Security Vulnerabilities 
malware linux
malware linux IronWorm steals credentials and uses them to spread beyond the original victim, turning developer access into a supply chain risk. . A new campaign targeting npm has evolved past simple credential theft. Researchers identified IronWorm, a self-spreading threat. It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials. One compromised workstation becomes a launchpad for downstream supply chain attacks. This is not a get-in-and-get-out operation....
Jun 08, 2026
Network Securitysystem security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 0 articles for you...
79
Linux updatessecurity moduleremote loggingHighlights of LKRG 0.9.8: Enhanced Kernel Safety and Remote Logging
Openwall has released Linux Kernel Runtime Guard (LKRG) 0.9.8 with significant updates and improvements. For those unfamiliar with Linux Kernel Runtime Guard (LKRG), it is a kernel module that performs runtime integrity checking of the Linux kernel and detects security vulnerability exploits against the kernel. . We'll explain the significance of LKRG in more depth, explore its remote logging functionality, and discuss the significant changes introduced in LKRG 0.9.8. What Is the Significance of LKRG? LKRG was a project of Adam 'pii3' Zabrocki that was brought under the Openwall umbrella and released to the public in 2018. It performs runtime integrity checks on the Linux kernel to detect security vulnerabilities exploited against the kernel. LKRG tries to detect and respond quickly to unauthorized kernel modifications or changes in credentials for running system processes. This protects against exploits gaining unauthorized access to root through kernel vulnerabilities. LKM Rootkits, Docker containers, and other threats are all included in the module, enabling it to combat most existing and future Linux kernel vulnerabilities. LKRG offers security by diversity but without the drawbacks of running an unusual OS. LKRG works best on systems that are unlikely to be rebooted to a new kernel or live-patched whenever a kernel vulnerability is found. It provides robust protection from kernel vulnerability exploits without requiring much effort by the user. There is no need to configure a security policy, etc. LKRG is especially beneficial for systems not expected to be updated consistently. The module can be installed easily in various distros such as RHEL, CentOS, Ubuntu, Whonix, Debian, Rocky Linux, and AlmaLinux. Remote Logging with LKRG Remote logging is critical for troubleshooting incidents, centralizing processing for SIEM and EDR, and compliance. While there are pre-existing Linux kernel remote logging solutions, LKRG is an excellent option for Linux kernel remotelogging. It offers transport security, provides long-term encryption and authentication of messages and blobs, and is not too susceptible to DoS attacks. LKRG also offers: Reliable delivery Congestion control Message prioritization Roaming support Message encapsulation According to security specialist Solar Designer , "Delivery, storage, and processing of LKRG security events to/on a remote system is a natural extension of LKRG's functionality. Remote logging is also valuable on its own, including for troubleshooting and post-mortem analyses of (non-)security incidents, where the system's local logs might be unavailable, incomplete, or tampered with." For more technical details, I encourage you to explore Solar Designer's recent presentation on Linux kernel remote logging: approaches, challenges, implementation. What's New in LKRG 0.9.8? According to Openwall, the following significant changes have been made in LKRG 0.9.8: Added optional remote kernel message logging, including the sending component in LKRG itself and the receiving/logging counterpart in a userspace daemon, as well as additional utilities to generate a public/secret keypair and to process the logs and documentation in LOGGING. Added support for RHEL 8.8+. More complete documentation of the build requirements. The most notable change in this release is the addition of built-in remote kernel message logging capabilities. You can get LKRG 0.9.8 here . Our Final Thoughts on LKRG 0.9.8 LKRG 0.9.8 is an exciting release for those looking to enhance kernel security, especially if they are not engaging in frequent updates. We encourage you to check it out and share your thoughts on X @lnxsec ! That being said, keeping your systems patched against the latest security flaws is another essential defense mechanism against attacks exploiting known vulnerabilities. Be sure to subscribe to our newsletters for the latest updates, news, and advisories impacting your securityas a Linux user. . Explore the significant advancements in LKRG 0.9.8, its critical role in safeguarding kernel integrity, and how enhanced remote logging improves overall defense mechanisms.. Linux Kernel Runtime Guard, LKRG Updates, Kernel Integrity, Remote Logging Solutions. . Dave Wreski
Mar 05, 2024
•
Security Projects
214
security moduleembedded platformIoTZymbit SCM Pro Features Raspberry Pi CM4: Hardware Root Trust and Security
The new Secure Compute Module (SCM) Pro is an embedded platform built around the Raspberry Pi CM4 for IoT and edge applications requiring security features such as Verified Boot, Hardware Root of Trust, File System Encryption, Physical Tamper Sensors, etc. . As of publication date, the SCM Pro is offered with the Pi CM4 with 8GB RAM and 32GB of eMMC storage. The Zymbit SCM consists of the Security Module, a Hardware Wallet and the Raspberry Pi CM4 integrated “into a secure encapsulated module.” The SCM Pro exposes most of the CM4 peripherals including 28x programmable GPIOs, 1x GbE LAN port, 1x PCIe 1-lane Host, 2x HDMI 2.0 ports with 4kp60 resolution, 1x MIPI DSI and 1x MIPI CSI connector. The link for this article located at LinuxGizmos.com is no longer available. . Explore the functionalities of the Zymbit SCM Pro when integrated with Raspberry Pi CM4, tailored for secure Internet of Things deployments.. Secure Module, Raspberry Pi, IoT Security, Embedded Platform, Hardware Root of Trust. . Brittany Day
Mar 09, 2023
•
IoT Security
78
security updatesystem enhancementopen sourceAppArmor Integration: Improvements In Linux Kernel Security Framework
