Language Selection

English French German Italian Portuguese Spanish

Linux Journal

Syndicate content
Updated: 1 hour 22 min ago

Privacy-focused Linux Distributions to Secure Your Online Presence in 2021

5 hours 21 min ago
by Suparna Ganguly

Linux distros are usually more secure than their Windows and Mac counterparts. Linux Operating Systems being open-source leaves very less scope of unauthorized access to its core. However, with the advancement of technologies, incidents of attacks are not rare.

Are you in a fix with the coming reports of Linux systems targeted malware attacks? Worried about your online presence? Then maybe it’s time to go for a secure, privacy-focused Linux distro. This article presents a guide to 3 privacy-oriented Linux distributions that respect your privacy online.

Why You Need a Privacy-focused Linux Distro

But before jumping into that, let’s have a brief overview regarding the importance of a secure Linux Operating System. You may know that the Operating System is the core software of your computer. It helps maintain communication across all the hardware, software, memory, and processor of the system. It also manages the hardware parts.

If your computer isn’t secure enough to use, then hackers can get easy access to the OS and can exploit it to view your files and track your presence on the internet. Privacy-focused Linux distributions offer a lot of good choices packed with the most reliable features to select from.

5 Privacy-focused Linux Distributions

Now let’s take a look at the most privacy-focused Linux distros that allow staying secure.

Septor Linux

Septor Linux is an OS created by the project called Serbian Linux. Serbian Linux also produces Serbian language-based general general-purpose Linux distribution. Septor implements the KDE Plasma desktop environment and is a newcomer among all other distros.

The Septor operating system offers a stable and reliable user experience. It’s suitable for a vast range of computers because it is built upon Debian GNU/Linux. So, a solid privacy level is what you can expect. The distro routes all of the internet traffic through Tor network to earn privacy credentials. The distro used to use a launcher script to pick up the latest Tor, however, now Tor comes in bundles with it by default.

Go to Full Article

A Guide to 5 Fair Selections of Open Source Ticketing Tools for Linux

Wednesday 15th of September 2021 04:00:00 PM
by Suparna Ganguly

Are you in search of open-source ticketing tools for Linux? Well, this article brings a guide to 5 fair selections of open source ticketing software to provide uninterrupted customer support.

Why You Need Ticketing Tools

A customer trouble ticketing (help desk) is an assistance resource to solve a customer query. Companies often provide customer support using email, website, and/or telephone. The importance of ticketing software is a crucial part for any business to be successful.

Your business can’t run properly without a satisfied client base. Increased customer retention is what businesses need. Right ticketing tools help ensure the best customer service for any business. 

Linux makes sure enterprises get the best possible customer service software for their businesses to have sustainable growth. Because a powerful set of ticketing software provides undivided support that the businesses deserve.

5 Best Ticketing Tools for Linux

This section takes you through 5 different ticketing software to be downloaded on Linux and why you should use them. So let’s begin!

osTicket

For all the newly started businesses, osTicket would be a viable open source ticketing tool. It’s a lightweight and efficient support ticket software used by a good number of companies. If you run an enterprise or a non-profit and are not ready for paid ticketing tools just yet, osTicket is a must-try.

osTicket provides a simple and intuitive web interface to integrate customer queries via phone, email, and web forms. Worried of spam emails? osTicket helps reduce spam enabling captcha filling and auto-refreshing techniques.

You can work on a priority basis through this ticketing tool and get the issues solved in the lowest possible time.

PHD Help Desk

PHD Help Desk is a PHP+Javascript+MySQL-based open source ticketing tool and is used in the registry. PHD helps follow-up incidents in an organization. PHD has a user base all across the world. The latest version of the PHD Help Desk is 2.12.

This ticketing tool works in various ways. Using PHD, incidents can be classified and registered into multiple levels, such as the state of incident, type, sub-type, priority, description of Incident, historical factors, to name a few. 

The database is consulted in a particular format depending on the user requirements. The data is then processed on a tallying sheet. Some of the advanced features of PHD Help Desk are the ability to export tickets into excel format, a PHPMailer Library to configure emails, and new password creation.

