a hosted platform. Eini explains the benefits of both scenarios, “For some users such as healthcare and financial institutions, having full control over the entire stack is important. Others need a database that can be deployed on the edge, where connectivity isn’t assured. For these users, the ability todeploy on location, without any external requirement, is very important.” He elaborates, “Running on cloud enables developers to push all the operations overhead to someone else, making it much easier to provision and make changes on the fly.” That being said, the on-premise and cloud versions of RavenDB are essentially identical, both running the same binaries and offering the same capabilities. In terms of security, both take similar measures to protect sensitive data, including X509 certificate authentication and encryption of all data over the wire, the ability to limit connections to specific IP addresses or ranges at the network level and full auditing support for all operations. RavenDB Cloud integrates a selection of additional awareness behaviors and automated security measures. Environmental information is incorporated into RavenDB instances to allow them to better calibrate themselves to environmental factors. For example, when using burstable instances, RavenDB Cloud reports the status of CPU credits to reduce background tasks when running low. In RavenDB Cloud, backups are encrypted by default, whereas the on-premise version of RavenDB requires users to select an encryption key if the database is not already encrypted. Despite these differences, Eini feels that the level of security that users can expect from RavenDB Cloud and RavenDB 5.0 is roughly comparable. He reflects, “The main difference is the additional steps that on-premise users have to go through. With RavenDB Cloud’s fully-managed services, virtually everything is done for the user.” He adds, “With both versions, we pay a lot of attention to the security of the system in general.” Although RavenDB Cloud offers a high level of convenience through increased automation and fully-managed services, the majority of RavenDB customers run on-premise or edge systems. Over 70% of these systems run on Linux, with the rest running on Windows servers. It is very common for RavenDB to be deployed on the edge. “RavenDBcan operate in a disconnected manner, but the data will be synced to a central location - usually on the cloud,” Eini explains. “We have a customer who has deployed RavenDB inside industrial robots running Raspberry Pi and another running RavenDB in a Point of Sale system.” RDI Software, a landmark RavenDB customer, has deployed the database on edge to over 36,000 restaurant locations, where the platform processes upward of 500,000 USD per minute. The company has a unique requirement for a database: robustness above all else. “The typical employee for a fast food restaurant is a teenager on minimum wage - not exactly your ideal IT worker. As such, we have to deal with very old hardware, used in often hazardous environments and operated by people with very little experience”, Eini explains. He elaborates, “RavenDB has been used in this capacity for over half a decade, because it is able to handle this situation and doesn’t require constant supervision. In particular, RavenDB’s zero admin capabilities mean that the database is able to adjust, independently, to each individual environment and behavior.” The Bottom Line RavenDB’s transparent open-source approach to data management and intense focus on operational simplicity make the database ideal for security-conscious users looking for a fast, user-friendly platform for business application development. Through RavenDB 5.0 and RavenDB Cloud, the RavenDB 5.0 release brings security, usability and efficiency to local and hosted environments alike. Visit ravendb.net to learn more about the database, and to download RavenDB 5.0 or RavenDB Cloud . Connect with RavenDB on social media: Twitter | Facebook | LinkedIn . RavenDB 5.0 is an advanced NoSQL database that enhances security, usability, and fosters open-source development, making it ideal for modern programmers. RavenDB, NoSQL Database, Data Management, Open Source Security. . Brittany Day
Oct 19, 2020
•
102
network protectionsystem hardeninginformation securityInitiating Your Journey With Linux Server Security and Optimal Safeguarding
Are your Linux servers secure? No machine connected to the internet is 100% secure, of course. In the words of security guru Bruce Schneier: “Security is a process, not a product.” However, this doesn't mean that you are helpless. Although cyber attacks, hacks and breaches are sometimes unavoidable, all system administrators and users can take definitive measures to mitigate their risk online. . A Linux system is like a house. It’s easy to keep the windows and doors always closed, but controlling when and how they get opened is an ongoing challenge. And the fact that poor administration and misconfigured servers are to blame for the majority of exploits on Linux systems is evidence that many system administrators are failing to meet this challenge. This introductory guide will explore the fundamentals of information security and explain how these principles can be applied to evaluate and improve the security of your Linux servers. Linux: An Increasingly Popular Target Among Cyber Criminals Due to its growing popularity, Linux is increasingly being targeted in dangerous campaigns - despite its heralded security. Threat actors have come to view Linux servers as yet another viable target that often provides a valuable return on investment. Unfortunately, 2019 and the first half of 2020 have been filled with emerging malware variants targeting Linux servers - and a plethora of resulting security news headlines harping on how “insecure” Linux is. But if you investigate a bit, you’ll find that many of these stories are fake news, and that the underlying issue is incompetant system administrators. After all, regardless of the OS that you're running, if you’re failing at security, it doesn't matter how “secure” your OS is. For instance, the recent BootHole vulnerabilities that dominated security news coverage required admin access to exploit, making them very dangerous to an already hacked system. What was almost always overlooked in the coverage of BootHole was that ifsomeone has root access to your system, you’re already in serious trouble! The good news for Linux users is that in reality, despite the uptick in threats targeting Linux servers, Linux remains an exceptionally secure OS - especially when using a specialized secure Linux distro . The transparency of Linux source code and the constant scrutiny that this code undergoes by a vibrant global community results in the rapid detection and elimination of security vulnerabilities and potential exploits. In comparison, security flaws generally remain undetected for significantly longer in closed-source proprietary code. Malicious actors recognize and exploit this, directing the majority of their attacks at proprietary software, platforms and operating systems. That being said, the rise of Linux malware should serve as a much-needed wake up call for the security industry to invest additional resources in threat protection, detection and response. What Is a Security Framework? A security framework outlines the basic steps in the life cycle of securing a system. The following illustrates the framework needed to establish and maintain a secure system: [ Risk Analysis ] [ Business Requirements ] | [ Security Policy ] | [ Security Service, Mechanisms, and Objects ] | [ Security Management, Monitoring, Detection and Response ] ‘Risk Analysis’ is the process of identifying and analyzing potential issues that could impact the security of a system, while ‘Business Requirements’ deals with the actual requirements for conducting business. These two components address the business aspects of s security framework. The ‘Security Policy’ is the theoretical aspect of a security framework, and defines what it means to be “secure”. ‘Security Service, Mechanisms and Objects’ is the implementation aspect of security, and ‘Security Management, Monitoring, Detection and Response’ is the operational facet of security, which covers the specifics ofidentifying and reacting to a potential security breach. When looking to secure your system, there are a selection of benefits associated with establishing a security framework: Helps administrators understand the security status of their system Communicates cybersecurity requirements with superusers and users Identifies opportunities for new or revised standards Assists in prioritizing improvement activities As you can see, developing a security framework is a worthwhile investment for any system administrator looking to improve the security of his or her system. Information Security Basics: Breaking It Down Information security, or the process of protecting information against unauthorized use, can be broken down into two parts: (1) Physical security / host security and (2) Network security. Each of these components has three facets: Protection: Slow down or stop intrusions or damage Detection: Alert someone if a breach (or attempted breach) of security occurs, and quantify and qualify what sort of damage occurred or would have occurred Recovery: Re-secure the system or data after the breach or damage has occurred and, where possible, undo whatever damage was done Host Security/Physical Security This type of security involves protecting the server from unauthorized access. Physical security/host security can be achieved by password protecting the physical server with steps such as setting up a bios password, placing the box in a locked room where only authorized users have access, applying OS security patches, checking and correcting the permissions on all OS related files and reviewing logs on a regular basis for any signs intrusion or attacks. Tips for Improving Host Security: Protect your systems with strong passwords Check the file systems and set correct permissions and ownerships on all directories and files Apply security patches to vulnerable software Remove all unnecessary ttys and console logins by removingthe entry from /etc/securetty Check system logs (eg: /var/log/messages, /var/log/secure, etc.) Set a password on the boot loader Monitor the system Network Security Network security is one of the most important aspects of overall security. As mentioned above, no machine connected to the Internet is completely secure - so security administrators and server owners must always be alert and ensure that they stay informed of the latest security bugs and exploits . Failure to keep up with these vulnerabilities leaves users at risk of breaches, hacks, malware and other dangerous cyber attacks. Advice for Improving Network Security: Use custom security scripts which will send out notifications when sshing as root, creating a user with uid of 0, etc. Set up an idle timeout, so that idle users will be logged out after a certain amount of time. Restrict direct root login (comment out the PermitRootLogin login option in sshd_config). Limit user’s resources (using pam, specify the limits for each user in /etc/security/limits.conf). Hide the server details. Remove /etc/issues and /etc/issues.net, for example. Install a firewall (eg: apf and iptables) and only allow ports that the box needs for its normal functions to operate; block all