John Johansen, a developer with commercial Ubuntu sponsor Canonical, has submitted an updated version of the AppArmor security framework to the Linux kernel developers for inspection. Johansen writes that, like the SELinux and Tomoyo solutions already integrated into the kernel, this fourth general posting of AppArmor uses Linux Security Modules (LSM) to hook into the kernel.. Some, but not all of the characteristics criticised by the kernel developers when AppArmor was posted last have reportedly been corrected in the new posting The link for this article located at H Security is no longer available. . Recent developments in AppArmor's incorporation within the Linux kernel reveal enhancements addressing earlier concerns.. AppArmor Integration, Linux Kernel Security, Security Framework Updates. . LinuxSecurity.com Team
Feb 22, 2010
•
Vendors/Products
77
mandatory access controlSELinuxNSANSA Security Module: Boosting Linux With SELinux Enhanced Controls
Security is one of the highest profile issues in IT and there has been constant baiting between the Microsoft and Linux camps over who has the more secure operating system. At the start of the year we saw Bill Gates wake up to the fact that security is a good thing and now there is news that the US National Security Agency has been working on a security module that plugs straight into a Linux distribution.. . .. Security is one of the highest profile issues in IT and there has been constant baiting between the Microsoft and Linux camps over who has the more secure operating system. At the start of the year we saw Bill Gates wake up to the fact that security is a good thing and now there is news that the US National Security Agency has been working on a security module that plugs straight into a Linux distribution. Security-Enhanced Linux (SELinux) is a prototype aimed at enhancing the basic features of the operating system with new features such as mandatory access control. Most operating systems use discretionary access controls, details that are provided voluntarily by the user such as user id and password, whereas mandatory access control uses information outside the users reach, such as IP address, to validate access. . The NSA is enhancing Linux's security through Security-Enhanced Linux (SELinux), implementing mandatory access controls to combat unauthorized access and vulnerabilities. Linux Security Module, SELinux Enhancements, Mandatory Control Systems. . LinuxSecurity.com Team
Jun 17, 2002
•
Server Security
77
security advisoryaccess controlRSBACRSBAC 1.1.0 Security Advisory: Moderate Access Control Enhancements
RSBAC is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules.. . .. RSBAC is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions. Decisions are based on the type of access (request type), the access target and on the values of attributes attached to the subject calling and to the target to be accessed. Additional independent attributes can be used by individual modules, e.g. the privacy module (PM). All attributes are stored in fully protected directories, one on each mounted device. Thus changes to attributes require special system calls provided. As all types of access decisions are based on general decision requests, many different security policies can be implemented as a decision module. In the current RSBAC version (1.1.0), eight modules are included: MAC: Bell-LaPadula Mandatory Access Control (limited to 64 compartments) FC: Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators. SIM: Security Information Modification. Only security administrators are allowed to modify data labeled as security information PM: Privacy Model. Simone Fischer-Huebner's Privacy Model in its first implementation. See our paper on PM implementation for the National Information Systems Security Conference (NISSC 98) MS: Malware Scan. Scan all files for malware on execution (optionally on all file readaccesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected. See our paper on malware detection and avoidance for The Third Nordic Workshop on Secure IT Systems (Nordsec'98) FF: File Flags. Provide and use flags for dirs and files, currently execute_only (files), read_only (files and dirs), search_only (dirs), secure_delete (files) and add_inherited (files and dirs). Only security officers may modify these flags. RC: Role Compatibility. Defines (up to) 64 roles and 64 types for each target type (file, dir, dev, ipc, scd, process). For each role compatibility to all types and to other roles can be set individually and with request granularity. AUTH: Authorization enforcement. Controls all CHANGE_OWNER requests for process targets, only programs/processes with general setuid allowance and those with a capability for the target user ID may setuid. Capabilities are controlled by other programs/processes. ACL: Access Control Lists. For every object there is an Access Control List, defining which subjects may access this object with which request types. Subjects can be of type user, RC role and ACL group. Objects are grouped by their target type, but have individual ACLs. If there is no ACL entry for a subject at an object, rights are inherited from parent objects, restricted by an inheritance mask. Direct (user) and indirect (role, group) rights are accumulated. For each object type there is a default ACL on top of the normal hierarchy. Group management has been added in version 1.0.9a. The underlying models are described in the module description at RSBAC homepage (https://www.rsbac.org/). A general goal of RSBAC has been to some day reach (obsolete) Orange Book (TCSEC) B1 level. Now it is mostly targeting to be useful as secure and multi-purposed networked system, with special interest in firewalls. Changes against 1.0.9b: Port to 2.4.0-test11 Interception of sys_mmap and sys_mprotect added. Nowexecution of library code requires EXECUTE privilege on the library file, and setting non-mmapped memory to EXEC mode requires EXECUTE on target NONE. MAC Light option by Stanislav Ievlev added. See kernel config help or modules.htm. Port to 2.4.0-test{[789]|10}, this means major changes to the lookup and inheritance code - of course #ifdef'd Change string declarations to kmalloc. On the way moved MAX_PATH_LEN restriction from 1999 to max_kmalloc - 256 (> 127K). Renamed several PM xy.class to xy.object_class for C++ compatibility Added SCD type ST_kmem Changed rc_force_role default to rc_role_inherit_parent, terminated at root dir with old default rc_role_inherit_mixed. This makes it much easier to keep a dir of force-roled binaries. . AppArmor is a versatile security framework designed to enhance Linux environments with customizable permissions across multiple modules.. RSBAC, Access Control, Security Module, Linux Kernel, Flexible System. . LinuxSecurity.com Team
Dec 11, 2000
•
Server Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More