Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -1 articles for you...
78
security updateSELinuxcloud securityAmazon Linux 2022: SELinux Enabled by Default with New Update Schedule
Amazon Web Services has announced that it will release an updated version of its own Linux every two years, starting with Amazon Linux 2022, which it is previewing now. The SELinux security module is enabled and enforced by default in AL2022, but EC2 instances running the OS won't automatically implement patches or security updates. Users can instead choose to automate installation of packages, or patches, or both. . The cloud colossus launched its first Linux distro in 2010 , and seven … years … later … delivered a successor . In the name of speeding things up a bit, Jeff Bezos's computer rental service has promised a new release every other year, each of which will be supported for five years and receive quarterly tweaks. . In the coming years, Google Cloud Platform plans to unveil a fresh iteration of its operating system every 24 months, integrating enhanced protection using AppArmor as a standard feature.. Amazon Linux, Cloud Security, EC2 Management. . LinuxSecurity.com Team
Nov 24, 2021
•
Vendors/Products
78
security advisorysoftware updateversion releaseMozilla Plans Automatic Upgrade For Firefox 3.6.x Users To Version 12
Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread. . According to Keybl, Firefox 3.6.x users with updates enabled should start being upgraded in early May The link for this article located at H Security is no longer available. . Users of Firefox 3.6.x will begin receiving an automatic upgrade to version 12 in early May, as per Mozilla's announcement. Ensure your security!. Firefox Upgrade, Open Source Browsers, Software Updates. . LinuxSecurity.com Team
Apr 30, 2012
•
Vendors/Products
79
software updatelinux distributionsecurity toolsOpenwall GNU/Linux 1.1: Server Platform With Enhanced Security Tools
For those few who don't know yet, Openwall GNU/*/Linux (or Owl) is a security-enhanced operating system with Linux and GNU software as its core, intended as a server platform.. . .. For those few who don't know yet, Openwall GNU/*/Linux (or Owl) is a security-enhanced operating system with Linux and GNU software as its core, intended as a server platform. More detailed information is available on the web site: Openwall GNU/*/Linux (Owl) - a security-enhanced server platform After another year of development Owl 1.1 release is finally out. Owl 1.1 is currently available for purchase on a CD and will also be available for download after January 7, 2004. Owl 1.1 CDs may be ordered online with delivery worldwide via this web page: Order Openwall GNU/*/Linux (Owl) on CD The major changes made since 1.0 release are documented: Openwall GNU/*/Linux (Owl) - changes made between 1.0 and 1.1 CDs are bootable on x86 and include a live system, x86 binary packages for installation to a hard disk, and full source code which may be rebuilt with one simple command ("make buildworld"). Security tools such as John the Ripper and Nmap are usable right off the CD, without requiring a hard disk, -- and indeed they're also available with Owl installs you make. -- Alexander Peslyak GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 Openwall - bringing security into open computing environments - bringing security into open computing environments . Openwall GNU/Linux (Owl) advances to release 1.1, upgrading its server functionalities and fortifying its security measures.. Openwall Owl, Linux Release, Enhanced Security, GNU Software. . LinuxSecurity.com Team
Dec 23, 2003
•
Security Projects
79
access controlsecurity featuresRSBACRSBAC 1.1.1 Release: Enhanced Features and Kernel Support Overview
Rule Set Based Access Control (RSBAC) version 1.1.1 has been released. Information and downloads are available from https://www.rsbac.org/. . .. Rule Set Based Access Control (RSBAC) version 1.1.1 has been released. Information and downloads are available from https://www.rsbac.org/ Below are the notes that Amon sent to the RSBAC mailing list --------------------------------------- Name: rsbac Version: 1.1.1 Kernelver: 2.2.18-19, 2.4.2 Status: 9 (UP), 8 (SMP) Author: Amon Ott Maintainer: Amon Ott Description: Rule Set Based Access Control (RSBAC) Date: 28-March-2001 Descfile-URL: https://www.rsbac.org/rsbac.desc Download-URL: https://www.rsbac.org/download.htm Homepage-URL: https://www.rsbac.org/ Manual-URL: https://www.rsbac.org/instadm.htm What is RSBAC? -------------- RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels, which has been in stable production use for over a year (since version 1.0.9a). The standard package includes a range of access control models like MAC, RC, ACL (see below). Furthermore, the runtime registration facility (REG) makes it easy to implement your own access control model as a kernel