Security Vulnerabilities 
malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 5 articles for you...
78
Ubuntuopen source frameworkASP.NETNative .NET Support Now Available In Ubuntu 22.04 By Canonical
Canonical is incorporating Microsoft's ASP.NET and .NET SDK into its latest Long Term Support version of Ubuntu. . Microsoft and Canonical, the company behind Ubuntu , have announced native .NET availability in Ubuntu 22.04 . While open-source .NET has long been available in Ubuntu and other Linux distributions, this collaboration by Microsoft and Canonical will better secure the .NET software supply chain with enterprise-grade support. Specifically, .NET 6 developers can install the .NET 6 packages on Ubuntu with a single, simple command: #sudo apt install dotnet6 That's all there is to it. . Red Hat and Google launch Python on Fedora 37, improving functionality and options for programmers.. Canonical .NET, Ubuntu 22.04, Microsoft ASP.NET, Open Source .NET. . LinuxSecurity.com Team
Aug 17, 2022
•
Vendors/Products
212
security practicesopen source frameworkdeveloper toolsExplore Four Essential Tools for AWS and GitHub Security
Find and eliminate vulnerabilities in the data you store in AWS and GitHub. Learn more in a great Opensource.com article: . If your day-to-day as a developer, system administrator, full-stack engineer, or site reliability engineer involves Git pushes, commits, and pulls to and from GitHub and deployments to Amazon Web Services (AWS), security is a persistent concern. Fortunately, open source tools are available to help your team avoid common mistakes that could cost your organization thousands of dollars. This article describes four open source tools that can help improve your security practices when you're developing on GitHub and AWS. Also, in the spirit of open source, I've joined forces with three security expertsâ" Travis McPeak , senior cloud security engineer at Netflix; Rich Monk , senior principal information security analyst at Red Hat; and Alison Naylor, principal information security analyst at Red Hatâ"to contribute to this article. The link for this article located at Opensource.com is no longer available. . Uncover a quartet of open source solutions to bolster the security protocols of GitHub and AWS for software developers and systems engineers.. Open Source Security Tools, Cloud Security Solutions, GitHub Security Practices, AWS Security Enhancement, Vulnerability Management. . Brittany Day
Sep 12, 2019
•
Cloud Security
78
threat analysisintrusion preventionsecurity toolsSourcefire Razorback Open Source Detection Tool for Enhanced Security
The makers of the popular open-source Snort intrusion detection platform today unveiled a new open-source platform -- a detection framework that unites existing security tools, including IDS/IPSes.. The new Razorback platform developed by Sourcefire is basically a tool for tying together the various layers of detection within an organization, including antivirus, IDS/IPS, Web and email gateways, and firewalls, to use in concert to catch and examine potential threats and create mitigations on the fly. Its creators say it's not the same thing as a security information management tool, however, because it does more than capture events: "SIM collects events in a vacuum: It takes an AV event and says this host is infected by a virus ... It doesn't know anything about that piece of malware on the box," says Matt Watchinski, senior director of Sourcefire's vulnerability research team. Razorback, however, uses the various tools to provide more context about a potential attack, he says. It handles detection in near real-time and can convert newly found intelligence on an attack into a detection mechanism for it. It's basically a framework that overlays the existing security infrastructure and lets the various tools work more in concert, according to Sourcefire. The link for this article located at Dark Reading is no longer available. . Explore Viper: a community-driven framework by CyberGiant aimed at improving risk assessment and vulnerability management.. Open Source Detection Framework, Intrusion Prevention System, Threat Mitigation Tools. . LinuxSecurity.com Team
Jul 28, 2010
•
Vendors/Products
78
security managementAppArmoropen source frameworkAppArmor: Novell's User-Friendly Framework for Linux Security
