Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
kernel securitysecurity toolssecurity improvementEnhancing Linux Kernel Defense: Open-Source Tools and Strategies
Kernel security is a key determinant of overall system security. After all, the Linux kernel is the foundation of the OS and the core interface between a computer’s hardware and its processes. Luckily, Linux now supports a range of effective open-source extensions and external tools engineered to boost kernel security. From the threats you should be aware of to the initiatives and technologies designed to reinforce and enhance the security of the Linux kernel, here's what you need to know. . The Open-Source Security Advantage Enterprise IT environments are becoming increasingly reliant on open-source technologies, but companies too often fail to approach those technologies with the same attention to security as they do with commercial and closed-source alternatives. Of course, open-source technologies are traditionally more secure than IT products that have been commercially developed. The Linux OS, for example, is known for its high level of security and has been exposed to far fewer bugs than its closed-source counterparts. This can largely be attributed to the nature of open-source development - higher levels of transparency and user scrutiny than proprietary development results in the rapid identification and elimination of potential security vulnerabilities in open-source code. The Impact of OpenSFF Launched in August 2020, the Open Source Security Foundation (OpenSSF) was created with the sole intention of improving the security of open-source software (OSS). A combination of The Linux Foundation’s Core Infrastructure Initiative, Github’s Open-Source Security Coalition and the Joint Open-Source Software Initiative, OpenSSF is a cross-industry collaboration that intends to continuously work to improve OSS security. OpenSSF has lofty goals and is already producing real-world results. Along with the accessible courses open to software developers (the Secure Software Development Fundamentals), they have also launched scoring systems that auto-generate reports into security andcriticality. The launch of a security metrics dashboard is still in its early stages but seems to be a very promising addition that should help boost kernel security. Overall, OpenSSF is one of the most significant steps forward in terms of improving OSS security. What Are Some Common Linux Kernel Attacks? From kernel data attacks that change the way that an OS functions to malware attacks that remain a serious, persistent threat, Linux kernel attacks are as dangerous and disruptive as ever. Let’s take a closer look at some of the main threats to the Linux kernel. Rootkits & Kernel Data Attacks Threat actors wishing to breach open-source security systems will commonly alter the in-memory kernel data so they can manipulate and change the way that the OS behaves. Doing this means that they don't have to worry about inputting any form of malicious code. This type of exploit is known as a kernel data attack and, although somewhat rare, these attacks could quickly become as disruptive as more traditional kernel rootkits - a particularly damaging type of malware that is able to hide from both antivirus software and the human eye. Rootkits work by modifying files (and in some cases replacing them entirely). While other OSes suffer from rootkit insertion to a much greater extent than Linux, Linux users can be just as susceptible to data theft, the intrusion of remote access, or even recruitment into a botnet. The transparency of open-source kernel security technologies is becoming less of a determining factor of security as those systems grow. For example, just a few years ago Linux kernel code consisted of only two million lines. Now, that number is closer to 28 million Malware and Open-Source Technologies In the early days of the Internet, malware was used primarily as a form of digital vandalism. The purposes of malware have evolved and expanded as cybercriminals have become increasingly sophisticated in both their motives and their tactics. Now, their goals and methods of attack vary greatly and,as a result, open-source kernel security technologies have to work harder to detect malware and rootkits and to avoid exposure to different types of DDoS attacks , as well as the myriad of other ways that threat actors can breach modern digital environments. For the most part, cyber criminals' main goal is now financial gain, although there are still those with ideological reasons for attacking organizations. Implementing Linux Kernel Security with Open-Source Technologies The most common method of enhancing kernel security is the use of a software layer that sits within the OS itself. With hardware at the heart of the technology, the kernel is the next layer, and regulates all authentication instructions and governs access control. The kernel cannot then be tampered with or changed, and by using open-source kernel security technologies, transparency becomes a key aspect of improving security. As the world grows increasingly reliance on digital technologies, open-source kernel security technologies must be built with this transparency at their heart. The growing number of automation tools that can monitor Linux systems and identify errors is only making open-source kernels safer and easier to use, while exponentially improving digital security. The LSM framework allows for various security checks via the use of newly introduced kernel extensions. These extensions are not loadable kernel