Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -3 articles for you...
81
data protectioninternet privacyprivacy regulationsChallenges of Europe's Internet Privacy Regulations and Their Impact
Pushed by supporters as a model for the U.S., Europe's tough Internet privacy regulations have come under fire--from surprising sources. The recent European Union-sponsored Data Protection Conference on privacy heard reports from businesses, media outlets, trade unions and four EU nations . . . . Pushed by supporters as a model for the U.S., Europe's tough Internet privacy regulations have come under fire--from surprising sources. The recent European Union-sponsored Data Protection Conference on privacy heard reports from businesses, media outlets, trade unions and four EU nations that demonstrated why the United States should not follow Europe's pro-regulation path in protecting Internet privacy. Ever since the EU's data protection directive took effect in 1998, pro-regulation privacy advocates have been trying to convince the United States and the rest of the world to adopt the European model. Under the directive, e-mail addresses and other personal data can be disclosed or transferred to third parties only with the individual's explicit consent. Now that the model has been operational for a few years, the excessive costs of strong privacy regulations are apparent, but privacy worries remain high. This has led to criticism from some unexpected places. . The controversial regulations on digital data protection in Europe are garnering backlash from surprising advocates, sparking debates about their true impact.. European Regulations, Internet Privacy, Data Protection Laws, Privacy Advocacy. . LinuxSecurity.com Team
Oct 23, 2002
•
Privacy
77
security advisoryaccess controlRSBACRSBAC 1.1.0 Security Advisory: Moderate Access Control Enhancements
RSBAC is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules.. . .. RSBAC is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions. Decisions are based on the type of access (request type), the access target and on the values of attributes attached to the subject calling and to the target to be accessed. Additional independent attributes can be used by individual modules, e.g. the privacy module (PM). All attributes are stored in fully protected directories, one on each mounted device. Thus changes to attributes require special system calls provided. As all types of access decisions are based on general decision requests, many different security policies can be implemented as a decision module. In the current RSBAC version (1.1.0), eight modules are included: MAC: Bell-LaPadula Mandatory Access Control (limited to 64 compartments) FC: Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators. SIM: Security Information Modification. Only security administrators are allowed to modify data labeled as security information PM: Privacy Model. Simone Fischer-Huebner's Privacy Model in its first implementation. See our paper on PM implementation for the National Information Systems Security Conference (NISSC 98) MS: Malware Scan. Scan all files for malware on execution (optionally on all file readaccesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected. See our paper on malware detection and avoidance for The Third Nordic Workshop on Secure IT Systems (Nordsec'98) FF: File Flags. Provide and use flags for dirs and files, currently execute_only (files), read_only (files and dirs), search_only (dirs), secure_delete (files) and add_inherited (files and dirs). Only security officers may modify these flags. RC: Role Compatibility. Defines (up to) 64 roles and 64 types for each target type (file, dir, dev, ipc, scd, process). For each role compatibility to all types and to other roles can be set individually and with request granularity. AUTH: Authorization enforcement. Controls all CHANGE_OWNER requests for process targets, only programs/processes with general setuid allowance and those with a capability for the target user ID may setuid. Capabilities are controlled by other programs/processes. ACL: Access Control Lists. For every object there is an Access Control List, defining which subjects may access this object with which request types. Subjects can be of type user, RC role and ACL group. Objects are grouped by their target type, but have individual ACLs. If there is no ACL entry for a subject at an object, rights are inherited from parent objects, restricted by an inheritance mask. Direct (user) and indirect (role, group) rights are accumulated. For each object type there is a default ACL on top of the normal hierarchy. Group management has been added in version 1.0.9a. The underlying models are described in the module description at RSBAC homepage (https://www.rsbac.org/). A general goal of RSBAC has been to some day reach (obsolete) Orange Book (TCSEC) B1 level. Now it is mostly targeting to be useful as secure and multi-purposed networked system, with special interest in firewalls. Changes against 1.0.9b: Port to 2.4.0-test11 Interception of sys_mmap and sys_mprotect added. Nowexecution of library code requires EXECUTE privilege on the library file, and setting non-mmapped memory to EXEC mode requires EXECUTE on target NONE. MAC Light option by Stanislav Ievlev added. See kernel config help or modules.htm. Port to 2.4.0-test{[789]|10}, this means major changes to the lookup and inheritance code - of course #ifdef'd Change string declarations to kmalloc. On the way moved MAX_PATH_LEN restriction from 1999 to max_kmalloc - 256 (> 127K). Renamed several PM xy.class to xy.object_class for C++ compatibility Added SCD type ST_kmem Changed rc_force_role default to rc_role_inherit_parent, terminated at root dir with old default rc_role_inherit_mixed. This makes it much easier to keep a dir of force-roled binaries. . AppArmor is a versatile security framework designed to enhance Linux environments with customizable permissions across multiple modules.. RSBAC, Access Control, Security Module, Linux Kernel, Flexible System. . LinuxSecurity.com Team
Dec 11, 2000
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More