Go to Full Article

In Search of Linux Laptops? Check these 6 Places to Get Your Laptop in 2021

Wednesday 8th of September 2021 04:00:00 PM
by Suparna Ganguly

Are you in search of Linux laptops? This article takes you through 6 different places that offer the best Linux laptops. So get prepared to choose your Linux laptop in 2021.

Dell

When it comes to laptops, the first name that comes to my mind is Dell. For over 20 years Dell has been selling high-end Linux laptops. In a Dell store, you can get Ubuntu and Redhat Enterprise Linux laptops. These laptops are built to meet the needs of developers, businesses, and sysadmins.

For developers, who travel a lot, XPS 13 Developer Edition would be the confirmed best choice. Dell XPS comes at an expensive cost of around $1,000. So, if you’re in search of something less expensive, you can check Dell Inspiron laptops. Dell’s Precision workstations with RHEL or Ubuntu are designed for small business owners or CG professionals.

Side Note: Dell doesn’t have a separate section for Linux laptops. Type Ubuntu in the search to get a view of all its laptops with Linux preinstalled.

Slimbook

Slimbook is well known for its thin, rigid, and light durable laptops starting at a reasonable price of €930 (approx $1,075). These come with a nice screen, solid battery life, powerful CPU, and very good speakers.

This brand is from Spain. Slimbook came ahead of its competitors launching the first KDE laptops.

Slimbook brings laptops with a good variety of popular Linux distros, such as KDE Neon, Ubuntu, Ubuntu MATE, Linux Mint, Kubuntu. Additionally, their laptops have two Spanish Linux distros – Max and Lliurex. You can choose Windows OS as well with their laptops, but for that, additional costs are there.

Slimbook offers desktop systems too. So, if you ever need desktops, check it here

System76 

System76’s Linux laptops are very well built, powerful, and extremely portable. If you are a software developer, you travel a lot, and you’re in search of a laptop with 32G RAM and 1T SSD, then go for System76.

System76 laptops used to be Ubuntu-powered, initially. Later on, in 2017, this US-based company released their own Linux distro, called the Pop! OS. Pop OS is designed using Ubuntu. After that, Pop became the default OS with Ubuntu being still available.

Go to Full Article

Q&A trip to Linux’s Black Hole - /dev/null

Tuesday 7th of September 2021 04:00:00 PM
by Nawaz Abbasi

As per NASA, “A black hole is a place in space where gravity pulls so much that even light can not get out”. Something similar exists in the Linux universe as well - it discards anything written to it and when read, just returns an EOF (end-of-file). It’s a special file which is also referred to as null device - /dev/null

So, it’s just a file?

Yes and most of the things in Linux is a file but /dev/null is not a regular file – lets dig deeper.

c in crw-rw-rw- tells us that it's a character special file, which means it processes data character by character. This can be checked using test -c as well:

What are the contents of the file?

Let’s check that using the cat command:

As stated earlier, it just returns an EOF (end-of-file) when read. So, it's empty!

What more can we know about the file?

Let’s find out using the stat command:

This tells us that its size is 0. Also, it’s good to note that the file’s read and write permission is enabled for everyone but it doesn't require execute permission. 

What happens to the file’s size when we write data to it?

Let’s try that:

The cat command returned nothing and as per the stat command, its size did not change.

As stated earlier, it discards anything written to it. You may write any amount of data to it, which will be immediately discarded, so its size will always remain 0 – Singularity?

In other words, you cannot change /dev/null

Go to Full Article

Download These 7 Cool Apps on Your Linux Machine to Make Life Easier

Wednesday 1st of September 2021 04:00:00 PM
by Suparna Ganguly

Not only the Linux distros are open-source but the apps for Linux are also free. Though some business apps come with a cost, most of the apps created for individuals don’t have any charges.

Want to know about some of the cool apps to download on your Linux machine?

This article walks you through 7 apps to download on Linux to make your life easier. Head over to the next section!  

Ulauncher

Before downloading any other application on Linux, we recommend getting Ulauncher. That’s because you can launch any application via Ulauncher just by using the keyboard.

Try adding Ulaucher extensions to get the most of this app inspired by Alfred for Mac. You can extend capabilities with the extensions, such as looking up dictionary definitions, launching web searches, finding and copying emojis to a clipboard, and lots more.

