Michael Boelen – WindowsTechs.com

The state of Linux security in 2017

Posted on December 21, 2017 by Michael Boelen

Linux security (2017 edition) The year is closing, so it is time to review Linux security. Like last year, we look at the state of Linux security. A collection of the finest moments. Did we forget something important? Let us know in the comments. … Continue reading The state of Linux security in 2017→

Troubleshooting a full /boot partition on Ubuntu

Posted on September 6, 2017 by Michael Boelen

A regular issue with systems running Ubuntu is that may fill up the /boot partition. After trying several options, we found a way to do this in three steps. And opposed to other solutions, there is no manual moving of files needed. The error: Unmet dep… Continue reading Troubleshooting a full /boot partition on Ubuntu→

Linux security myths

Posted on August 15, 2017 by Michael Boelen

Myth busting: Linux security As the author of Lynis, I have to run several Linux systems for testing Linux security defenses. And if you do something long enough, some get to see you as a Linux security expert. When that happens, you get asked question… Continue reading Linux security myths→

Postfix Hardening Guide for Security and Privacy

Posted on April 16, 2017 by Michael Boelen

Postfix Security and Privacy Postfix is one of the most used components on a server that needs to receive or send emails. With all its options available, it is easy to have a weak configuration. This security guide looks into Postfix hardening, to increase the defenses against spam, abuse, and leaking sensitive data. Time to start! Guide overview Why Postfix hardening Preparation Test the existing Postfix configuration Backup your Postfix configuration Find your Postfix version Hardening steps Basic hardening Disable VRFY […]

The post Postfix Hardening Guide for Security and Privacy appeared first on Linux Audit.

Continue reading Postfix Hardening Guide for Security and Privacy→

Vulnerable packages on FreeBSD: pkg audit

Posted on March 13, 2017 by Michael Boelen

Auditing FreeBSD with pkg audit FreeBSD is definitely another beast than Linux. In some areas, FreeBSD is really a powerful operating system. Package management is maybe not the first one you may think of. Typically FreeBSD users have two options when it comes to installing packages. Ports collection The ports tree allows the administration to build software they need, with the compilation flags he or she prefers. This makes the software optimized and typically the last versions are available. The downside […]

The post Vulnerable packages on FreeBSD: pkg audit appeared first on Linux Audit.

Continue reading Vulnerable packages on FreeBSD: pkg audit→

Troubleshooting guide for Lynis

Posted on February 23, 2017 by Michael Boelen

Troubleshooting Lynis This document helps with solving most common issues experienced when running Lynis. Lynis error: no hostid and/or hostid2 found Some systems do not have the OpenSSH server package installed. In this case, the hostid2 value may be … Continue reading Troubleshooting guide for Lynis→

Locking users after X failed login attempts with pam_tally2

Posted on February 19, 2017 by Michael Boelen

Using pam_tally2 on Linux Most Linux distributions use pluggable authentication modules (PAM). This modular type of configuration allows system administrators to configure and fine-tune the authentication of users. It also defines the behavior on speci… Continue reading Locking users after X failed login attempts with pam_tally2→

GDPR Compliance: Technical Requirements for Linux Systems

Posted on February 18, 2017 by Michael Boelen

GDPR for Linux systems What is GDPR? The General Data Protection Regulation is a regulation to protect data stored about individuals from the European Union. When speaking about stored data, it includes the handling of data at any given time, from entry to data deletion. One of the important parts is that individuals have the right to request the data stored about them and the right to get that data erased. You may know this from the “right to be forgotten” […]

The post GDPR Compliance: Technical Requirements for Linux Systems appeared first on Linux Audit.

Continue reading GDPR Compliance: Technical Requirements for Linux Systems→

How are auditd and Lynis different?

Posted on November 20, 2016 by Michael Boelen

Differences between auditd and Lynis Recently I received the question what the difference is between auditd and Lynis. Both focus on auditing, that part is clear. For someone not familiar with both software tools, the technical differences may not directly be obvious. Time to write about that, for everyone that has the same question. Comparing functionality Let’s start with a quick introduction in both tools. Audit daemon Auditd is the daemon process in the Linux Audit Framework, written and maintained by […]

The post How are auditd and Lynis different? appeared first on Linux Audit.

Continue reading How are auditd and Lynis different?→

Linux and ASLR: kernel/randomize_va_space

Posted on October 24, 2016 by Michael Boelen

Configuring ASLR with randomize_va_space The Linux kernel has a defense mechanism named address space layout randomization (ASLR). This setting is tunable with the randomize_va_space setting. Before making changes to this setting, it is good to underst… Continue reading Linux and ASLR: kernel/randomize_va_space→