Splunk Search Query – Linux Systems Auditing

The auditing of the linux systems is achieved by using the auditd service that is provided by installing audit package. All the system audit log is generated and dumped to /var/log/audit/audit.log. All these audit.log is forwarded to Splunk indexer for indexing this data and then in turn leverage this data to audit the linux systems by using the Splunk search query. We

Read more

HTTP Security Header Not Detected

The following is the excerpt from Qualys Scan report: Vulnerability: HTTP Security Header Not DetectedQID: 11827 Reported on Port : 80/tcpTHREAT:This QID reports the absence of the following HTTP headers: X-Frame-OptionsX-XSS-ProtectionX-Content-Type-Options IMPACT:Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type sniffing attacks. SOLUTION:Depending on their server software, customers are advised to set

Read more

SSL Certificate – Server Public Key Too Small

Snippet of the vulnerability from the Qualys report. Vulnerability: SSL Certificate – Server Public Key Too SmallReported: On Port 443/tcp over SSLQID: 38171THREAT: An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server’s Certificate and extracts the Public Key in the Certificate to

Read more