Security

The Secure Shell (SSH) protocol allows remote login access and command execution on Linux systems. While extremely useful, SSH can also pose a security risk if not properly configured. By tweaking SSH server settings and hardening user accounts, administrators can dramatically improve the security posture of Linux machines against attacks. Limit Access Through SSH Configuration…

The X Window System (X11) allows graphical applications to securely display their interfaces on both local and remote machines over the network. However, improperly configured X11 connections can pose security risks by allowing unauthorized remote hosts to access and control local graphical sessions. Administrators can leverage tools like xhost and Xauthority to selectively grant, restrict,…

The Perils of Unquoted Braces Brace expansion in shell scripts refers to the process whereby curly braces=”{}” containing commas-separated strings are expanded into the individual strings. For example, echo {file1,file2} will expand to echo file1 file2. This can cause significant issues when used with unsafe variables in scripts. How unquoted braces enable unintended file globbing…

Code injection attacks take advantage of vulnerabilities in web applications to inject malicious code. This code gets executed by the application and allows the attacker to access resources or data that they should not have access to. Code injection can lead to data theft, corruption, or deletion. Some common examples include SQL injection, OS command…

The Dangers of Unfiltered User Input in -exec The -exec option in the find command allows users to execute other commands and scripts by passing arguments. However, this opens up find to command injection attacks if untrusted input is passed without sanitization. Attackers can inject malicious code into the arguments that gets executed with root…

Escaping Untrusted Inputs to Prevent Security Issues Why Escaping Untrusted Strings Matters Failing to properly escape untrusted strings can lead to injection attacks, where malicious input is interpreted as code or commands by an application. Real-world examples include SQL injection attacks that obtain unauthorized database access, cross-site scripting (XSS) vulnerabilities that execute scripts in a…

Defining Access Control Access control is a security technique that regulates which users or processes have the ability to access a system resource like a file, directory, or network service. The goals of access control are to prevent unauthorized access and malicious activity while enabling legitimate use. On Linux systems, access control policies are implemented…

Enhancing Filesystem Security Implementing finely tuned access controls, extending descriptive attributes, and leveraging encryption technologies can greatly improve the security posture of critical filesystems. Detailed access control lists enable administrators to specify customized read, write, and execute permissions on a user and group basis. Configuring descriptive attributes provides transparency into access attempts, ownership, and content…

Understanding Kernel Vulnerabilities The Linux kernel, as the core component of the Linux operating system, is susceptible to various types of vulnerabilities that can be exploited by attackers to gain unauthorized access or privileges. Common Linux kernel vulnerabilities include: Buffer overflows – Writing data past the end of a fixed-length buffer could allow overwriting adjacent…

Linux systems provide robust security capabilities out of the box, but additional hardening is required to protect against sophisticated attacks. This article outlines practical steps to analyze risks, harden configurations, monitor systems, and maintain strong defenses over time. Assessing Your Risks Understanding security risks allows rational prioritization of defenses. Start by methodically cataloging vulnerabilities, mapping…