Aureport – linux tool for audit reporting of linux systems

Audit daemon(auditd) is the userspace component that runs on linux systems which will keep track of audit records by writing all the events to /var/log/audit/audit.log It would consult the audit rules configured in /etc/audit/audit.rules for what needs to be monitored and tracked such as file access, command runs, systemcalls executions etc Since, there is huge amount of events that are

Read more

Splunk Search Query – Linux Systems Auditing

The auditing of the linux systems is achieved by using the auditd service that is provided by installing audit package. All the system audit log is generated and dumped to /var/log/audit/audit.log. All these audit.log is forwarded to Splunk indexer for indexing this data and then in turn leverage this data to audit the linux systems by using the Splunk search query. We

Read more

HTTP Security Header Not Detected

The following is the excerpt from Qualys Scan report: Vulnerability: HTTP Security Header Not DetectedQID: 11827 Reported on Port : 80/tcpTHREAT:This QID reports the absence of the following HTTP headers: X-Frame-OptionsX-XSS-ProtectionX-Content-Type-Options IMPACT:Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type sniffing attacks. SOLUTION:Depending on their server software, customers are advised to set

Read more

SSL Certificate – Server Public Key Too Small

Snippet of the vulnerability from the Qualys report. Vulnerability: SSL Certificate – Server Public Key Too SmallReported: On Port 443/tcp over SSLQID: 38171THREAT: An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server’s Certificate and extracts the Public Key in the Certificate to

Read more

SSL Session caching in Apache HTTP Webserver

In this section, we will be looking at couple of stuffs as below : Is SSL Session Caching configured for Apache HTTP Webserver Testing SSL Session Caching (SSL session resumption) Before we start over, lets have a basic understanding of what is SSL session caching and its significance. SSL Session Caching (Session Resumption): It is a performance optimization mechanism that

Read more

SSH Server Public Key Too Small

We will look at one more interesting SSH vulnerability reported by Qualys scanner appliance on RHEL6 servers. This one is classified as Confirmed Severity 2 (Medium) vulnerability level with PCI Vulnerable. Below is the vulnerability details from scan report Vulnerability: SSH Server Public Key Too SmallQID: 38738Category: General remote services PCI Vuln: YesTHREAT: The SSH protocol (Secure Shell) is a

Read more

Deprecated SSH Cryptographic Settings

Our security scanner Qualys reported the vulnerability “Deprecated SSH Cryptographic Settings” across RHEL6 & RHEL7 fleet servers. The scan report provided description of the threat posed by the vulnerability, recommendation for correcting the problem and the result which shows how Qualys verified the vulnerability. Vulnerability : Deprecated SSH Cryptographic SettingsQID: 38739THREAT: The SSH protocol (Secure Shell) is a method for

Read more

Linux System Call Error Codes

In computing, a system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on. A system call is a way for programs to interact with the operating system. A computer program makes a system call when it makes a request to the operating system’s kernel. System

Read more
1 2