modules, however. Instead, they are selected during the build-time process but can be overridden when it comes to boot-time. Mandatory Access Control (MAC) extensions are one of the more comprehensive security policies for Linux, and there is a range of options to look at more closely throughout build-time. Some of the most well-known examples, such as SELinux and AppArmor , do have limited functionality, though. For more in-depth layering and protection, extensions can be built directly from the LSM framework. This gives users the opportunity to make specific changes that they may not have access to with larger MACextensions. You can find out more about LSMs and how to extend their capabilities on the Linux man-pages project. These protection systems must be enabled at all times to ensure a safe Linux environment. Introducing Linux Kernel Lockdown Lockdown is a relatively new security feature designed specifically for the Linux kernel. Part of the Linux kernel 5.4 branch, it is a feature that must be activated. Its default mode is off, simply because it can negatively affect existing systems. However, the primary function of lockdown is to prevent root account interactions with kernel code. By strengthening this divide, Lockdown counters potentially dangerous interactions that have been possible since the launch of the Linux OS. Once lockdown has been activated, there will be limitations on kernel functionality, but these will make it significantly more difficult for root accounts that have been compromised to affect the rest of the OS. This will even affect root users, so it's not a small step. Two lockdown modes are supported: Integrity: This mode disables the kernel features that will allow userland modifications to kernel code. Confidentiality: This mode disables the ability to use the kernel features that allow for the extraction of confidential information. Additional external patches can also be added to the lockdown LSM. Additional Security Features It is highly advisable that organizations allow for the enabling of UEFI Secure Boot in either 'full' or 'boot' mode - especially on x86-64 systems. This will require cryptographically signed kernels and firmware, but it means that unsigned drivers cannot be loaded for hardware. This can dramatically reduce an attack surface by making it much more challenging for threat actors to insert malicious kernel modules into a system. It can also reduce the risk of unsigned rootkits remaining in place after a reboot. It's worth noting that not all Linux distros will have Secure Boot integration and that manual intervention may be necessary at times,particularly during upgrades. Introducing the Linux Auditing System (AuditD) Developed and maintained by RedHat, AuditD is designed for Linux access monitoring and accounting. It's an excellent and robust tool that integrates very tightly with the kernel, monitoring for particular system calls. By operating at the kernel level, this allows admins to access any of the system operations that they need to. Everything can be monitored, including files and network traffic. By operating at such a granular level, the detail that AuditD offers is outstanding, and it is as useful a tool as they come. However, it does suffer from a lack of Syslog. So while it doesn't have to rely on any externals, this does mean that you have to manage all of the audit logging using only the tools available on the AuditD dashboard itself. As a result, log collection, archiving and remote logging can become a lot more challenging. Malware/Rootkit Scanners Finding rootkits is always a challenge, but there is now a wide range of rootkit scanners that make it much easier to detect and then remove rootkits. There are plenty of options available, too, with some of the biggest tech names, such as Intel (McAfee) and Norton, offering their own rootkit scanners. Smaller names are also delivering a rapid output of rootkit scanning products, making rootkit discovery and removal significantly faster and easier. If you are planning to implement a malware/rootkit scanner, it's worth bearing in mind that they are often designed with a different end-user in mind. Many are tailored to more experienced users, while others will offer more basic functionality for non-technical users. Make sure to have a clear idea of the types of features you need, and do your research on each of the existing options. The following are all highly regarded: rkhunter chkrootkit OSSEC Automated Source Code Analysis Automated source code analysis (SCA) software is more informative than traditional vulnerability scanning software, as it checks forlicense and policy compliance and security threats, as well as any version updates. If the goal is a higher quality end product, automated source code analysis software is a worthwhile investment. It is very helpful in detecting flaws and even highlighting specific solutions for application code errors. Without the need for test cases and dramatically cutting down on test time, SCA software is the common-sense alternative to manually evaluating every single line of code. These solutions are dependable and cost-effective and are particularly valuable for organizations facing repeated cases of reduced quality, compliance issues, or overlooked flaws. Although not definitive, the advent of an automated technology that reads and analyses source codes line by line is the next stage in the evolution in open-source kernel security technologies. These technologies can quickly and easily identify and then repair potential vulnerabilities across a range of open-source