Ulaucher runs smoothly and allows searching files and apps using hotkeys. Ulaucher features include built-in themes, customizable shortcuts, Fuzzy search, a wide variety of plugins, searching on Google, Stack Overflow, and Wikipedia.

Thunderbird

Thunderbird by Mozilla is an open-source email client. Some Linux distros offer Thunderbird installed. If it’s not, hop onto your App Center or Software Center and get it installed. You can download the app from their website as well.

The setup wizard guides you through the process of creating your own email address. Thunderbird provides email settings for most of the common email application providers. So, an existing email account can be added too. Attach multiple email accounts as per your needs.

Want to make Thunderbird look cool? Add-ons, such as themes, Lightning extension, sorting out Mail folders, are some of the features to try out.

Steam

Looking for gaming clients on Linux? Use Steam from Valve. Steam is, admittedly, the best games distribution store for top OSs like Linux.

From Shadow of the Tomb Raider to DiRT 4, and from DOTA 2 to Warhammer – Steam boasts many thousands of indie hits, retro-flavored, and AAA titled games for Linux

Go to Full Article

Improve The CrowdSec Multi-Server Installation With HTTPS Between Agents

Tuesday 31st of August 2021 04:00:00 PM
by Manuel Sabban Prerequisites

This article is a follow-up from the Crowdsec multi-server setup. It applies to a configuration with at least two servers (referred to as server-1 and one of server-2 or server-3).

Goals

To address security issues posed by clear http communication in our previous crowdsec multi-server installation, we propose solutions to achieve communication between Crowdsec agents over encrypted channels. On top of that, the third solution allows server-2 or server-3 to trust server-1 identity, and avoid man-in -the -middle attacks.

Using self-signed certificates Create the certificate

First we have to create a certificate. This can be achieved with the following one-liner.

openssl req -x509 -newkey rsa:4096 -keyout encrypted-key.pem -out cert.pem -days 365 -addext "subjectAltName = IP:172.31.100.242"

For now crowdsec is not able to ask for the passphrase of the private key when starting.  Thus we have the choice to decipher by hand the private key each time we start or reload crowdsec or store the key unencrypted. In any way to strip the passphrase one can do:

openssl rsa -in encrypted-key.pem -out key.pem

Then, the unencrypted key file can be safely deleted after Crowdsec is started.

Configure crowdsec for using a self-signed certificate

On server-1 we have to tell crowdsec to use the generated certificate. Hence, the  tls.cert_file and tls.key_file option in the api.server section of the following /etc/crowdec/config.yaml excerpt set to the generated certificate file.

api: server: log_level: info listen_uri: 10.0.0.1:8080 profiles_path: /etc/crowdsec/profiles.yaml online_client: # Crowdsec API credentials (to push signals and receive bad tls: cert_file: /etc/crowdsec/ssl/cert.pem key_file: /etc/crowdsec/ssl/key.pem

On the client side configuration changes happen in two files. First we have to modify /etc/crowdec/config.yaml to accept self-signed certificates by setting the insecure_skip_verify to true.

We have to change http for https in the  /etc/crowdsec/local_api_credentials.yaml file too in order to reflect the changes. This small change has to be done on all three servers (server-1, server-2 and server-3).

Go to Full Article

Experimenting with Python implementation of Host Identity Protocol

Thursday 26th of August 2021 04:00:00 PM
by Dmitriy Kuptsov INTRODUCTION

Sometimes it is easier to implement prototypes in user space using high-level languages, such as Python or Java. In this document we attempt to describe our implementation effort related to Host Identity Protocol version 2. In the first part, we describe various security solutions, then we discuss some implementation details of the HIP protocol, and finally, in the last part of this work we discuss the performance of the HIP and IPSec protocols implemented using Python language.

BACKGROUND

In this section we will describe the basic background. First, we will discuss the problem of mobile Internet and introduce the Host Identity Protocol. We then move to the discussion of various security protocols. We will conclude the section with the discussion of Elliptic Curves and a variant of DiffieHellman algorithm, which uses EC cryptography (ECC).

