Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -3 articles for you...
74
network securitymalwarethreat detectionIdentify and Mitigate Lion Worm Threats on Linux Operating Systems
The dangerous Lion worm is stalking Linux systems. Worse than the Ramen worm, Lion installs then hides hacker tools on vulnerable systems Linux system administrators have a new worm to worry about. The SANS Institute is reporting the . . . . The dangerous Lion worm is stalking Linux systems. Worse than the Ramen worm, Lion installs then hides hacker tools on vulnerable systems Linux system administrators have a new worm to worry about. The SANS Institute is reporting the presence of the Lion worm, which is much more dangerous than the Ramen worm earlier this year. What makes Lion more dangerous is that it can steal passwords, install and hide hacker tools, gain root access of an infected system then attack other vulnerable systems. It is unclear whether Lion will surpass Ramen in total number of systems infected. It may infect Unix systems as well as Linux systems. The link for this article located at ZDNet UK is no longer available. . Uncover the threats posed by the Lion worm, its methods for breaching Linux systems, and strategies to safeguard against it.. Lion Worm Detection, Malware Prevention Tips, Linux Security Threats. . Anthony Pell
Mar 26, 2001
•
Network Security
74
security advisorycriticalsystem integrityLion Worm Advisory: Critical BIND Attack and Detection Tool
Late last night, the SANS Institute (through its Global Incident Analysis Center) uncovered a dangerous new worm that appears to be spreading rapidly across the Internet. It scans the Internet looking for Linux computers with a known vulnerability. It infects . . . . Late last night, the SANS Institute (through its Global Incident Analysis Center) uncovered a dangerous new worm that appears to be spreading rapidly across the Internet. It scans the Internet looking for Linux computers with a known vulnerability. It infects the vulnerable machines, steals the password file (sending it to a China.com site), installs other hacking tools, and forces the newly infected machine to begin scanning the Internet looking for other victims. ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET March 23, 2001 7:00 AM Late last night, the SANS Institute (through its Global Incident Analysis Center) uncovered a dangerous new worm that appears to be spreading rapidly across the Internet. It scans the Internet looking for Linux computers with a known vulnerability. It infects the vulnerable machines, steals the password file (sending it to a China.com site), installs other hacking tools, and forces the newly infected machine to begin scanning the Internet looking for other victims. Several experts from the security community worked through the night to decompose the worm's code and engineer a utility to help you discover if the Lion worm has affected your organization. Updates to this announcement will be posted at the SANS web site, https://www.sans.org/ DESCRIPTION The Lion worm is similar to the Ramen worm. However, this worm is significantly more dangerous and should be taken very seriously. It infects Linux machines running the BIND DNS server. It is known to infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all 8.2.3-betas. The specific vulnerability used by the worm to exploit machines is the TSIG vulnerability that was reported on January 29, 2001. The Lion worm spreads via an applicationcalled "randb". Randb scans random class B networks probing TCP port 53. Once it hits a system, it checks to see if it is vulnerable. If so, Lion exploits the system using an exploit called "name". It then installs the t0rn rootkit. Once Lion has compromised a system, it: - - Sends the contents of /etc/passwd, /etc/shadow, as well as some network settings to an address in the china.com domain. - - Deletes /etc/hosts.deny, eliminating the host-based perimeter protection afforded by tcp wrappers. - - Installs backdoor root shells on ports 60008/tcp and 33567/tcp (via inetd, see /etc/inetd.conf) - - Installs a trojaned version of ssh that listens on 33568/tcp - - Kills Syslogd , so the logging on the system can't be trusted - - Installs a trojaned version of login - - Looks for a hashed password in /etc/ttyhash - - /usr/sbin/nscd (the optional Name Service Caching daemon) is overwritten with a trojaned version of ssh. The t0rn rootkit replaces several binaries on the system in order to stealth itself. Here are the binaries that it replaces: du, find, ifconfig, in.telnetd, in.fingerd, login, ls, mjy, netstat, ps, pstree, top - - "Mjy" is a utility for cleaning out log entries, and is placed in /bin and /usr/man/man1/man1/lib/.lib/. - - in.telnetd is also placed in these directories; its use is not known at this time. - - A setuid shell is placed in /usr/man/man1/man1/lib/.lib/.x DETECTION AND REMOVAL We have developed a utility called Lionfind that will detect the Lion files on an infected system. Simply download it, uncompress it, and run lionfind. This utility will list which of the suspect files is on the system. At this time, Lionfind is not able to remove the virus from the system. If and when an updated version becomes available (and we expect to provide one), an announcement will be made at this site. Download Lionfind at REFERENCES Further information can be found at: https://www.sei.cmu.edu/library/2001-cert-advisories/ CERT Advisory CA-2001-02, Multiple Vulnerabilities in BINDhttp://www.kb.cert.org/vuls/id/196945 ISC BIND 8 contains buffer overflow in transaction signature (TSIG) handling code Information about the t0rn rootkit. The following vendor update pages may help you in fixing the original BIND vulnerability: Red Hat Linux RHSA-2001:007-03 - Bind remote exploit https://www.redhat.com/en/services/support Debian GNU/Linux DSA-026-1 BIND https://www.debian.org/ SuSE Linux SuSE-SA:2001:03 - Bind 8 remote root compromise. https://www.suse.com/de-de/ txt.txt Caldera Linux CSSA-2001-008.0 Bind buffer overflow This security advisory was prepared by Matt Fearnow of the SANS Institute and William Stearns of the Dartmouth Institute for Security Technology Studies. The Lionfind utility was written by William Stearns. William is an Open-Source developer, enthusiast, and advocate from Vermont, USA. His day job at the Institute for Security Technology Studies at Dartmouth College pays him to work on network security and Linux projects. Also contributing efforts go to Dave Dittrich from the University of Washington, and Greg Shipley of Neohapsis Matt Fearnow SANS GIAC Incident Handler If you have additional data on this worm or a critical quetsion please email
Mar 23, 2001
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More