systems and technologies. Hackers looking to attack an open-source technology will often target buffer overflows , memory allocation bugs - or any vulnerability they are able to find. Coding issues are all too easy to miss when in-house teams are the only option, making automation key to enhanced security measures across the digital space. In Summary By utilizing the very best open-source kernel security technologies, Linux admins can ensure that their systems are secure from attacks and branches. With the rapid innovation occurring in the realm of open-source security combined with responsible administration, admins, users and data can be kept safer than ever. . Open-source kernel security technologies enhance Linux security by strengthening defenses against threats, allowing rapid vulnerability identification and patching. Kernel Security, Open Source Technologies, Rootkit Detection, Linux Protection, Malware Prevention. . Brittany Day
Feb 15, 2021
•
102
security advisoryopen sourcesecurity improvementEnGarde GDSN Subscription: $60 Price Cut for Enhanced Security Support
Guardian Digital, the world's premier open source security company, announced today that they will be reducing the annual subscription cost of the Guardian Digital Secure Network for EnGarde Community users from $229 to $60 for a limited time.. Guardian Digital Announces Price Reduction for Annual EnGarde Community GDSN Subscription ALLENDALE, NJ - September 29, 2003 - Guardian Digital, the world's premier open source security company, announced today that they will be reducing the annual subscription cost of the Guardian Digital Secure Network for EnGarde Community users from $229 to $60 for a limited time. The Guardian Digital Secure Network (GDSN) is a unique subscription-based service for keeping EnGarde Secure Linux servers current while receiving expert advice and technical support directly from Guardian Digital engineers. "Lowering the GDSN subscription price makes available Guardian Digital's world-class services to a wider audience. We truly believe the GDSN is the most cost effective, unique software and support system of its kind, and our hope is to be able to prove that to our EnGarde Community users," said Dave Wreski, Guardian Digital CEO. The Guardian Digital Secure Network Services include: Automatic Software Updates Customized Security Improvements Rapid Response Alerts to Updates Expert Technical Support and Advice New Software Versions & Features EnGarde Secure Linux, the award-winning secure and easy-to-manage platform for operating on the Internet, is a comprehensive solution that provides all the tools necessary to build a complete online presence, including DNS, Web, and e-mail services. EnGarde reduces the time and resources required to create a secure online presence. "In an ever-changing technological environment, the Guardian Digital Secure Network provides a fast, easy way to maintain our system and keep it consistently secure," writes Ken Romero, systems engineer with Cisco Systems and CEO, DeepInTheMoney.com. "The automaticupdate function and exceptional technical support combine to form the most cost-effective and effortless means to protect our intellectual property." Through Guardian Digital's Rapid Response technology, customers are automatically notified of pending software and security updates, as well as complete software upgrades, all performed reliably and without complex intervention. In recent months, Guardian Digital has released numerous application updates and functional enhancements, addressing the rising frequency of hacker attacks and vulnerabilities. Some of Guardian Digital's latest improvements include: Cryptography: Significant OpenSSH and stunnel vulnerabilities Electronic Mail: Many new features and security update Core EnGarde System: Kernel updates to support new hardware Web Applications: PHP performance and feature improvements "Hackers never sleep. It is imperative that servers remain as secure and current as possible. The Guardian Digital Secure Network is the most sophisticated and least expensive means to maintain a secure posture while constantly adding new features to an EnGarde server," said Ryan W. Maple, senior security lead at Guardian Digital. Guardian Digital Secure Network is the least expensive way to add conscientious and knowledgeable security staff to your organization, focused on keeping your system s operating efficiently, productively and securely. This intelligent approach to sys tem security and management is the most dynamic means to protect your corporate assets and remain on the cutting edge of security technology. To see all our latest security improvements, please visit our website https://guardiandigital.com/. About Guardian Digital Guardian Digital, the premier open source security company, offers the first secure, open source Internet infrastructure system. Based on Guardian Digital's operating system platform, EnGarde, the company providesenterprises with the software and services necessary for secure computing on the Internet. By leveraging the merits of the collaborative open source design model, coupled with the company's security and Internet expertise, Guardian Digital solutions maintain the highest degree of security and reliability. Founded in 1999, Guardian Digital is headquartered in Allendale, New Jersey. For additional information, please visit https://guardiandigital.com/ or call 1-866-GD-LINUX. Contact: Alison Parker Guardian Digital, Inc. Corporate Communications 201-934-9230
Oct 02, 2003
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More