Language Selection

English French German Italian Portuguese Spanish

Avoiding security blunders in Linux and IT infrastructures

Filed under
HowTos

When it comes to IT infrastructure security, there are things that IT managers just shouldn't do. This two-part tip is written for those who'd like to avoid making those mistakes. It covers four security areas that are either ignored or overlooked in IT infrastructure security, with a focus on securing Linux-based hosts.

In part one, I focus on problems with installations and the hard-perimeter, soft-center security approach. In part two, I look at common gaps in physical security and the problems caused by the "set-it-and-forget-it" mentality.

Installing more than you need

Using the default installation options during the installation of a Linux distribution can lead to the unnecessary installation of applications or services. This can include tools like X Window, Web browsers and email servers that may not be required on a host. These additional packages can provide services, tools and vulnerabilities that an attacker could exploit in order to compromise your host.

Part 1.

Part 2.

More in Tux Machines

Red Hat News

  • Building MySQL DBaaS on OpenStack And Ceph Clouds
    With a properly configured OpenStack deployment and Red Hat Ceph storage backend, DBaaS clients merely go to a self-service interface and request the number and configuration of databases they require. OpenStack dynamically provisions the required storage capacity from the appropriate Ceph storage pool. No more manual placement of these database instances on MySQL clusters of various shapes and sizes. This manual exercise was a bit like playing the old Tetris game, trying to fit new database instances into fixed-sized clusters, followed by moving or rearranging them to new clusters when they outgrew available capacity.
  • Now available: The Open Organization Leaders Manual
    Available now, The Open Organization Leaders Manual is a community-produced companion to Jim Whitehurst's The Open Organization. With contributions from more than 15 authors, it explores new attitudes and practices leaders should adopt when leveraging the power of transparecy, meritocracy, inclusivity, sharing, and collaboration to build the workplaces of the future.
  • Red Hat Inc (RHT) Stake Maintained by Verde Servicos Internacionais S.A.
  • National Pension Service Purchases 12,387 Shares of Red Hat Inc (RHT)

7 cool little open source projects that stood out in 2016

In the early days of the open source movement, a lot of the attention was on operating systems, and later on large content management systems. These days, containers are mentioned regularly even in mainstream news outlets. The big tech stories are great, but they miss the other great activity in the niches of the open source space. I've rounded up seven interesting lesser-known projects from the past year. You can see more articles about projects like this in my Nooks and Crannies column. Read more

RaspArch, the Arch Linux Remix for Raspberry Pi 3 SBCs, Now Shipping with Yaourt

After announcing the release of a new version of his Ubuntu-based ExTiX Linux operating system for Intel Compute Stick devices, Arne Exton has announced today the availability of RaspArch Build 161205. RaspArch is a remix of Arch Linux ARM for Raspberry Pi 3 and Raspberry Pi 2 single-board computers, and the latest release is shipping with the long-term supported Linux 4.4.35 kernel and the latest package versions released upstream as of December 5, 2016. "When you have installed RaspArch to your Micro SD Card you can use the system like any other Arch Linux system, i.e. install new programs, etc," said Arne Exton in the release announcement. "Arch motto is KISS (Keep It Simple Stupid). RaspArch uses kernel 4.4.35-1-ARCH and the LXDE Desktop environment." Read more

Gentoo-Based Porteus Kiosk 4.2 Released with Linux Kernel 4.4.36, Firefox 45.5.1

Porteus Solutions, through Tomasz Jokiel, announced today the release and immediate availability of Porteus Kiosk 4.2.0, the latest stable version of the free and open source Gentoo-based kiosk operating system for web terminals. Powered by the latest long-term supported Linux 4.4.36 kernel, Porteus Kiosk 4.2.0 ships with some of the latest and greatest GNU/Linux technologies and Open Source software projects, including the recently released X.Org Server 1.18.4 display server, as well as the Mozilla Firefox 45.5.1 ESR and Google Chrome 54.0.2840.100 web browsers. Read more