Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
system updateroot accessdisk encryptionEnhance Security On Ubuntu 22.04: Encrypt Drives, Update, And More
Thanks to the fact that Linux is open-source, it is one of the most secure operating systems available . However, it is not perfect—like any software, it is open to exploits and there is a lot that can be done to improve its security. Improving the operating system is not just for experienced users—there are some simple things that everyone can do to make Ubuntu Linux more secure. . Encrypt Your Hard Drive While a strong password is important for keeping your computer locked, it is not a foolproof way to keep your files secure—an experienced Linux user can access the files from a stolen laptop without a password. However, encrypting your hard drive makes it so that the password is not just a key to your computer but a code that is essential to accessing your files—without the password, any files that a hacker steals are impossible to read. Unlike the other tips in this article, full hard drive encryption must be done during Ubuntu’s installation—while it is possible to encrypt partitions after installation, it is not as straightforward—plus, it is not all-encompassing like full hard drive encryption. Below, we have a brand new image of Ubuntu 22.04. When you boot up your machine, whether it be on a physical device or a virtual machine, follow the set up as normal until you reach the screen shown below: After reaching this screen, make sure to click on the “advanced features” option under “Erase disk and install ubuntu”. Once you do so, you should be greeted with the following screen: Once the advanced features menu opens up, make sure to select the “Use LVM…” option as well as the Encryption option. Once you do so, hit OK and click the Install Now option. Afterwards, you should see a screen similar to the one below: Here, we want to establish a security key as well as a recovery key in case you forget the initial security key. For additional security, you can overwrite the empty disk space and being that this is all done at installation, your diskshould be empty. Once you have that all set up, you can continue with installation as normal and you should be all set, you now have disk encryption enabled! Update your Operating System Regularly While operating system updates are seen as a nuisance by many, keeping an operating system up to date is one of the most important measures that can be done to keep a system safe. A perfect example of the dangers of out-of-date software is the infamous WannaCry attack, in which a North Korean ransomware infected over 200,000 computers and caused hundreds of millions of dollars in damages in 2017. WannaCry only affected Windows computers that did not have the latest security update. While not all of the widely used versions of Windows had this update available, according to research from the Kaspersky Lab , 98% of users affected by WannaCry were using Windows 7, which did have the security update available. If these users simply updated their computers, they would not have been affected by one of the largest ransomware attacks. While Linux is generally more secure than Windows, it is just as important to regularly update Linux. Since Linux is open-source, anyone can search its code for bugs and help to fix them. This means that once an exploit in Linux is found, it will generally be fixed quickly, but it also means that it is important to update as soon as possible because the exploit will be known to the public. The easiest way to update Ubuntu is to run the software updater application. To update via the terminal, enter the command “sudo apt update && sudo apt upgrade -y.” Disable Root Access Linux is a command-heavy operating system—while an average user can use Linux and never see the terminal, it is still a powerful tool that can potentially give attackers full access to a computer. The unrestricted ability to run any command in Linux is known as “root access,” and can be safely disabled since it is not really needed most of the time. If root access isever needed, it can always be locked behind a password. To lock root access behind a password, open the terminal and enter “sudo -i.” When the next line, a # prompt, appears, enter “password.” This will give you the prompt for setting a root password. Disable unnecessary services Because Linux has been around for so long, it contains many leftover features that are outdated and no longer necessary. If allowed to run, these features can be a security flaw, especially if they provide access to ports. To list all services that are running in Linux, open the command line. See the below resources for more information on this: tldp How to List Services in Ubuntu Server / Desktop Safe Internet Browsing Nowadays, most browsers make a profit by selling their users’ data to advertisers. While this is usually unnoticeable by users, allowing websites to install data-collecting third-party cookies can make users open to attacks, phishing, and identity theft. Ubuntu comes with Firefox installed as the default browser. While Firefox is already a great browser for privacy, it is always good to disable third-party cookies. Additionally, browser extensions such as Adblock, HTTPS Everywhere, and NoScript can help make browsing the internet more secure. Adblock Adblock extensions disable advertisements on websites, making browsing the internet easier by hiding obstructing ads. They also prevent users from seeing malicious scam advertisements and disable third-party cookies. Popular adblock extensions include Adblock, AdBlock Plus, and uBlock Origin. HTTPS Everywhere Even though most people do not write “ before URLs anymore, the Hypertext Transfer Protocol is still used to connect to every website. Since 2008, websites have started to switch to the Hypertext Transfer Protocol Secure, or HTTPS, which encrypts traffic between the user and the site, and sites that only use HTTP are considered insecure. HTTPS Everywhere automatically switchesHTTP connections to HTTPS connections whenever it is available, helping keep internet traffic safer. NoScript While websites are still primarily built using HTML and CSS, they often have a lot of behind-the-scenes code written in languages such as JavaScript and Java. While there are many legitimate uses for these scripts, they are also one of the main tools used by malicious sites and hackers to run malware. NoScript disables scripts that are not from sites that users declare that they trust. Conclusion While Linux is a secure operating system by default, its ability to be customized allows for a multitude of ways to make it more secure. Making Linux more secure is something that anyone, not just cybersecurity experts, can and should do for the best and safest experience. . Fortify your Ubuntu system’s security by implementing drive encryption, ensuring regular updates, and managing root permissions meticulously.. Encrypt Hard Drive, Secure Ubuntu, Internet Browsing Tips, Linux Practices, OS Update Strategies. . Brian Gomez
