Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 6 articles for you...
76
security advisoryopen source securitycode review2024's Top Linux Security Events: Key Takeaways for Admins
2024 was marked by numerous critical incidents that highlighted the importance of robust Linux security measures among admins. One notable event was when Utils , a widely used data compression tool widely used on Linux systems, was nearly breached due to an unwitting backdoor inserted by an actor deeply embedded within its community. Thanks to a vigilant Microsoft developer, this near miss was found just before it could cause a significant security breach - reinforcing how even trusted open-source projects may be vulnerable and increasing demand for thorough code reviews. . AlmaLinux and Rocky Linux saw significant adoption as businesses switched after Red Hat withdrew support for CentOS. Not only did AlmaLinux and Rocky Linux ensure continuity, but they also demonstrated renewed dedication to security within enterprise environments. Furthermore, emphasis has been put on safeguarding open-source software development processes through initiatives like the Open Source Security Foundation's manifesto. For security admins, these events are a critical reminder of the necessity of remaining vigilant and proactive when protecting our systems. Let's examine these events in more detail and explore their implications for your Linux security administration. The XZ Utils Backdoor: A Close Call One of the most eye-opening security stories in 2024 involved the narrowly avoided backdoor attack on XZ Utils , a widely used data compression utility in Linux environments. A threat actor with access to millions of systems attempted to insert malicious code by becoming embedded within open-source communities for years before finally unleashing their code. Microsoft developer Andres Freund discovered the malicious code before it could spread further. Freund's discovery demonstrated his expertise and how sophisticated and patient modern threat actors can be. It further highlighted vulnerabilities within open-source projects and reinforced the importance of regular code reviews. What this means for securityadmins is clear: reviewing code contributions cannot be taken lightly. The open-source nature of Linux presents both strengths and vulnerabilities . For this reason, transparency and community engagement must be balanced against stringent security protocols to protect against deeply embedded threats. The Transition from CentOS: Adopting AlmaLinux and Rocky Linux 2024 marked another key turning point within the Linux community with Red Hat's decision to discontinue support for CentOS . For years, CentOS had been the go-to choice of enterprises seeking a secure yet stable distribution for their servers and infrastructure. With Red Hat changing course, businesses faced the challenge of finding an equally trustworthy alternative distribution. AlmaLinux and Rocky Linux have quickly emerged as leading alternatives, providing enterprises with the stability and support they require to thrive. AlmaLinux arose from CloudLinux team efforts, while Rocky Linux, spearheaded by CentOS co-founder Greg Kurtzer, has proven a reliable community-backed solution. Both distributions aim to maintain CentOS users' expectations of quality service so that businesses transition smoothly without incurring disruptions during transitioning processes. Security admins facing this transition period need more than technical knowledge; they must also assess and tighten security protocols. Switching distributions requires extensive planning, meticulous testing, and an in-depth understanding of each environment's security considerations. Administrators must remain vigilant and take measures to secure their systems during this changeover period. Securing Open-Source Development: The Open Source Security Foundation’s Initiative 2024 has also seen significant progress in securing the open-source development process itself. Threats such as those found in XZ Utils underscore just how crucial securing every component of software supply chains is. To meet this need, OpenSSF has increased its efforts to strengthen thedevelopment processes of open-source projects. One key initiative has been the Open Source Consumption Manifesto , which outlines best practices for consuming and integrating open-source software. The manifesto emphasizes transparency, security by default, and continuous risk assessment as ways for developers to ensure that any software they produce or rely upon remains safe from potential threats. Security administrators must take the challenge of securing software development processes seriously. When these initiatives emerge, they should support them by contributing to open-source projects or advocating for stronger security policies within their organizations. By prioritizing security, they can reduce risks while creating more secure foundations for open-source software development. Our Final Thoughts: Lessons Learned and the Way Forward These three significant stories from 2024 offer crucial lessons for Linux security admins. XZ Utils' close call shows the necessity of stringent code reviews and community vigilance to prevent sophisticated attacks. Transitioning from CentOS to alternative distros like AlmaLinux and Rocky Linux illustrates the importance of careful and planned migrations that ensure security and stability during the process. The Open Source Security Foundation's efforts underscore the need for a holistic approach to secure open-source software development. By supporting and adopting security practices within their ecosystems, administrators can contribute to creating more secure open-source environments. These lessons translate to several key actions: Continuous code review and monitoring: Relying solely on trusted contributors isn't enough; every line of code should be analyzed for potential security threats. Comprehensive migration planning: When switching distributions, testing and securing setups thoroughly before migration is vital. Engaging with community initiatives: By following and implementing guidelines from organizations like OpenSSF,supporter engagement in community security efforts can enhance overall security posture. By prioritizing these areas, Linux security administrators can more effectively defend against both current and potential future threats to their systems. While 2024 may have alarming tales to tell, these stories also encourage an active approach to security vital for open-source software's resilience. These events have served as an eye-opening reminder that security is an ongoing journey rather than an accomplished state. The collaborative nature of Linux and open-source communities is an excellent solution to these challenges. Through shared vigilance, proactive strategies, and commitment to best practices, security administrators can protect their systems against today's and tomorrow's threats. What do you see as the most significant Linux security event of 2024? Connect with us @lnxsec and share your thoughts! . As Red Hat ceased CentOS backing, the uptake of AlmaLinux and Rocky Linux skyrocketed, emphasizing concerns over security.. Linux security lessons, open source sustainability, security protocols. . Brittany Day
Jan 02, 2025
•
Organizations/Events
78
security advisorybuffer overflowLinux kernelExploring Google’s Counted_By Feature for Linux Security Enhancement
As the cybersecurity landscape continues to evolve, developers and system administrators have faced several challenges in ensuring the safety of systems written using C. This is due to their vulnerability to buffer overflows. . Buffer overflows have been the cause of many security breaches by exploiting C's limitations in type safety and memory management. Realizing the impact of this persistent issue, Google has taken proactive steps to improve Linux security by introducing the counted_by attribute for flexible array members. This is a significant advancement in the ongoing fight against security vulnerabilities. To help you understand this initiative, I'll discuss this attribute in more detail, explore its significance in the realm of Linux security, and explain how you can use this attribute to improve the security of your Linux administration. Introduction to the counted_by Attribute The C language has a powerful feature that allows structures to include an array with variable size at the end of their structure. A compromise in security accompanies the flexibility, as their size can only be determined at runtime. This makes it difficult for the compilers to perform bounds checks. In the past, the alloc_size property of malloc() was used to perform local bounds checks within the same function. The allocated object did not carry the critical information needed for bounds checks, leaving a security hole when the array was accessed outside its allocation scope. The introduction of the counted_by attribute significantly reduces this drawback. This attribute explicitly links the flexible array to the field that stores the size of the array. This linkage empowers the array bounds sanitizer (enabled by -fsanitize=array-bounds ) to accurately verify operations on flexible array members by utilizing the count field to ensure that array bounds are not exceeded. What Is the Significance of This Attribute for Linux Admins Looking to Improve Security? This development hasprofound implications for Linux administrators. The counted_by feature is a powerful tool that can protect applications from various security flaws, including heap buffer overflows. By ensuring flexible array operations adhere to predefined bounds, the risk of exploits that rely on buffer overflows - such as unauthorized code execution and unauthorized access - is substantially reduced. This innovation enhances the security of applications and the overall resilience and robustness of the Linux kernel . The kernel is the core of the Linux OS, so its security significantly impacts the security of countless systems and devices that run Linux. How Can Admins Use This Feature to Improve Security? Linux administrators can use the counted_by feature to improve security in several ways. Here's how: Code Review and Updates: Admins may initiate code reviews for existing codebases that contain flexible array members. If applicable, they can include the counted_by attribute in the code, which specifies the field that stores the array size. Secure Coding Practices: Secure coding practices should include the counted_by attribute. When designing structures that have flexible array members, explicitly tying the array to its counter size can prevent potential vulnerabilities. Fortification Efforts: The counted_by attribute is part of a larger effort to fortify Linux to prevent buffer overflows. By using this feature alongside other compiler-sanitization flags and fortification macros like _FORTIFY_SOURCE , administrators can harden systems against an array of attack vectors. Security Auditing: This attribute allows for a more comprehensive audit of security . Tools enabled by -fsanitize=array-bounds can now detect and report potentially unsafe operations involving flexible array members, facilitating early intervention. Developers must follow specific rules to use the counted_by attribute effectively: The flexible array member must also be containedwithin the same nonanonymous struct. Before accessing an array, the count field must first be set. The array field should always have the same number of elements. The number