With its latest entry into the Linux desktop market, Novell plans to make Linux more secure and make that security easier to manage, company officials said at the LinuxWorld conference. The software maker decided against adopting security modifications to the Linux kernel developed by the National Security Agency, known as SE Linux, because of the system is extremely difficult to configure. Instead, the Waltham, Mass. firm developed a framework for restricting applications known as AppArmor, which it released as an open-source project in January. . "We looked at SE Linux as a technology and we couldn't figure out how someone who didn't have a PhD could configure it," said Holger Dyroff, vice president of product management for Novell. "We are insisting that security be easy." The link for this article located at SecurityFocus.com is no longer available. . Red Hat's latest initiative, SELinux, seeks to enhance Linux security oversight with straightforward setup processes.. Linux Security, AppArmor, Novell Framework, Open Source Management, Desktop Security. . LinuxSecurity.com Team
Aug 18, 2006
•
Vendors/Products
79
intrusion detectionsecurity managementlog managementExploring Prelude Hybrid IDS Framework for Effective Security Management
Everyone both involved in information security and many that are not have heard of Snort NIDS (Network Intrusion Detection System). But not many have heard of a little jewel by the name of Prelude. Prelude is an open source framework for building distributed Hybrid Intrusion Detection Systems (HIDS). The reason it is called 'Hybrid' is that it utilizes sensors which are network based (NIDS). But also allows for hosts logs to be transmitted to a central 'Manager' for correlation and storage in a database (mySQL, Postgres, Oracle). . . .. Everyone both involved in information security and many that are not have heard of Snort NIDS (Network Intrusion Detection System). But not many have heard of a little jewel by the name of Prelude. Prelude is an open source framework for building distributed Hybrid Intrusion Detection Systems (HIDS). The reason it is called 'Hybrid' is that it utilizes sensors which are network based (NIDS). But also allows for hosts logs to be transmitted to a central 'Manager' for correlation and storage in a database (mySQL, Postgres, Oracle). Prelude has been around in one form or another since 1998, so it is mature in terms of development. As well as equally as old as the Snort Project. With its modular design and ability to allow other external applications/devices to report to it makes it an excellent and extensible solution to creating custom HIDS solutions. There is are a myriad of terms that have come about recently that apply to variations of an IDS. A newer term that has come about is a SIM (Security Information Management). Which can apply partly to the Prelude framework. Being that a SIM is a centralized repository for security event information. In fact by this definition Prelude is for the most part a SIM: The project leader Yoann Vandoorselaere has referred to Prelude as a 'Meta IDS' as well. But no matter what term you use to refer to it. Prelude is a great piece of Open Source security software that was written with the intent of being used in large heterogeneous networks. The link for this article located at localareasecurity.com is no longer available. . Explore the Prelude IDS Framework, a cutting-edge hybrid security platform that enhances network and host log management for improved visibility and response to threats.. Prelude Framework, Hybrid IDS, Security Management Solutions, Network Security. . LinuxSecurity.com Team
Apr 28, 2004
•
Security Projects
78
open source frameworkdata certificationnotarisationOpenEvidence Framework For Data Certification And Time Stamping
Financed by the European community, OpenEvidence -part of European Project Group FP5- is an open source framework for data certification, time stamping and data archival that brings technology for evidence creation, validation and long term protection of documents.. . .. Financed by the European community, OpenEvidence -part of European Project Group FP5- is an open source framework for data certification, time stamping and data archival that brings technology for evidence creation, validation and long term protection of documents. Developers of France, Belgium, Estonia and Italy share in this project their technological know-how to build an architecture that can be applied to different business models like notarisation. Based on standards ISO 17799, British Standard 7799, IETF PKI RFC 3161 and IETF PKI RFC 3029, standardisations efforts has been made collaborating with the LTANS IETF Working group, ISO (concerning time stamping standard), PKIX certificate validation protocols, DVCS update (RFC 3029) and ISO 18509. A demonstration service of Time Stamping using RFC 3161 by C&A (Italian partners of OpenEvidence) can be used on its web site. The link for this article located at Hector Martinez is no longer available. . SecureDocs, supported by EU resources, is an open-source system designed to safeguard documents via verification and time-marking.. OpenEvidence, Data Certification, Notarisation, Time Stamping, Data Archival. . LinuxSecurity.com Team
Nov 25, 2003
•
Vendors/Products
79
network securityaccess controlsecurity modelRSBAC 1.2.0: Major Access Control Enhancements for Linux Systems
RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). All development is independent of governments and big companies, and no existing access . . . . From: Amon Ott To: RSBAC List Subject: Announce: RSBAC v1.2.0 released Hi! Rule Set Based Access Control (RSBAC) version 1.2.0 has been released.Full information and downloads are available from https://www.rsbac.org/ RSBAC is a flexible, powerful and fast open source access control frameworkfor current Linux kernels, which has been in stable production use sinceJanuary 2000 (version 1.0.9a). All development is independent of governmentsand big companies, and no existing access control code has been reused. This version comes with many new features, e.g.: Network Device (NETDEV) targets (for configuration and raw access) Real template based network access control with Network Object (Socket) templates (NETTEMP) and targets (NETOBJ) and new request types BIND, CONNECT, etc. CAP module with min and max Linux Capabilities for users and programs Network and firewall config protection as new SCD targets Unlimited roles and types in Role Compatibility (RC) model Separate request type MAP_EXEC for library mapping (used to be EXECUTE, too) User ID and RC role based symlink redirection support Lifetime limits for many RC and ACL settings, like access rights and group memberships Amon Ott. Brief Description Name: rsbacVersion: 1.2.0Kernelver: 2.2.20, 2.4.18Status: 9 (UP), 8 (SMP)Author: Amon Ott Maintainer: Amon Ott Description: Rule Set Based Access Control (RSBAC)Date: 28-May-2002Descfile-URL: https://www.rsbac.org//rsbac.descDownload-URL: https://www.rsbac.org//download.htmHomepage-URL: https://www.rsbac.org//Manual-URL: https://www.rsbac.org/instadm.htm What is RSBAC? Name: rsbacVersion: 1.2.0Kernelver: 2.2.20, 2.4.18Status: 9 (UP), 8(SMP)Author: Amon Ott Maintainer: Amon Ott Description: Rule Set Based Access Control (RSBAC)Date: 28-May-2002Descfile-URL: https://www.rsbac.org//rsbac.descDownload-URL: https://www.rsbac.org//download.htmHomepage-URL: https://www.rsbac.org//Manual-URL: https://www.rsbac.org/instadm.htm Key features Open Source (GPL) Independent of governments and big companies Several well-known and new security models, e.g. MAC, ACL and RC Control over individual user and program network accesses Any combination of models possible Easily extensible: write your own model for runtime registration Support for current kernels Stable for production use RSBAC is a flexible, powerful and fast open source access control frameworkfor current Linux kernels, which has been in stable production use sinceJanuary 2000 (version 1.0.9a). All development is independent of governmentsand big companies, and no existing access control code has been reused. The standard package includes a range of access control models like MAC, RC,ACL (see below). Furthermore, the runtime registration facility (REG) makesit easy to implement your own access control model as a kernel module andget it registered at runtime. The RSBAC framework is based on the Generalized Framework for Access Control(GFAC) by Abrams and LaPadula. All security relevant system calls areextended by security enforcement code. This code calls the central decisioncomponent, which in turn calls all active decision modules and generates acombined decision. This decision is then enforced by the system callextensions. Decisions are based on the type of access (request type), the access targetand on the values of attributes attached to the subject calling and to thetarget to be accessed. Additional independent attributes can be used byindividual modules, e.g. the privacy module (PM). All attributes are storedin fully protected directories, one on each mounted device. Thus changes toattributes require special system calls provided. From version1.2.0, all types of network accesses can be controlledindividually for all users and programs. This gives you full control overtheir network behaviour and makes unintended network accesses easier toprevent and detect. As all types of access decisions are based on general decision requests,many different security policies can be implemented as a decision module.Apart from the builtin models shown below, the optional Module Registration(REG) allows for registration of additional, individual decision modules atruntime. In the RSBAC version 1.2.0, the following modules are included. Please notethat all modules are optional. They are described in detail in an extratext. MAC: Bell-LaPadula Mandatory Access Control (compartments limited to a number of 64) FC: Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators. SIM: Security Information Modification. Only security administrators are allowed to modify data labeled as security information PM: Privacy Model. Simone Fischer-Hübner's Privacy Model