Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 4 articles for you...
77
security advisorynetwork securitysystem integrityMitigating Security Risks from System Drift in Linux Environments
You start to notice a pattern once you’ve spent enough time in incidents. Linux holds steady until the parts meant to stay fixed begin to wander. Permissions shift a little, update paths age, logging drifts off to the side, and nothing looks broken at first glance. . One small change blends into another, and the system keeps moving forward. Then an alert lands, and the host behaves according to the state it’s grown into over months instead of the one people remember setting. What you’re seeing isn’t failure. It’s a drift: small movements in Linux fundamentals that push long-running hosts away from their intended state. Recent advisories and distro transitions show how often long-running Linux hosts drift in ways administrators rarely notice. Mirrors slip, signing keys rotate, and older releases reach end-of-life while workloads continue to run. The fundamentals haven’t changed, but the environments around them keep shifting, making drift more visible now than it was a few years ago. This isn’t a primer on the features of Linux. It’s a look at where long-running systems actually bend, how that movement shows up in real workloads, and why those changes matter before anything suspicious hits the logs. We will break down system drift into the fundamentals administrators rely on most: permissions, update chains, checksums, logging behavior, network boundaries, kernel controls, lifecycle gaps, and recovery paths. Each of these moves on long-running hosts, usually without noise, and the sections that follow show where that movement comes from and how it reshapes security. Permission Drift in Linux: How Access Boundaries Shift Over Time Permission drift usually shows up in routine work. A directory ends up writable by more accounts than anyone planned, or a service keeps setup privileges long after deployment. Sometimes it’s a one-off adjustment made during a late-night fix. That’s all it takes. On one Red Hat host , a systemd update shifted the permissions on/var/log, leaving the directory in a state no one documented. These small moves add reach in ways people rarely revisit. A process reads further into the filesystem than expected. Log files inherit the wrong owner and no longer accurately reflect activity. A service runs with access that doesn’t match the workload it supports. You see the impact most clearly on compromised machines: attackers follow whatever path the system exposes, often shaped by decisions made years earlier. Permissions define the default boundaries the kernel enforces. When they drift, those boundaries move too, and incidents travel farther before anything stops them. Linux Update Behavior, Drift, and the Trust Chain A routine run of sudo apt-get update looks harmless, but it’s one of the quickest ways to spot drift. The command checks whether the repositories can still prove their identity and whether their metadata aligns with what the host expects. Linux assumes that the trust chain stays predictable. When it shifts, the rest of the stack follows. Drift tends to show up in familiar places: temporary repositories left behind after a test, mirrors that fall out of sync, packages held so long they create dependency gaps, and signing keys that quietly expire. Older baselines like Ubuntu 18.04 widen the gap because upstream ecosystems have already moved past them. On long-running hosts, the pattern becomes obvious. Some systems completed apt-get update cleanly, but the mirror metadata was stale enough that the SHA256 in the InRelease didn’t match . The files weren’t corrupt. The mirror simply drifted, and the checksum caught it. The split between update and upgrade adds another layer. Automation refreshes metadata; patching gets delayed. Every linux update command that stops short of upgrades leaves the system aligned with outdated information. Documentation like how to upgrade Linux distributions exists partly to counter this creep. Verification is what holds the chain together, and when update behaviordrifts, integrity checks pick up the slack. How Checksums Anchor Linux Integrity Checksums sit low in the stack, but they’re one of the few controls that call out drift immediately. Before a package is installed or a linux update command decides what to apply, the system needs to know the file it received is the file that was published. If that baseline moves, trust collapses upward. This shows up in the field constantly. A file downloads cleanly, but the SHA256 doesn’t match the reference. Some Ubuntu mirrors served files whose published SHA256 didn’t match the content on disk . The sync lagged, metadata stayed stale, and apt flagged a hash mismatch even though nothing on the host had changed. The environment drifted upstream, and the checksum stopped the system from accepting it. SHA256 Checksums and Detecting Drift in Linux Systems Checksums catch drift early, which is why teams rely on SHA256 when the file matters. A typical workflow looks like this: sha256sum yourfile.iso You generate the value locally, compare it to the reference, and stop the moment they differ. A mismatch is enough to signal corruption, a bad mirror, or a substituted file. This aligns closely with broader expectations in Linux Integrity Verification Methods. When MD5 Still Matters: Lightweight Integrity Checks MD5 