of elements in the count field can be changed but must not exceed that assigned initially. Our Final Thoughts on Google's Efforts to Bolster Linux Security Google's counted_by feature is a significant step in securing Linux environments. This attribute provides a robust method for checking the bounds of flexible array members and addresses a vulnerability in the C programming language. This feature is a must-have for Linux administrators who want to protect their systems from the constant threat of buffer overflows. In the future, collaboration between developers and administrators to implement features like counted_by will be essential to maintaining the integrity and resilience of our digital infrastructure. . Microsoft reinforces Windows stability by introducing the monitored_by feature to safeguard against memory corruption vulnerabilities in C++ software.. Linux Security, Buffer Overflow Prevention, Counted_By Attribute, Secure Coding Practices. . Anthony Pell
Jul 17, 2024
•
Vendors/Products
209
security measuresinsider threatopen source securityInsider Threats and Security Measures for Open Source Ecosystems
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While the open-source community successfully reacted to remove the malware , this event highlights the presence of spies within their midst and the need for stricter security measures. . Potential solutions exist, such as external certification processes or code reviews by external companies, but implementing them can be challenging. Understanding & Overcoming Insider Threats in Open-Source Environments The power of the open source community to quickly respond to crises like the XZ Utils backdoor must be highlighted, as exemplified by ethical hackers ' prompt removal of the malware. However, this also raises critical questions about the overall security and trust within the open-source ecosystem. One intriguing point to consider is the comparison between this incident and an internal corporate hack carried out by a disgruntled employee. It suggests that just as organizations face insider threats, the open source community may also be vulnerable to similar espionage acts. This analogy sparks curiosity and forces organizations to consider the implications of insider threats in a community built on trust. Recent attacks have raised thought-provoking questions regarding the need for stricter security measures in the open-source ecosystem. Implementing an external certification process or having external companies conduct code reviews and certify software could help reduce risk. However, these approaches have potential complications and legal liabilities. This tradeoff leads businesses to critically assess the balance between security measures and the fundamental principles of open-source collaboration. Organizations must also consider risks from within, where trusted users or contributors may abuse access or introduce malicious activity, making internal fraud prevention a critical part of securing Linux and open-source environments. Thisincident has significant implications for security practitioners, particularly Linux admins, infosec professionals, internet security enthusiasts, and sysadmins. It challenges them to reevaluate their trust in contributors and consider implementing additional security training and measures to mitigate insider threats. CISOs and cybersecurity teams must always consider the potential risks insiders pose and explore ways to conduct internal source code reviews on open-source software. Looking ahead, the long-term consequences of this incident could result in a more cautious approach to open-source collaboration. Change will come slowly, and the open-source community may need to adapt to evolving threats by implementing new security measures and creating awareness of insider risks. Improving Open Source Security: Our Final Thoughts The recent XZ Utils backdoor incident and its implications for the open-source ecosystem highlight the need for security practitioners to remain vigilant and proactive in addressing insider threats while questioning the potential consequences of implementing stricter security measures. As security practitioners, reflecting on the vulnerabilities within open-source environments and considering how you can contribute to a safer and more secure community is critical. . Mitigating insider threats in open-source environments requires implementing strict code audits, certification processes, and fostering a transparent community culture to report issues.. insider threat, open source security, ethical hacking, security measures, code review. . Brittany Day
May 08, 2024
•
Security Trends
83
malwaresecurity threatLinuxSurge in Malicious Python Attacks on Linux and Windows Requires Caution
A new set of malicious Python projects are targeting Linux and Windows systems. Security Brief states, "There has been a significant rise in the number of attacks involving Python." . These attacks have increased because they are cheap and easy to execute—the cost of renting or purchasing these tools is low compared to other types of malware like ransomware or viruses. This makes it easier for anyone with basic knowledge about how malware works (including criminals) to get started doing this kind of attack. So who exactly is being targeted in these attacks? Malicious hackers are targeting Linux systems such as web servers running Apache or OpenSSH. This means that hackers are trying to break into any kind of server containing sensitive information—like credit card numbers or passwords from users who pay for things online with their cards. To safeguard against these attacks, Python developers must carefully examine the code they download before installing it onto their systems. This kind of abuse of PyPI will likely continue, and therefore developers must proceed with caution when installing code from any public software repository. Stay up-to-date on the latest Linux security information and insights required to secure your systems by subscribing to our weekly newsletters. Have additional questions about securing your Linux systems and open-source projects? Connect with us on X @lnxsec - we're here to help! Stay safe out there, fellow Linux users! . The surge in budget-friendly Python vulnerabilities poses risks for Windows environments, highlighting the necessity to thoroughly review purchased applications.. Python Malware, Linux Security Threats, Web Server Hacks. . LinuxSecurity.com Team