in its first implementation. See our paper on PM implementation (43K) for the National Information Systems Security Conference (NISSC 98) MS: Malware Scan. Scan all files for malware on execution (optionally on all file read accesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected. See our paper on Approaches to Integrated Malware Detection and Avoidance (34K) for The Third Nordic Workshop on Secure IT Systems (Nordsec'98) FF: File Flags. Provide and use flags for dirs and files, currently execute_only (files), read_only (files and dirs), search_only (dirs), secure_delete (files), no_execute (files), add_inherited (files and dirs), no_rename_or_delete(files and dirs, no inheritance) and append_only (files). Only FF security officers maymodify these flags. RC: Role Compatibility. Defines roles and types for each target type (file, dir, dev, ipc, scd, process etc.). For each role, compatibility to all types and to other roles can be set individually and with request granularity. For administration there is a fine grained separation-of-duty. Granted rights can also have a time limit. AUTH: Authorization enforcement. Controls all CHANGE_OWNER requests for process targets, only programs/processes with general setuid allowance and those with a capability for the target user ID may setuid. Capabilities can be controlled by other programs/processes, e.g. authentication daemons. ACL: Access Control Lists. For every object there is an Access Control List, defining which subjects may access this object with which request types. Subjects can be of type user, RC role and ACL group. Objects are grouped by their target type, but have individual ACLs. If there is no ACL entry for a subject at an object, rights are inherited from parent objects, restricted by an inheritance mask. Direct (user) and indirect (role, group) rights are accumulated. For each object type there is a default ACL on top of the normal hierarchy. Group management has been added in version 1.0.9a. Granted rights and group memberships can have a time limit. CAP: Linux Capabilities (new in 1.2.0). For all users and programs you can define a minimum and a maximum Linux capability set ("set of root special rights"). This lets you e.g. run server programs as normal user, or restrict rights of root programs in the standard Linux way. A general goal of RSBAC design has been to some day reach (obsolete) OrangeBook (TCSEC) B1 level. Now it is mostly targeting to be useful as secure andmulti-purposed networked system, with special interest in firewalls. Amon Ott . RSBAC version 1.2.0 introduces robust security enhancements and improved compatibilitywith contemporary Linux kernels, strengthening access management.. RSBAC, Access Control Framework, Network Security Models, Open Source Security, Linux Access Control. . LinuxSecurity.com Team
Jun 04, 2002
•
Security Projects
77
access controlkernel securitysecurity modelRSBAC 1.1.2: Overview of Open Source Access Control Framework
RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use for over a year (since version 1.0.9a). The standard package includes a range of access control models like MAC, RC, and ACL . . .. RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use for over a year (since version 1.0.9a). The standard package includes a range of access control models like MAC, RC, and ACL (see below). Furthermore, the runtime registration facility (REG) makes it easy to implement your own access control model as a kernel module and get it registered at runtime. Hi! Rule Set Based Access Control (RSBAC) version 1.1.2 has been released. Information and downloads are available from https://www.rsbac.org/ Amon Ott. --------------------------------------- Name: rsbac Version: 1.1.2 Kernelver: 2.2.19, 2.4.8-9 Status: 9 (UP), 8 (SMP) Author: Amon Ott Maintainer: Amon Ott Description: Rule Set Based Access Control (RSBAC) Date: 27-August-2001 Descfile-URL: https://www.rsbac.org/rsbac.desc Download-URL: https://www.rsbac.org/download.htm Homepage-URL: https://www.rsbac.org/ Manual-URL: https://www.rsbac.org/instadm.htm What is RSBAC? -------------- Key features: Open Source (GPL) Linux kernel security extension Several well-known and new security models, e.g. MAC, ACL and RC Any combination of models possible Easily extensible: write your own model for runtime registration Support for current kernels Stable for production use RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use for over a year (since version 1.0.9a). The standard package includes a range of access control models like MAC, RC, ACL (see below). Furthermore, the runtime registration facility (REG) makes it easy to implementyour own access control model as a kernel module and get it registered at runtime. The RSBAC framework is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions. Decisions are based on the