still fits lighter internal work where integrity is about matching copies, not security decisions: md5sum yourfile.iso Package metadata and repository signatures follow the same rule: verify first. Linux Security’s Linux Checksum Guide goes deeper into the matter. Logging Drift in Linux: Auditing, Rotation, and Visibility When drift affects a system, it often appears first in the logs, not as failures, but as mismatches. A service redirects output somewhere else. Rotation stops quietly. An application writes only to stdout. The host keeps running, but the record loses alignment with what’s actually happening. You see the impact when downstream tooling looks empty despiteactive workloads. Forwarding from journald once broke due to a systemd regression; everything looked healthy, but rsyslog received nothing. Auditd rules fall behind filesystem changes, too, leaving sensitive paths unwatched without raising alarms. The drift hides inside normal behavior. Visibility depends on these fundamentals staying steady. When they slide, detection follows the wrong map. Network Boundary Drift on Linux Hosts A host’s network rules define the boundary it presents outward. Drift here tends to surface only when someone scans the network or when a service responds on an interface it shouldn’t. Linux assumes these boundaries stay tied to intent, but maintenance work often shifts them. The pattern is familiar. A “temporary” rule stays in place after troubleshooting. A service binds to 0.0.0.0 instead of localhost. A firewalld zone ends up with a broader trust level than intended. Nothing crashes, but the footprint grows. It shows up in external scans. Shadowserver reports often catch hosts with ports open that were never meant to be exposed. Once that boundary expands, the remaining Linux fundamentals have less influence on how far an incident can spread. Kernel Drift: Capabilities, SELinux, and AppArmor Behavior Kernel behavior exposes drift that started higher in the stack. Permissions change quietly, or deployment shortcuts leave binaries with elevated bits that no one re-checks. Linux Capabilities can serve as an early indicator: a service may keep privileges it no longer needs, or a binary may retain flags from an old setup. This isn’t theory. Environments with supposed parity often behave differently because each system accumulated its own history. The kernel only enforces the state it sees. That gap becomes clearer when you look at the Linux Features for 2025. Mandatory Access Control systems surface the mismatches quickly. SELinux Policies begin logging denials for actions the workload never used to take. Labels fall out of sync during incrementalchanges. AppArmor profiles pick up exceptions until they barely resemble the original intent. Drift becomes visible because the kernel reacts to behaviors that no longer match the configuration. When kernel controls behave unexpectedly, it usually means the environment underneath has been drifting for a while. Linux Version Drift: EOL Releases and Lifecycle Gaps Linux support lifecycle drift occurs when hosts continue to run beyond the support window. The system works, but the environment around it evolves. Libraries move forward, logging semantics change, tooling expects newer kernel behavior, and old releases drift away from the assumptions modern software makes. You see it clearly on Ubuntu 18.04. The release stayed stable, but patches stopped landing. Hardening guides referenced controls that it couldn’t support. Even updated metadata reflected a widening gap. Linux news highlighted vulnerabilities that never reached the retired branch. Activity in Ubuntu Security Advisories makes the divergence obvious. When a system stops receiving fixes, drift becomes structural. Everything layered above it inherits the difference. Recovery Drift: Backups, Snapshots, and Restored State Recovery drift shows up when backups restore a version of the host that no longer resembles the one in production. Files move over time, service layouts change, new directories appear, and the backup plan quietly falls behind. It surfaces during routine tests. A snapshot mounts cleanly but restores a structure the host abandoned months ago. File-level backups skip new paths silently. Tools expect kernel behavior that no longer exists on the system. Nothing fails loudly, but the restore path reflects a past the machine has already outgrown. Snapshots carry forward old assumptions. Restore points restore permissions or service states that don’t align with the host’s current behavior. Once that gap grows, an incident doesn’t meet a known baseline; it meets an older copy. That quiet drift sitsunderneath most questions about how secure Linux is . The fundamentals shape how the system responds under pressure: boundaries, trust paths, kernel controls, version baselines, and the recovery story. When they slide, the machine reflects the current reality, not the intended design. How Linux Drift Reshapes Security in Practice A system responds according to the fundamentals underneath it. Permissions define boundaries. Checksums anchor trust. Update paths determine whether the machine reflects reality or outdated metadata. Kernel controls enforce the environment as it exists today. Recovery and lifecycle support decide whether a stable baseline still exists. Drift accumulates across all of them, usually without noise. When an incident lands, the outcome reflects the state the system has become. Machines that remain predictable under pressure are those whose fundamentals still align with their original intent. The rest inherit the history of their drift, and security follows that shape. Long-running hosts don’t always just fail suddenly; the system can drift. Every drift described here stems from the same root: Linux fundamentals tend to move unless someone actively keeps them aligned. . Discover how small shifts in Linux fundamentals lead to larger security challenges and effective strategies to address them.. configuration drift, linux security, user permissions, system integrity, network security. . MaK Ulac