Dec 28, 2023
•
Hacks/Cracks
81
security advisorykernel patchNSAAnalysis of NSA's Security Enhanced Linux and Its Security Features
In the wake of the recent revelations that America's National Security Agency is spying on all and sundry, is it time for the Linux community to take another good, hard look at the NSA-developed Security Enhanced Linux?. The NSA's Security Enhanced Linux comprises a kernel patch to add security features, and patches to applications to allow them to determine the security domain in which to run processes. The link for this article located at IT Wire is no longer available. . Assessing the necessity for an extensive evaluation of NSA's Security Enhanced Linux following the latest surveillance disclosures.. Security Enhanced Linux, NSA Code Review, Kernel Security. . LinuxSecurity.com Team
Jul 25, 2013
•
Privacy
79
IT securitysecurity challengesopen source securityDebunking Myths And Addressing Challenges In Open Source Security
Detractors of open source software often point to its broad developer base and open source code as a potential security risk. But that's not a fair assessment, according to Dr Ian Levy, technical director with the CESG, a department of the UK's GCHQ intelligence agency that advises UK government on IT security.. Open source is no worse or better than proprietary software when it comes to security, according to Levy, who busted myths about open source security The link for this article located at ZDNet Blogs is no longer available. . Discover the reasons why open source software can be just as secure, if not more so, than proprietary options. Delve into common misconceptions and the obstacles faced in this landscape.. Open Source Security, Security Myths, IT Security Challenges. . LinuxSecurity.com Team
Apr 23, 2013
•
Security Projects
78
web applicationsecurity improvementcode reviewEnhancing Web Application Security: A Code Review Guide
App security vendor Watchfire and anti-malware vendor Panda Software both launched web-based apps this week. Watchfire's new release, Appscan Enterprise 5, checks source code under development for security problems. The latest version includes a new . After the security scan, Quickscan presents programmers with a developer task list showing what code needs to be re-written to secure the application. "The industry is in wide agreement now that security testing must be built into the software development lifecycle, but too often companies mistakenly throw complex security solutions at [program] developers as the answer," said Watchfire chief technology officer, Michael Wieder. "It's simply not feasible to expect developers, who are already overtaxed with go-to-market pressures, to take on the role of security experts too." The link for this article located at IT Week is no longer available. . SecureScan offers programmers a checklist for code enhancements following vulnerability assessments to strengthen application defense.. App Security, Web Applications, Code Review, Development Practices, Anti-Malware. . LinuxSecurity.com Team
Feb 22, 2007
•
Vendors/Products
79
code reviewsecurity projectopen source auditingDARPA Sardonix Project Faces Challenges In Attracting Auditors
Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs to the thankless task of open-source security auditing is prepared to throw in the towel. Initially funded by a research grant from the Pentagon's Defense Advanced Research Projects Agency (DARPA), the Sardonix project aspired to replace the loosely-structured Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. . . .. Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs to the thankless task of open-source security auditing is prepared to throw in the towel. Initially funded by a research grant from the Pentagon's Defense Advanced Research Projects Agency (DARPA), the Sardonix project aspired to replace the loosely-structured Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. As conceived by Oregon-based computer scientist Crispin Cowan, Sardonix was to attract volunteer auditors by automatically ranking them according to the amount of code they've examined, and the number of security holes they've found. Auditors would lose points if a subsequent audit by someone else turned up bugs they missed. Cowen hoped that the system would produce the same cocktail of goodwill and computer-judged competition that fuels other successful geeky endeavors, from the distributed computing effort that recognizes top producers in the search for new prime numbers, to the "karma" points awarded highly-rated posters on the news-for-nerds site Slashdot. In the end, though, nobody showed up. "I got a great deal of participation from people who had opinions on how the studliness ranking should work, and then squat from anybody actually reviewing code," says Cowan, chief research scientist at WireX Communications. . Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs.years, hopeful, launch, -backed, research, project, aimed, drawing, skilled, eyeballs. . LinuxSecurity.com Team
Feb 02, 2004
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More