http://novalug.com/SIG/LinuxSecurity A Linux security oriented site. Sat, 13 Oct 2007 17:17:43 +0000 http://backend.userland.com/rss092 en This breach and patch cycle brings to light an interesting issue in maintaining a secure setup. The security alert(a XSS vulnerability) was publicly issued on October 3rd, and the Ubuntu patch was pushed out on the 12th(it may take a day or two for you to see it). ... http://novalug.com/SIG/LinuxSecurity/2007/10/13/linux-windows-hp-printing-services-vulnerability-patched/ It's important to remember that dynamic web site frameworks, Javascript web page widgets and the like are a wholly independent security layer that has to be maintained. Even if you Linux server is secure and up to date, your website may still be vulnerable to attack. This "web ... http://novalug.com/SIG/LinuxSecurity/2007/09/08/wordpress-security-alert/ Ubuntu = http://www.ubuntu.com/usn/ SuSE = http://www.novell.com/linux/security/securitysupport.html Red Hat = http://www.redhat.com/errata/ Debian = http://www.debian.org/security/ Gentoo = http://www.gentoo.org/security/en/glsa/index.xml Slackware = http://www.slackware.com/security/ Mandriva = http://www.mandriva.com/security/ I attempted to find the Sabayon security announcements page, but could not locate it. Several other distributions also lack security pages(such as CentOS which does have ... http://novalug.com/SIG/LinuxSecurity/2007/09/08/where-to-find-linux-distribution-specific-security-announcements/ Linux.com has a good introductory article on using Bastille to help harden a Linux box.  Which reminds me that I intended to do a step by step walk through of several different server hardening configurations on the NOVALUG wiki for Bastille.  Which of course will be done someday, and will ... http://novalug.com/SIG/LinuxSecurity/2007/08/31/hardening-a-linux-system-with-bastille/ I ran across this article on Slashdot, that an admin wrote about investigating a compromised Ubuntu server.  The article is well written making for a good read, and a fairly good job at investigating the compromised machine. Of course this type of forensics is probably more the arena of law enforcement ... http://novalug.com/SIG/LinuxSecurity/2007/08/24/an-excellent-posthumis-analysis-of-a-compromised-linux-server/ This alert is intended to help keep you up to date on some of the more important remote security vulnerabilities in Linux and common applications that run on Linux. Because of the open nature of the OS and applications this is a summary only, minor vulnerabilities and local vulnerabilities ... http://novalug.com/SIG/LinuxSecurity/2007/08/22/security-alerts-08222007/ I did a brief writeup of the Python deamon "DenyHosts" on the NOVALUG wiki. It will be one of many tools and techniques I think I'll write up in the wiki. While the wiki article serves as part of an overall step by step guide to running your ... http://novalug.com/SIG/LinuxSecurity/2007/08/15/using-denyhosts-as-a-defense-against-remote-brute-force-cracking/ This Special Interest Group's sole purpose is to help improve the level of security consciousness throughout the whole Linux using community of Northern Virginia. To this extent we will have presentations and workshops on security specifically in how it relates to Linux. http://novalug.com/SIG/LinuxSecurity/2007/08/07/welcome-to-the-linux-security-special-interest-group/