type of access (request type), the access target and on the values of attributes attached to the subject calling and to the target to be accessed. Additional independent attributes can be used by individual modules, e.g. the privacy module (PM). All attributes are stored in fully protected directories, one on each mounted device. Thus changes to attributes require special system calls provided. As all types of access decisions are based on general decision requests, many different security policies can be implemented as a decision module. Apart from the builtin models shown below, the optional Module Registration (REG) allows for registration of additional, individual decision modules at runtime. In the RSBAC version 1.1.2, the following modules are included. Please note that all modules are optional. They are described in detail in an extra text. MAC: Bell-LaPadula Mandatory Access Control (compartments limited to a number of 64) FC: Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators. SIM: Security Information Modification. Only security administrators are allowed to modify data labeled as security information PM: Privacy Model. Simone Fischer-Hübner's Privacy Model in its first implementation. See our paper on PM implementation (43K) for the National Information Systems Security Conference (NISSC 98) MS: Malware Scan. Scan all files for malware on execution(optionally on all file read accesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected. See our paper on Approaches to Integrated Malware Detection and Avoidance (34K) for The Third Nordic Workshop on Secure IT Systems (Nordsec'98) FF: File Flags. Provide and use flags for dirs and files, currently execute_only (files), read_only (files and dirs), search_only (dirs), secure_delete (files), no_execute (files), add_inherited (files and dirs) and no_rename_or_delete(files and dirs, no inheritance). Only security officers may modify these flags. RC: Role Compatibility. Defines 64 roles and 64 types for each target type (file, dir, dev, ipc, scd, process). For each role, compatibility to all types and to other roles can be set individually and with request granularity. For administration there is a fine grained separation-of-duty. AUTH: Authorization enforcement. Controls all CHANGE_OWNER requests for process targets, only programs/processes with general setuid allowance and those with a capability for the target user ID may setuid. Capabilities can be controlled by other programs/processes, e.g. authentication daemons. ACL: Access Control Lists. For every object there is an Access Control List, defining which subjects may access this object with which request types. Subjects can be of type user, RC role and ACL group. Objects are grouped by their target type, but have individual ACLs. If there is no ACL entry for a subject at an object, rights are inherited from parent objects, restricted by an inheritance mask. Direct (user) and indirect (role, group) rights are accumulated. For each object type there is a default ACL on top of the normal hierarchy. Group management has been added in version 1.0.9a. A general goal of RSBAC design has been to some day reach(obsolete) Orange Book (TCSEC) B1 level. Now it is mostly targeting to be useful as secure and multi-purposed networked system, with special interest in firewalls. RSBAC Changes ------------- 1.1.2: - Own RSBAC memory allocation functions. Own RSBAC mem slabs in 2.4 kernels. - Generic lists - simply register your list item sizes with filename and persist flag, and a persistent list will be kept for you. - Generic lists of lists, two level version. - Moved pm_data_structures.c to new lists with proc backup files Attention: There is no auto-update from older versions possible! - proc backup files for RC and ACL are now optional - New proc subdir pm, replaces old write_list call - rsbac_pm write_list call removed - New FD aci version with new rc_initial_role and 16 bit ff_flags - New FF flag append_only, which limits all write accesses to APPEND_OPEN and WRITE - Fix for rename hole: rename could replace and thus delete an existing file without DELETE check. Also performs secure_delete, if necessary - New rsbac_mount hook in change_root for initial ramdisk - Fixed missing Linux check in bad_signal - Added optional switch rsbac_dac_disable to disable Linux filesystem access control - Added count support for multiple mounts - Added optional switch rsbac_nosyslog to temporarily disable logging to syslog - Added config option for DEBUG code Amon Ott . Explore RSBAC 1.1.2, an influential open-source access management framework tailored for the Linux kernel, providing multiple security configurations.. RSBAC Framework, Access Control Models, Kernel Security, Security Extensions. . LinuxSecurity.com Team
Sep 03, 2001
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More