other ports to prevent mischief. Deploy honeynets for intrusion detection. Restrict ssh to specific IP addresses and specific users. Use a quality VPN (like Wireguard ) to encrypt data between you and your server. Check router firmware for security vulnerabilities and eliminate potential bugs with a Linux firmware replacement . Organizations that require greater control over hardware, network segmentation, and resource isolation often deploy bare metal servers to reduce shared-environment risks and strengthen the overall security posture of critical workloads. Security is an Ongoing Balancing Act Maintaining a secure system is an ongoing process. This process is all about balancing trade offs:administrators must continuously weigh investments in security with the costs and potential impacts to system performance and user productivity. Optimal security is a delicate balance of cost, user experience and risk. And all of these factors are constantly changing - digital threats are ever-evolving, users’ expectations shift and growing demands of infrastructures alter the environment being secured. The challenge is to fully understand these factors, how they impact each other and how they are changing, and to determine the amount and types of security needed to best meet the expectations of all parties involved. Getting Started with System Hardening System hardening - or the process of securing a system by reducing its surface of vulnerability - is essential to establishing and maintaining a good security posture. Some methodologies and best practices for hardening your Linux system include: Keep up to date on security news by subscribing to our Linux Security Week newsletter , which summarizes the week’s most relevant open-source security news. Create a good security policy. Conduct security audits on the basis of this policy. Keep your OS updated by applying all patches. Install a custom kernel with all unwanted services removed and patched. Disable all unwanted services and harden the services you leave running. Change file and directory permissions to tighten security. Install a firewall and create good rule sets. Test and audit the server on a regular basis (covered in more detail below). Install an intrusion detection system and a log monitor. Make your partitions secure. Run a good backup system to recover data in case of an intrusion, crash or other type of destructive incident. Install a log analyzer and check your logs frequently for any suspicious entries. Install scripts to send out mail or enable notifications when a suspected security breach occurs. After a security breach, try to find out how, when and through what the breachoccurred. When you find a fix for it, document the details for future reference. Security Audits: What Should be Checked? A security audit aims to identify any vulnerabilities present in a system and suggest actions to improve these flaws. In a normal audit, the points below should be checked. A report with the results of this audit should be created. Check intrusion detection . Use chkrootkit or rkhunter for this purpose. Check for known bugs in the software installed on the server - the kernel, openssl , openssh , etc. Scan all network ports and find out which ports are open. Report the open ports that should not be open and the program that is listening on them. Check whether /tmp is secured. Check for hidden processes. Check for bad disk blocks in all partitions. Check for unsafe file permissions. Check whether the kernel has a ptrace vulnerability. Check the memory. Check if the server is an open email relay. Check if the partitions have enough free space. Check the size of the log files. It's better that the log size remains in megabytes. How To Determine if You’re Being Hacked? If you suspect that your system has been compromised, here are some very basic steps you can take to determine if you’re being hacked: Check if your performance has degraded or if your machine is being overused. Check if your server has any hidden processes running. Install an intrusion detection system (IDS) like OSSEC or Snort to detect anomalies in network traffic. Use intrusion detection tools like chkrootkit or rkhunter to check your system for rootkit infections. Check your machine’s uptime. Identify unknown processes and determine what they are doing. Monitor users’ activity using commands “w” or “who”. Check network traffic by running the command “iftop” with sudo. The Bottom Line Security is of utmost importance to a server - compromising on server security is compromising on thesecurity of your system as a whole. Hence, a solid understanding of information security is a prerequisite to successful server ownership and administration. Security is a continuous learning process - mistakes are inevitable, and can provide valuable insight for the future. Thus, it is critical that administrators take the time to fully understand both their successes and failures - enabling them to identify what is working and where there is room for improvement. The host of recent attacks exploiting Linux systems has brought both the prevalence and the impact of poor system administration to light, and has shown the importance of diligently monitoring servers for anomalies or signs of compromise. It is time for system administrator to make server security a priority. Have additional questions about securing your server? Leave them in the comments below - we’d love to help you out! . Discover the fundamental strategies to robustly safeguard Linux servers using key methodologies and essential security protocols.. Linux Server Security, System Hardening, Information Protection. . Brittany Day
Aug 31, 2020
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More