Nov 18, 2025
•
Server Security
215
user permissionsprivacy protectiondesktop securityExploring Linux Advantages Over Windows For Enhanced Desktop Security
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for your desktop OS. . What Are the Advantages of Choosing Linux Over Windows for Desktop Usage? One of the Linux desktop's most notable advantages is programming and development. Linux supports most programming languages, and you can download any necessary packages, libraries, and modules with a single command. There is no need to search for each one individually. This insight is crucial for developers who require a streamlined workflow and efficient access to programming tools. Linux's privacy and security advantages are also particularly noteworthy. With its rule of least privilege approach, Linux can offer better protection than Windows against security vulnerabilities. Even if malware does reach your system, it won’t be able to do severe damage unless it obtains root access. This can be attributed to the permission system on Linux, which allows you to grant only authorized users access to system files. This comparison raises pertinent questions about the long-term security impact of choosing between the two operating systems. The stability of the desktop experience and the joys of distro hopping in Linux are also notable benefits, capturing the attention of tech enthusiasts and sysadmins eager to delve deeper into the world of Linux distributions. Our Final Thoughts: What Are the Implications of This Decision? The implications of which desktop OS security practitioners choose are substantial. In operating system selection, professionals must consider the trade-offs between usability, customization, security, and resource efficiency. As technology professionals aim to safeguard their organizations’ digital assets and privacy, understanding the nuanced differences between Linux and Windows becomes increasingly crucial. While we fervently advocate for Linux, we hope the critical points raised in this article are relevant andthought-provoking for users of any OS, especially those seeking to deepen their understanding of Open Source and Linux security. Continue learning about the security advantages of Linux in the LinuxSecurity articles linked below: How Secure Is Linux? Is Linux A More Secure Option Than Windows For Businesses? Top Reasons to Use Linux Over Windows . Linux stands out in desktop operating systems, offering superior security, robust programming capabilities, and enhanced privacy for users seeking better control. Desktop Security, Linux Advantages, Programming Efficiency, Open Source Benefits. . Brittany Day
Apr 09, 2024
•
Desktop Security
212
security best practicesuser permissionscloud securitySafeguarding Kubernetes Clusters on AWS with Security Best Practices
Kubernetes security is safeguarding your Kubernetes clusters, the applications they host, and the infrastructure they rely on from threats. As a container orchestration platform, Kubernetes is incredibly powerful but presents a broad attack surface for potential adversaries. . Kubernetes security encompasses several strategies and best practices to mitigate this risk, including hardening your containers and hosts, managing user permissions, implementing network policies, and setting up logging and monitoring. One of the key aspects of Kubernetes security is the principle of least privilege, which implies that every component of your Kubernetes environment should have only the permissions it needs to function. This minimizes the potential damage an attacker can do if they compromise a part of your system. Another foundational principle is defense in depth, layering different security controls so that a failure in one area does not lead to a complete system compromise. However, it’s important to realize that Kubernetes environments are dynamic and constantly changing, with new workloads being deployed, old ones being updated or retired, and infrastructure being scaled up or down to meet demand. This means your security posture needs to be continuously monitored and adjusted to keep up with these changes. Application mapping technology can help understand the current state of applications and dependencies in containerized environments. . Kubernetes security involves a range of techniques and recommendations aimed at reducing vulnerabilities in cloud infrastructures.. Kubernetes Security, Cloud Infrastructure, Container Protection, Security Strategies. . Brittany Day
Nov 18, 2023
•
Cloud Security
81
privacy issuedata collectionuser permissionsMore than 1,300 Android Applications Misuse Permissions to Gather Data
Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. . The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensitive services, device capabilities, or user information an app can access, allowing users decide what apps can access. However, new findings by a team of researchers at the International Computer Science Institute in California revealed that mobile app developers are using shady techniques to harvest users' data even after they deny permissions. The link for this article located at The Hacker News is no longer available. . Contemporary mobile platforms stipulate application access via permissions, yet numerous applications persist in gathering data without user approval.. data privacy, app security, mobile permissions, unauthorized access, user data collection. . LinuxSecurity.com Team
Jul 09, 2019
•
Privacy
83
security advisoryFedoraUbuntuUbuntu And Fedora Kernel Issue: Root Access Risk Confirmed
An error in the handling of special netlink messages in the Linux kernel can allow a user to surreptitiously gain root privileges. The discoverer of the hole, Mathais Krause, confirmed to The H's associates at heise Security that Linux kernel versions 3.3 to 3.8 are affected. . These are used by, among other things, Fedora 17, 18 and Ubuntu 12.10. Red Hat and SUSE are unaffected as they have not ported the code in question back to the older kernels their distributions are based on. The link for this article located at H Security is no longer available. . A vulnerability in Linux kernels from versions 3.3 to 3.8 may allow for unauthorized administrative entry. Impacted systems include Fedora and Ubuntu.. Linux Kernel Security, Root Access Vulnerability, Open Source Threats. . LinuxSecurity.com Team
Feb 26, 2013
•
Hacks/Cracks
78
open sourceuser permissionsubuntuExploring User Security Settings in Ubuntu Linux Systems
As I have gone through the 30 Days With Ubuntu Linux experience--and especially the past couple days as I have toyed with Wine and trying to get Windows software to run within Ubuntu--I have seen ample evidence of the security features of the OS. Simply put, Ubuntu Linux (and, I assume, Linux in general) is more secure by default.. That may seem blasphemous coming from a devoted Windows user. The reality is what it is, though. Here is what I have seen. First--the OS defaults to a timeout of sorts that requires me to enter my password again to wake the system up if I step away for more than a minute or two. Every time I want to make a change, or install some app from the Ubuntu Software Center, I have to enter my password again to grant permission--a' la the UAC function in Windows. The link for this article located at PC World is no longer available. . Uncover Ubuntu's built-in security functionalities designed to boost safety for users transitioning from Windows.. Ubuntu Security, Default Settings, Open Source Protection, User Permissions, System Timeout. . LinuxSecurity.com Team
Jun 27, 2011
•
Vendors/Products
78
access controluser permissionsweb managementJoomla 1.6 Review: Improved Access Control Levels for Business
Another major new capability in Joomla 1.6 is the Access Control Level system for managing rights and permissions within the system. This isn't exactly a revolutionary improvement, as many CMS products, especially on the commercial side, have long had very capable access control systems built-in.. But the previous permission system in Joomla was basically unsuitable for most business use and the new system should make Joomla a legitimate option for companies looking for Web content management. With the new system, I could create and manage permission levels for user groups, set default permissions levels, and define specific permission settings for individual areas of content within the site. The link for this article located at Information Week is no longer available. . Joomla 1.6 offers improved access permissions, optimizing web management for businesses and revolutionizing the CMS experience for organizations.. Joomla 1.6, Access Control System, Business Usability, CMS Features. . LinuxSecurity.com Team
Jan 17, 2011
•
Vendors/Products
83
data protectionaccess controluser permissionsStrategies for Managing Privileged User Access in Databases
The prospect of restricting access to your database is tricky when it comes to privileged users, such as database administrators who need to keep the databases running, developers who need to tap into databases to get them to work, or super users who just need an inordinate amount of access to get their jobs done.. Privileged users are in a class of their own when it comes to database activity. Plain and simple, their extended access poses a much higher risk exposure to the data: These users touch, move, and manipulate more data than the average user. So chances are higher that they'll make a mistake that compromises data, or will operate maliciously and undetected. Some form of database activity monitoring is a key part of that system. But even more impactful -- and perhaps more immediate for less mature organizations -- is the often forgotten first step of employing the rule of least privilege. Do your privileged users really need the database permissions they currently have, and is their level of access appropriate? The link for this article located at Dark Reading is no longer available. . Navigating database access can be challenging when dealing with authorized personnel. Discover strategies for governing access rights while safeguarding sensitive information.. Database Access, User Permissions, Data Protection, Access Control. . LinuxSecurity.com Team
Nov 16, 2009
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More