Dual role of IP

Internet was designed initially so that the Internet Protocol (IP) address is playing dual role: it is the locator, so that the routers can find the recipient of a message, and it is an identifier, so that the upper layer protocols (such as TCP and UDP) can make bindings (for example, transport layer sockets use IP addresses and ports to make a connections). This becomes a problem when a networked device roams from one network to another, and so the IP address changes, leading to failures in upper layer connections. The other problem is establishment of the authenticated channel between the communicating parties. In practice, when making connections, long term identities of the parties are not verified. Of course, there are solutions such as SSL which can readily solve the problem at hand. However, SSL is suitable only for TCP connections and most of the time practical use cases include only secure web surfing and establishment of VPN tunnels. Host Identity Protocol on the other hand is more flexible: it allows peers to create authenticated secure channels on the network layer, and so all upper layer protocols can benefit from such channels.

HIP13 relies on the 4-way handshake to establish an authenticated session. During the handshake, the peers authenticate each other using long-term public keys and derive session keys using Diffie-Hellman or Elliptic Curve (EC) Diffie-Hellman algorithms. To combat the denial-of-service attacks, HIP also introduces computational puzzles.

Go to Full Article

Gaming Time? Top 3 VR Games Available on Linux

Wednesday 25th of August 2021 04:00:00 PM
by Suparna Ganguly

It’s possible to deep dive into the virtual reality gaming world on your Linux system. Want to explore VR games on Linux? This article takes you through the top 3 VR games available on Linux.

Ready to get amazed? Let’s start.

What are VR Games?

VR games are the new-gen computer games enabled with virtual reality, in short, VR technology. It gives players a first-person perspective of all the gaming actions. As a participant, you can enjoy the gaming environment through your VR gaming devices, such as hand controllers, VR headsets, sensor-equipped gloves, and others.

VR games are played on gaming consoles, standalone systems, powerful laptops, and PCs compatible with VR headsets including HTC Vive, Oculus Rift, HP Reverb G2, Valve Index, and others.

Now, a little brief about VR technology. By now, you know that VR is an abbreviation of Virtual Reality. This is, basically, a computer-generated simulation where the player controls its generated objects through the limb and facial movements in a three-dimensional environment. This environment is interacted with through special equipment, like clothing having touch simulating pressure nodes and enclosed glasses with screens in front, instead of lenses.

A lot of VR objects are usable as they are in reality and the gaming developers are making the VR universe more and more immersive with each passing day.

How to Get VR Games on Linux

The Steam store seems to be the best way to get VR games on your system. Good news: you don’t need to worry about installing all the modules and software to run the game smoothly. Steam client is ready to take all the worries. So, get a Steam account by downloading the client from Steam’s site.

Back in 2019, it was reported that VR Linux desktops are around the corner. What about now? Xrdesktop is here for you. Xrdesktop is free to use. It lets you work with the common desktop environments, like GNOME and KDE.

The SimulaVR is a similar open-source project to check out.

Top 3 VR Games Available on Linux

Now the fun part: In this section, we’ll share the best 5 VR games to play on Linux in your gaming time.

Go to Full Article

How to Check Battery Status Using Linux Command Line

Wednesday 18th of August 2021 04:00:00 PM
by Suparna Ganguly

Checking the battery status through GUI is easy. Hovering the mouse cursor over the battery indicator given in the Laptop task bar simply shows the battery level. But, did you know you can find the battery status through the Linux command line as well?

Yes, there are some utilities in Linux that can be of help in this regard.

This article explains 4 different methods of checking laptop battery status using the Linux command line. So,

Why Do You Need to Check Battery Status?

So, why do you need to check the battery status? Knowing laptop battery health on a monthly basis is a good practice. It’ll inform you about any issues your computer might have related to charging or battery life. You can get alerted earlier and take the measures required, such as charging or altering batteries.

When your PC is not active, the power management feature levels down its components to a low-power state. And also turns off the power. 

Similarly, knowing the power source, battery model name, the technology used, vendors, etc helps operate your devices better and keep work going without any hassles.

How to Check Battery Status Using Linux Command Line

Follow the methods mentioned below to check battery status using the Linux command line. Check Battery Status with “upower” CommandThe command produces output 

Check Battery Status with upower Command

The upower command-line tool helps extract information related to the power source (batteries). It provides an interface to list down all the power sources of your PC or laptop.

Options Used with the upower Command

  • –monitor: You can print a line each time a battery or power source is added by connecting –monitor to upower. It also produces outputs while the power sources are removed or changed.