Oct 10, 2022
•
102
denial of serviceroot accesskernel flaw2004 Security Overview: Kernel Flaws And User Awareness
In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise. . Kernel Issues 2004 started off on shaky ground with a , a piece of kernel code that controls virtual memory. It affected versions 2.2, 2.4, and 2.6. It was later discovered that the same vulnerability was used to exploit several high-profile Linux development sites in November 2003. Patches were released in early January by each of the major distributions. The flaw was fixed in further kernel releases. In February, a second mremap vulnerability was discovered by the Polish security consulting firm ISec. The was unrelated, but just as serious as the first. In theory, it could result in a denial of service or privilege escalation to root. Vendors responded much more quickly in this second instance. Fixes for 2.4 and 2.6 were released only in a matter of hours this second time. In March, Paul Starzetz of ISec released proof-of-concept exploit code for the second mremap flaw that was released in February. Several news sites failed to accurately read the report released in March and reported that a third kernel flaw as found. This was wrong, but it sparked a lot . Many were relieved to find out that the "third vulnerability" was in fact a misinterpretation. It was beginning to look like the "year of the kernel flaw," but luckily things quieted down in second quarter. The remaining portion of the year was scattered with other kernel vulnerabilities, but non received as much press as mremap. Anothernotable one was discovered in 2.6 last October. It was claimed that the vulnerability could be used to shut down 2.6-based systems remotely. It only affected those systems using iptables based firewalls, because the flaw had to do with the way 2.6 handled firewall logging. Patches were released and the problem was resolved. The volume of press generated by kernel vulnerabilities is ever increasing. With the growing number of a major enterprises adopting Linux as an operational component, trade magazines are dedicating a greater percentage of their editorial scope to it. From a journalist's perspective, flaws in the kernel make great news items. It invokes fear, causing people to pay attention. While news of the mremap vulnerability may not sway the opinion of you or me, it has great potential to make a CIO reluctant to adopt that long-term Linux project all of his techs have been begging for. This year though, the Linux community has stepped up, fixed its problems, and walked away with a lot of class. Instead of headlines reading, "Is Linux Ready for the Enterprise?," journalist were writing pieces about the efficiency of open source leading to a quick resolution. Rather than criticizing Linux because of its flaws, it was praised because of its ability to work through issues. Finally, people were starting to realize that large proprietary software companies often deny that vulnerabilities exist and sneak in security patches during upgrades. Linux is about openness and full-disclosure, a great benefit to all of its users. Linux Vulnerabilities The flip-side is that full-disclosure can be very overwhelming. For example, 35 Linux vendor security advisories were released last week alone. One can easily see this by taking a few minutes to walk through our Linux security advisory archive . Roughly 35 advisories a week for an entire year is 1,820. When other proprietary operating system vendors release a much smallnumber of advisories per year, people make quick and inaccurate conclusions. For example, suppose Microsoft released 50 advisories, and Linux vendors released 2000 in a given time period. 50 is less than 2000; therefore Windows must be more secure. Of course it is flawed logic, but in previous years people believed such numbers. Often, people failed to realized that Linux advisories are released for each individual package, for each distribution, and in many cases for very minor theoretical problems. In previous years, the full picture was not taken into account. Now, the public as well as many journalist are starting to realize that severity of vulnerability is also an important factor. Rather than the discovery of a vulnerability considered another failure for Linux, it is now seen as a success by many because it is one less unknown flaw. This year particularly, I have seen a shift in the IT community's way of thinking. Rather than ignoring vulnerabilities until they're a much bigger problem, much more emphasis is being placed on proactive resolution. In my opinion this is a major step in the right direction. Conflicting Reports While the question of Linux security vs.Windows security has always been around, 2004 has been plagued with groups of analysts, independent researchers, and analyst trying to authoritatively answer that question. British based the "most breached" OS, while Linux security experts considered the findings false because the virus/worm threat was not factored into their analysis. Windows advocates claim that Windows systems are breached more because they are a much more attractive target, Linux administrators claim that Windows systems are compromised more because they're impossible to secure. It has been a year of dueling reports. One month "Linux is less secure," the next, "." In the midst of all the swirling FUD, some truth did come out. Security depends on the administrator .Although I strongly believe that Linux has the potential to be more secure, I won't claim that it always is. The security of any system depends greatly on it's administrator. Lazy operating practices lead to stupid mistakes that can be exploited. Although high-profile vulnerabilities exist, many are only theoretical, or exploit code is not widespread. A significant number of compromises are still caused by poor configuration practices, or majorly outdated software. A proactive administrator greatly reduces the likelihood of major compromise regardless of the operating system. However, an open source operating system such as Linux provides an unmatched level of flexibility that allows a willing administrator to secure a system to any level he/she desires. Major Announcements One of the more interesting announcements in 2004 was the Mozilla Foundation offering a $500 bounty to those who discover bugs in its software. As I wrote previously, proactive measures are becoming common practice, not just a vague concept in an information security professional's dreamland. Other projects such as ethereal and several other open source projects announced updates to vulnerabilities found during a code audits. I see this as great progress. Like clockwork, SANS/FBI released its Top-20 vulnerability list. Some of the most significant Unix vulnerabilities outlined include BIND, webservers, authentication, version control systems, SNMP, SSL, misconfigured services, databases, and the kernel. ( SANS/FBI Top-20 ) The projects that we've been working on at Guardian Digital are close to my heart. 2004 has been a record year in many ways. We've announced the release of two new monthly newsletters, released new versions of EnGarde Secure Professional, the Intrusion Detection and Defense System, Secure Mail Suite, proactively protected customers from Linux kernel flaws, created and announced a worldwide partner division,continued to increase our customer base, and create a program to help companies address Sarbanes Oxley compliance. In the past month, Guardian Digital's major announcement has been the launch of the new LinuxSecurity.com . We updated the site to include all the old features many have grown to depend on while adding additional ones to better serve our readership. From a completely operational perspective this includes implementing an open source content management system, upgrading servers, as well as increasing bandwidth capacity. It has been an amazing year for us at Guardian Digital. Without your support, none of this would be possible. Security Overview 2004 has been a year of increased statistics. As predicted, security attacks are on the rise, the volume of spam has increased, viruses/worms continue to increase in severity, and security continues to grow as a concern. In the corporate world, this is mostly due to Sarbanes-Oxley . Because there are now strict penalties for negligence, executive management in most corporations are starting to get the picture and call for drastic improvements in security. From a home-user's perspective security is also playing a larger role. Windows users are adopting 'personal firewalls' at an increased rate, and others are getting disgusted by a continuously hijacked browser and increasing number of spyware applications. This constant nuisance has lead many to look for alternatives, which has fueled greater interest in Linux and Firefox. Although 2004 has been an active year in security, it has not been revolutionary. From a technological perspective the year has been semi-quiet. This past year, many have focused on improving the process of security, rather than looking for a magic bullet. Again, I think this is a sign of InfoSec's growing maturity. However, in my opinion it is mostly due to the fact that most have been working on a tightly constrained budget. Whilethere have been reports suggesting several terrorist organizations have been taking a much closer look into information security, viruses continue to run rampant in the Windows world, and DDoS attacks continue to be a major problem, I have not lost all confidence in the IT industry's ability to improve overall security. In my opinion, the single most significant factor holding back progress is user education. While companies can implement security awareness and training programs, the average home user does not stand a chance. New hacks and scams are invented each day. Unless a user is proactively aware, sooner or later they will be fooled. Although phishing attacks have existed for quite some time, they have become mainstream in 2004. I'm not sure a day goes by when I don't receive at least one email asking me to 'verify my PayPal information' or 'reactivate my Ebay account.' Although I have not fallen for any of these scams, countless others have. It is just another form of social engineering that is difficult to solve (if not impossible) purely with technology. User knowledge is as important as ever. Concluding Remarks In the Linux community, security continues to be a major concern and priority. Security is now viewed as a differentiator rather than a nuisance. While distributions like EnGarde Secure Linux, Trustix, and others have taken security seriously from the beginning, others such as Red Hat and Gentoo are looking to make SELinux an integral part of its structure. Implementation of security may differ between distributions, but everyone's goal is the same. Some users prefer greater security, other prefer ease of use. It is up to you to find the distribution which best fits your needs and goals. Also, it is important to stay informed and make implementation changes whenever necessary. Security is a road to be traveled, not a destination. . In 2004, Linux faced significant kernel vulnerabilities,underscoring the necessity for heightened advisories and user education regarding potential security threats.. Kernel Flaws, Security Awareness, Vendor Advisories, User Education, Linux Risks. . Benjamin D. Thomas
Dec 23, 2004
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More