module and get it registered at runtime. The RSBAC framework is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions. Decisions are based on the type of access (request type), the access target and on the values of attributes attached to the subject calling and to the target to be accessed. Additional independent attributes can be used by individual modules, e.g. the privacy module (PM). All attributes are stored in fully protected directories, one on each mounted device. Thus changes toattributes require special system calls provided. As all types of access decisions are based on general decision requests, many different security policies can be implemented as a decision module. Apart from the builtin models shown below, the optional Module Registration (REG) allows for registration of additional, individual decision modules at runtime. In RSBAC version 1.1.1, the following modules are included. Please note that all modules are optional. They are described in detail in an extra text. MAC: Bell-LaPadula Mandatory Access Control (compartments limited to a number of 64) FC: Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators. SIM: Security Information Modification. Only security administrators are allowed to modify data labeled as security information PM: Privacy Model. Simone Fischer-Hübner's Privacy Model in its first implementation. See our paper on PM implementation (43K) for the National Information Systems Security Conference (NISSC 98) MS: Malware Scan. Scan all files for malware on execution (optionally on all file read accesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected. See our paper on Approaches to Integrated Malware Detection and Avoidance (34K) for The Third Nordic Workshop on Secure IT Systems (Nordsec'98) FF: File Flags. Provide and use flags for dirs and files, currently execute_only (files), read_only (files and dirs), search_only (dirs), secure_delete (files), no_execute (files), add_inherited (files and dirs) and no_rename_or_delete(files and dirs, no inheritance). Only security officers may modify these flags. RC: Role Compatibility. Defines 64 roles and 64 types for each target type (file, dir, dev, ipc, scd, process). For each role, compatibility toall types and to other roles can be set individually and with request granularity. For administration there is a fine grained separation-of-duty. AUTH: Authorization enforcement. Controls all CHANGE_OWNER requests for process targets, only programs/processes with general setuid allowance and those with a capability for the target user ID may setuid. Capabilities can be controlled by other programs/processes, e.g. authentication daemons. ACL: Access Control Lists. For every object there is an Access Control List, defining which subjects may access this object with which request types. Subjects can be of type user, RC role and ACL group. Objects are grouped by their target type, but have individual ACLs. If there is no ACL entry for a subject at an object, rights are inherited from parent objects, restricted by an inheritance mask. Direct (user) and indirect (role, group) rights are accumulated. For each object type there is a default ACL on top of the normal hierarchy. Group management has been added in version 1.0.9a. A general goal of RSBAC design has been to some day reach (obsolete) Orange Book (TCSEC) B1 level. Now it is mostly targeting to be useful as secure and multi-purposed networked system, with special interest in firewalls. RSBAC Changes ------------- 1.1.1: - New target type FIFO, with a lot of cleanup, e.g. IPC type fifo removed - MAC module reworked, including MAC-Light option - Several bugfixes - Port to 2.4.0, 2.4.1 and 2.4.2 - New Makefiles with lists for 2.4 and without for 2.2 kernels (Thanks to Edward Brocklesby for samples) - init process default ACI now partly depends on root's ACI - Optional interception of sys_read and sys_write. Attention: you might have to add READ and WRITE rights to files, fifos, dirs and sockets first, if upgrading from an older version - REG overhaul. Now you can register syscallfunctions, everything is kept in unlimited lists instead of arrays and registering is versioned to allow for binary module shipping with REG version checks. - Inheritance is now fixed, except for MAC model - MAC: optional inheritance, new option Smart Inheritance that tries to avoid new attribute objects (see config help) - New soft mode option: all decisions and logging are performed, but DO_NOT_CARE is returned to enforcement. Off by default. See config help for details. - Optional initialization in extra rsbac_initd thread. . Rule Set Based Access Control (RSBAC) version 1.1.1 has been released. Information and downloads are. based, control, (rsbac), version, released, information, downloads. . LinuxSecurity.com Team
Mar 30, 2001
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More