  • –monitor-detail: This option prints the full power source detail whenever an event occurs.

 

Syntax

upower -i /org/freedesktop/UPower/devices/battery_BAT0 upower -i `upower -e | grep 'BAT'` upower -i $(upower -e | grep BAT) | grep --color=never -E "state|to\ full|to\ empty|percentage"

The above are three different ways of using acpi command to find power source information.

Use cat and find

The “cat” and “find” commands also help find details about your battery and power source.

Syntax

For the battery capacity, the syntax would be:

cat /sys/class/power_supply/BAT0/capacity

For more detailed battery information use the find command.

Go to Full Article

How to Decrease Video Sizes Using FFmpeg in Linux

Wednesday 11th of August 2021 04:00:00 PM
by Suparna Ganguly

Decreasing video sizes becomes necessary when space is limited in cloud services, disks, or personal storage drives. You can easily hold onto larger files by chopping them down to a lower size.

The world of open-source video editing tools is huge. So, choosing one can be tricky. This article explains how you can efficiently decrease video sizes using FFmpeg in Linux.

What is FFmpeg?

So, what is FFmpeg? FFmpeg is a free and open-source command-line utility used in handling audio, video, other multimedia files, and streams in Linux. It has widespread use in video scaling, format transcoding, basic editing, standards compliance, and video post-production effects.

It can create GIFs, edit videos, and record also. You can convert videos at up to a minuscule level while maintaining the quality to a great extent. 

MPEG video standards group brought inspiration in defining the name of this media handling software project, while “FF” stands for “Fast Forward”. FFmpeg functions as a backbone of several software projects and renowned media players – YouTube, Blender, VLC, and iTunes, to name a few.

How to Install FFmpeg

Want to get hands-on with it? Let’s install FFmpeg.

Basically, you have to use the following codes for Ubuntu, Arch Linux, and Fedora respectively.

# Debian/Ubuntu sudo apt-get install ffmpeg # Arch Linux sudo pacman -S ffmpeg #REHL/CentOS/Fedora sudo dnf install ffmpeg sudo rpm install ffmpeg sudo yum install ffmpeg

 

And FFmpeg will be in your Linux distro.

Basic Usage of FFmpeg

To convert a media file using the default settings of FFmpeg, type:

ffmpeg -i inputfile.video outputfile.video

The above command will change the specified format into the output format given. 

How to Decrease Video Sizes Using FFmpeg

Going to the basics: Not all video files are created following the same procedure. Hence, file sizes tend to be different. For example, the avi video file extensions are larger than mp4 files.

Takeaway? The smallest mp4 file of a video will be smaller than the smallest avi file of the same video. However, the quality will vary with each of these varied file sizes. Mp4s are not the smallest size you can expect. Various containers for Windows media videos and flash videos (FLV and WMV) are the winners.

Go to Full Article

How to Replace a Variable in a File Using SED

Wednesday 4th of August 2021 04:00:00 PM
by Suparna Ganguly

Want to know the tricks of replacing a variable in a file using the SED command?

This article will give you an overview of replacing a variable value in a file using SED. Before replacing a variable in a file using SED, you need to understand what SED is, the syntax of SED, and how SED works.

I’ll also show how to perform delete operations using SED. This will come after the variable value replacement part. If you’re looking for that, you can directly jump onto that, and skip the rest.

So, let’s begin the guide.

 

What is SED?

So, what is  SED?

SED command in Linux stands for Stream Editor. It performs searching, insertion, find and replace, deletion. In the Linux world, SED is mainly popular for its find and replace functionality.

With the help of SED, coders can edit files without even opening them.

In a nutshell,

  • SED is a text stream editor. It can be used to do find and replace, insertion, and delete operations in Linux.

  • You can modify the files as per your requirements without having to open them.

  • SED is also capable of performing complex pattern matching.

  Syntax of SED

Here we’ll see the syntax of SED used in a simple string replacement. This will help understand the command better.

So the syntax is:

sed -i 's/old-string/new-string/g' file_name   How SED Works

In the syntax, you only need to provide a suitable “new string” name that you want to be placed with the “old string”. Of course, the old string name needs to be entered as well.

