Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 2 articles for you...
77
buffer overflowphp securityapplication protectionWays to Secure PHP5 Using Suhosin on CentOS 5.4 Server Environment
This tutorial shows how to harden PHP5 with Suhosin on a CentOS 5.4 server. From the Suhosin project page: "Suhosin is an advanced protection system for PHP installations that was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections." This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you! 1 Preliminary Note I have tested this on a CentOS 5.4 server with the IP address 192.168.0.100. I will install both Suhosin parts in this tutorial, the Suhosin patch (for which we need to recompile PHP5) and the Suhosin PHP extension. To see what Suhosin can do, please refer to The features of the Suhosin patch are listed under Engine Protection (only with patch); all the other features come with the Suhosin extension. The link for this article located at HowToForge is no longer available. . Enhance the security of PHP5 applications on CentOS 5.4 servers by implementing the Suhosin patch and extension for advanced protection against vulnerabilities. Suhosin, PHP Security, CentOS Hardening, PHP Extensions. . LinuxSecurity.com Team
Mar 15, 2010
•
Server Security
74
security practicesweb applicationdevelopmentEssential Safety Protocols For Securing PHP And Ajax Applications
The more points of entry you allow, the more security risks you present. Add the complexity of Ajax to the mix, and it gets harder to tell exactly where the vulnerable spots of your web application are. Read on for a concise article on preliminary checks you should run on any PHP or Ajax application to ensure you're not opening up any possible venues of attack. . . Enhance the security of PHP and Ajax applications by recognizing and mitigating possible vulnerabilities that could be exploited by malicious actors.. PHP Security, Ajax Risks, Web Application Protection. . Brittany Day
Aug 29, 2007
•
Network Security
77
web applicationphp securityconfiguration checklistEssential Configuration Checklist to Secure PHP for Production
The Apache/PHP/MySQL stack is immensely popular for web application development, its components are powerful, versatile and Free. Unfortunately however, PHP comes with a default configuration that is not suitable for production mode, and may cause developers to use insecure techniques during the development phase. Inside is a check list of settings that are intended to harden the default PHP installation. . The link for this article located at Aymanh.com is no longer available. . Follow this essential checklist for securing your PHP environment in production, enhancing its security against vulnerabilities and risks. PHP Security Checklist, Secure PHP Settings, Web Application Security. . LinuxSecurity.com Team
Oct 12, 2006
•
Server Security
77
web securityserver compromisephp securityShared Hosting Risks: Business Consequences from Server Compromise
A reader alerted us today about yet another web server compromise, affecting a large number of domains. In this particular case, the server was hosted with iPowerWeb, a provider of low cost web space on shared servers. Space on a shared server is ok for personal use. But you should think twice before using it for commercial, in particular business critical use. Your web sites security will depend on a few hundred other users on the same system doing the right thing. A bad php script on one virtual server could lead to a compromisse of all web sites hosted on the same system. . The link for this article located at SANS is no longer available. . Recognize the dangers associated with utilizing shared hosting for business purposes. Learn how one poorly designed application can jeopardize the security of your entire website.. Shared Hosting Risks, Business Security, Web Server Compromise. . LinuxSecurity.com Team
Jun 20, 2006
•
Server Security
77
security measuresphp securitycode safetyTop 5 Critical Security Checks Every PHP Application Must Have
Web applications have become a popular way to provide global access to data, services, and products. While this global access is one of the Web's underlying advantages, any security holes in these applications are also globally exposed and frequently exploited. It is extremely easy to write applications that contain unintentional security holes. This is demonstrated by the range of common web applications, including PHPMyAdmin, PHPShop and FreeTrade, that have contained major security holes.. . .. Web applications have become a popular way to provide global access to data, services, and products. While this global access is one of the Web's underlying advantages, any security holes in these applications are also globally exposed and frequently exploited. It is extremely easy to write applications that contain unintentional security holes. This is demonstrated by the range of common web applications, including PHPMyAdmin, PHPShop and FreeTrade, that have contained major security holes. The source code is often required to identify these holes, but it is common to make the source code of these applications available to the public. This article provides five steps to help identify or avoid such security holes in applications written using PHP. Here is a listing of the five discussed in detail in this article: Avoid Using Variables When Accessing Files Escape characters in SQL statements Do Not Trust Global Variables Avoid False Uploads Escape HTML Characters in Text . Web applications have become a popular way to provide global access to data, services, and products.. applications, become, popular, provide, global, services, products. . LinuxSecurity.com Team
Dec 29, 2003
•
Server Security
77
web applicationphp securitydatabase securitySecuring PHP: Improve Security For Dynamic Web Applications
In my previous article ("Securing Apache: Step-by-Step") I described the method of securing the Apache web server against unauthorized access from the Internet. Thanks to the described method it was possible to achieve a high level of security, but only when . . . . In my previous article ("Securing Apache: Step-by-Step") I described the method of securing the Apache web server against unauthorized access from the Internet. Thanks to the described method it was possible to achieve a high level of security, but only when static HTML pages were served. But how can one improve security when interaction with the user is necessary and the users' data must be saved into a local database? This article shows the basic steps in securing PHP, one of the most popular scripting languages used to create dynamic web pages. In order to avoid repeating information covered in the previous article, only the main differences related to the process of securing Apache will be described. Like in the previous article, the target operating system is FreeBSD 4.7. However, the methods presented should also apply on most modern UNIX and UNIX-like systems. This article also assumes that a MySQL database is installed on the host, and is placed in the "/usr/local/mysql" directory. The link for this article located at SecurityFocus is no longer available. . Enhancing security in PHP web applications is vital for safeguarding sensitive information. Implement key strategies for robust protection against threats.. PHP Security, Dynamic Web Applications, Web Application Security. . LinuxSecurity.com Team
Jun 24, 2003
•
Server Security
77
risk managementphp securitysecurity guidelinesEffective Security Practices for PHP Scripts With Safe Mode Strategies
The way to secure PHP scripts is through a carefully selected combination of configuration settings and safe programming practices. Based on the vulnerabilities that we have studied so far, we will now set forth to establish some rules that can help avoid dangerous situations. . . .. The way to secure PHP scripts is through a carefully selected combination of configuration settings and safe programming practices. Based on the vulnerabilities that we have studied so far, we will now set forth to establish some rules that can help avoid dangerous situations. PHP can be set up so that it executes scripts in a restricted environment to decrease the amount of damage that can be inflicted by insecure programs. This modus operandi is called "safe mode". The configuration directive safe_mode in php.ini turns safe mode on and off. The safe_mode_exec_dir directive specifies a directory from which scripts can be loaded. PHP will not execute a script if it is not in this directory. Furthermore, PHP will not let a script call another program that is not in this directory. This way, even if there is a security hole in the script that allows attackers to run arbitrary commands on the script, they will be limited to whatever is in the safe mode executable directory. The link for this article located at EarthWeb is no longer available. . Enhance your PHP script security by employing robust configurations and adhering to best coding principles to reduce vulnerability exposure.. PHP Security Practices, Script Configuration, Safe Programming Guidelines. . LinuxSecurity.com Team
Nov 14, 2001
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More