Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -2 articles for you...
102
security enhancementmalware protectionfirefoxExploring Security Enhancements in Firefox 3 for Better Protection
Lets take a look at the security features of Firefox 3. Since its release, I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security. . Introduction Bill Keys Features Warning users of potential harmful websites while surfing the Internet is an important security feature of a web browser. Being able to clearly warn the user without being a computer expert is one of the problems Firefox tried to solve with Firefox 3.0. They have two features that do this: Google-powered Malware Protection and a feature called . Firefox 3 elevates user security with enhanced SSL support for safer browsing, ensuring sensitive data is encrypted and protected from threats while browsing. Firefox 3 Security, User Protection, Browser Security Features. . Anthony Pell
Apr 16, 2010
•
102
data protectionencryptionsecurity enhancementHow to Encrypt Shell Scripts Using SHC Utility for Improved Security
Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output). There is a program called "shc" that can be used to add an extra layer of security to those shell scripts. SHC will encrypt shell scripts using RC4 and make an executable binary out of the shell script and run it as a normal shell script. This utility is great for programs that require a password to either encrypt, decrypt, or require a password that can be passed to a command line argument. . Download shc ( http://www.datsi.fi.upm.es/~frosal/ ) and untar it: tar -xzvf shc-X.X.tgz cd shc-X.X/ make make install A binary named " shc " will be created along with some test programs. Let's give it a try. Create a file called: " script.sh " and add the following contents: ############################### script.sh ############################## #!/bin/sh echo "I love Duane's articles and will send him a donation via PayPal." ############################### script.sh ############################## Now run the command: shc -f script.sh The switch " -f " specifies the source script to encrypt. The above command will create two files: script.sh.x.c and script.sh.x . The program " shc " creates C source code out of your shell script then encrypts it ( script.sh.x.c ). The encrypted shell script is: script.sh.x . Run that binary and see the output: ./script.sh.x I love Duane's articles and will send him a donation via PayPal. Now copy the original " script.sh " file to a floppy disk or some other system for backup or in case you need to edit it in the future. Then, delete it from the server and delete the " script.sh.x.c " file itcreates. Neat feature You can also specify a time limit on the shell script so that it will no longer execute after a certain date and you can specify a custom message to echo back to the user. Run this command on the " script.sh " file we created earlier in this tut: shc -e 09/10/2004 -m "Dude it is too late to run this script." -f script.sh ./script.sh.x ./script.sh.x has expired! Dude it is too late to run this script. In the above command the date October 9, 2004 is set as the expiration date ( -e 09/10/2004 ) and the custom message was set to display to the user ( -m "Dude it is too late to run this script." ) when the binary is executed. Note the date format is dd/mm/yyyy. Check out the man pages for more info on " shc ". Remember that the binary is only encrypted on the local system. If you encrypt a script that transmits sensitive information in clear text across a network, you will need some other encrypted communication channel to transmit that information. Duane Dunston received his B.A. and M.S. degrees from Pfeiffer University and he has his GSEC certification from SANS. Hey,Ann Curry! . Discover the method of securing your shell scripts by employing shc, which provides an extra layer of protection against the potential leakage of confidential data.. Shell Script Encryption, SHC Utility, Secure Scripts, Data Protection. . Duane Dunston
Mar 02, 2010
•
102
security enhancementopen sourceSELinuxEnGarde Secure Linux Overview: Security Design By Guardian Digital
Secure By Design: How Guardian Digital Secures EnGarde Secure Linux ABSTRACT What is EnGarde Secure Linux? EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet. EnGarde Secure Linux is the creation of Guardian Digital, Inc. a pioneer in open source security since 1999, and has been developed since then in collaboration with the worldwide community of open source security enthusiasts and professionals. Guardian Digital provides a secure and consistent environment for EnGarde Secure Linux through the Guardian Digital WebTool and the Guardian Digital Secure Network. A server-only system, EnGarde Secure Linux is administered securely and remotely using the WebTool, a custom interface that both simplifies server administration and guides the system user in maintaining a secure configurations for all of the services that comprise EnGarde. The Guardian Digital Secure Network maintains the consistency and security of EnGarde by providing system upgrades and security patches that have been constructed by Guardian Digital's engineering team to relieve the user of the burden of maintaining the system in a consistent and secure state. Defense In Depth In EnGarde Secure Linux Security is the primary consideration in designing every element of EnGarde Secure Linux. Guardian Digital applies basic security principles like "least privilege", "no unnecessary services" and "default-deny" rules to every level of EnGarde from access to kernel itself to defense of the network perimeter. Security begins with the selection of the best available open source packages, chosen and tailored for maximum security and following software security best-practices. The next level of protection comes from a complete re-engineering of the standard Linux security modelusing Security Enhanced Linux (SELinux). SELinux implements the principle of "Mandatory Access Control" which places each program and process under the control of its own SELinux policy, limiting its access to files and resources and effectively containing any intrusions or compromises. EnGarde Secure Linux builds on this secure foundation by placing all administration of EnGarde and its services under the control of the Guardian Digital WebTool. The Guardian Digital WebTool is a secure, remote graphical administration interface that is carefully tailored, not just to simplify administration, but to help maintain secure practices and configurations. For example, EnGarde, through the WebTool, limits user and IP access by default for most services like FTP file transfers and POP/IMAP mail retrieval. For services that must be publicly accessible like Web service and mail transport, the WebTool offers simple setup of SSL-enabled encrypted services. The WebTool also mandates secure practices like encrypted passwords and prevents hazardous configurations like open mail relays. EnGarde Secure Linux extends its secure environment through the use of a carefully integrated selection of the best open source security tools for detecting compromises and intrusions at all levels. EnGarde generates special security-focused system logs to help the administrator identify potential compromises, and adds to this host-based intrusion detection tools. EnGarde monitors the system for potential network compromises and intrusions using the open source Snort intrusion detection system, adding its own NetDiff port status monitoring software. Summary Linux and open source systems have long been renowned for their stability, versatility and scalability. EnGarde Secure Linux adds the feature crucial to providing services on the modern Internet -- security. Guardian Digital builds security into every element of EnGarde by selecting thebest available open source tools and services available and configuring them with security as the top priority. Recognizing that security can only be maintained in a consistent and stable environment, Guardian Digital relieves the user of the burden of "hardening" the system and following secure practices by designing secure administration into its WebTool and by updating and securing the system through the Guardian Digital Secure Network. For an in-depth exploration of the EnGarde Secure Linux security environment, see the full version of this document at "Secure By Design" full text . . Guardian Digital implements a strong framework for EnGarde Secure Linux, emphasizing security through minimalism, secure coding practices, and auditing tools. EnGarde Secure Linux, Secure Administration, SELinux, Open Source Security. . Brittany Day
Oct 09, 2006
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More