Then, provide the file name in the place of “file_name” from where the old string will be found and replaced.

Here’s a quick example to clear the concept.

Suppose, we have a random text “Welcome to Linux Channel” in a text file called “file.txt”.

Now, we want to replace “Channel” with “Family”. How can we do that?

First, write the below-given command in the terminal to create the file.

cat file.txt

Press enter, then type:

Welcome to Linux Channel

Let’s alter “Channel” with “Family” now. So, go to the next line, and type:

sed -i 's/Channel/Family/g' file.txt

After running the command, to view the file again, type:

cat file.txt

You’ll see “Channel” has been replaced with “Family”. In this way, you can replace a string using the SED command. Let’s learn how to replace a variable using SED, now.

Go to Full Article

How to Create a Shell Script in Linux

Wednesday 28th of July 2021 04:00:00 PM
by Suparna Ganguly

Do you want to create a Shell script in your Linux system?

This guide will take you through how to create a shell script using multiple text editors, how to add comments, and how to use Shell variables.

But before heading over to creating a shell script, let’s understand what Shell scripting in Linux is.

What is Shell Scripting in Linux?

So, what’s Shell scripting?

Shell Scripting is defined as an open-source program that’s run by Linux or Unix shell. Through shell scripting, you can write commands to be executed by the shell.

Lengthy and repetitive commands are usually combined into a simple command script. You can store this script and execute it whenever needed. 

Shell scripting in Linux makes programming effortless.

Ways of Creating a Simple Shell Script in Linux

Creating a simple shell script in Linux is very easy. You can do that using multiple text editors. This tutorial will show how to create a shell script with two different methods, such as 1) using the default text editor, and 2) Using the Vim text editor tool.

Method 1: Using the Default Text Editor

To create a shell script using the default text editor, just follow the steps given below.

Step 1: Create a text file having a “.sh” extension. Then type a simple script.

Step 2: Now don’t change the directory. And open the terminal. Using the command below, give executable access to the file created.

chmod +x testing.sh

Step 3: Execute the below-given script in the terminal:

./testing.sh

This was a simple technique of creating a shell script in Linux using the default editor. Now, let’s look at the next method.

Method 2: Using the Vim Text Editor Tool

Vim text editor tool is a tool that helps create a shell script in a Linux system. In case you don’t have it already installed, use the command to install Vim:

sudo apt install vim

Now follow the steps for creating a shell script using the tool.

Step 1: For opening the editor, simply type:

vim

Step 2: Once you’re in, open the terminal. Then create a bash file via:

vi testing.sh

After the execution of the command, the editor will appear as below.

Go to Full Article

SQLite Extraction of Oracle Tables Tools, Methods and Pitfalls

Tuesday 20th of July 2021 04:00:00 PM
by Charles Fisher Introduction

The SQLite database is a wildly successful and ubiquitous software package that is mostly unknown to the larger IT community. Designed and coded by Dr. Richard Hipp, the third major revision of SQLite serves many users in market segments with critical requirements for software quality, which SQLite has met with compliance to the DO-178B avionics standard. In addition to a strong presence in aerospace and automotive, most major operating system vendors (including Oracle, Microsoft, Apple, Google, and RedHat) include SQLite as a core OS component.

There are a few eccentricities that may trip up users from other RDBMS environments. SQLite is known as a “flexibly-typed” database, unlike Oracle which rigidly enforces columnar datatypes; character values can be inserted into SQLite columns that are declared integer without error (although check constraints can strengthen SQLite type rigidity, if desired). While many concurrent processes are allowed to read from a SQLite database, only one process is allowed write privilege at any time (applications requiring concurrent writers should tread carefully with SQLite). There is no network interface, and all connections are made through a filesystem; SQLite does not implement a client-server model. There is no “point in time recovery,” and backup operations are basically an Oracle 7-style ALTER DATAFILE BEGIN BACKUP that makes a transaction-consistent copy of the whole database. GRANT and REVOKE are not implemented in SQLite, which uses filesystem permissions for all access control. There are no background processes, and newly-connecting clients may find themselves delayed and responsible for transaction recovery, statistics collection, or other administrative functions that are quietly performed in the background in this “zero-administration database.” Some history and architecture of SQLite can be found in audio and video records of Dr. Hipp's discussions.

Go to Full Article

Vulnerability Detection and Patching: A Survey Of The Enterprise Environment

Tuesday 8th of June 2021 11:00:00 PM
by Joao Correia

Detecting vulnerabilities and managing the associated patching is challenging even in a small-scale Linux environment. Scale things up and the challenge becomes almost unsurmountable. There are approaches that help, but these approaches are unevenly applied.

In our survey, State of Enterprise Vulnerability Detection and Patch Management, we set out to investigate how large organizations handle the dual, linked security concerns of vulnerability detection and patch management.

The results produced interesting insights into the tools that organizations depend on to effectively deal with vulnerability and patch management at scale, how these tools are used, and which restrictions organizations face in their battle against threat actors. Download the copy of the report here.

Vulnerability management is an enterprise responsibility

Before we dive into the results of our survey, let’s take a quick look at why vulnerability management operations matter so much in large organizations.

Vulnerabilities are widespread and a major cybersecurity headache. In fact, vulnerabilities are such a critical problem that laws and regulations are in place to ensure that covered organizations adequately perform vulnerability management tasks – because the failure to do so can hurt a company’s customers.

Each industry has different rules that apply to it – with organizations that handle personal data such as healthcare records and financial service firms operating under the strictest rules. It has an impact on day-to-day vulnerability management operations – some organizations must act much faster and more thoroughly than others.

This is one of the points we explored in the survey, trying to understand how different industry compliance requirements affect vulnerability operations on the ground.

The survey

Early in 2021, we kicked off a survey with the intention to study three key factors in vulnerability and patch management operations. We examined patch deployment practices, how maintenance windows are handled, and tried to get a view into the overall level of security awareness of the organizations that responded.

The survey was advertised publicly to IT professionals around the world and it continues to run, even though we have published the initial results.

Go to Full Article

More in Tux Machines

Kernel: Google, Xen, and Mesa

  • Google Finally Shifting To "Upstream First" Linux Kernel Approach For Android Features

    Google's Android had been notorious for all of its downstream patches carried by the mobile operating system as well as various vendor/device kernel trees while in recent years more of that code has been upstreamed. Google has also been shifting to the Android Generic Kernel Image (GKI) as the basis for all their product kernels to further reduce the fragmentation. Looking ahead, Google is now talking of an "upstream first" approach for pushing new kernel features. Google's Todd Kjos talked today during Linux Plumbers Conference (LPC2021) around their Generic Kernel Image initiative. With Android 12 and their Linux 5.10 based GKI image they have further cut down the fragmentation to the extent that it's "nearly eliminated". With the Android 12 GKI, most of the vendor/OEM kernel features have now either been upstreamed into the Linux kernel, isolated to vendor modules/hooks, or merged into the Android Common Kernel.

  • Google Finally Shifting To 'Upstream First' Linux Kernel Approach For Android Feature
  • Clang-format for Xen Coding Style Checking Scheduled - Xen Project

    At the moment there is no tool that would allow to format patches in Xen. The idea of Xen-checker is to use the clang-format approach as a base for Xen ‘checkpatch’ process. The new tool consists of modified .clang-format configuration file to automate Xen patches format checking and reformatting. The tool can be used as a pre-commit hook to check and format every patch automatically. Some features are missing in the clang configurator, so new clang-format options have been proposed for more flexible code formatting. Also, the purpose of the topic is to start the discussion about the existing rules for Xen code formatting to eliminate possible inaccuracies in the work of the Xen checker. This will make it easier to adhere to the unanimous decision.

  • Mesa Merge Pending For Vulkan Ray-Tracing On Older AMD GPUs - Phoronix

    Merged yesterday for Mesa 21.3 was open-source Vulkan ray-tracing for AMD RDNA2 / RX 6000 series GPUs with the RADV driver. Opened today now is a merge request that would provide Vulkan ray-tracing with RADV to pre-RDNA2 GPUs on this driver going back to the likes of Polaris, granted the performance is another story. Joshua Ashton known for his work on DXVK and other Direct3D-on-Vulkan efforts for Valve has opened the merge request to enable RADV Vulkan ray-tracing for older generations of AMD GPUs.

Astro Pi Mk II, the New Raspberry Pi Hardware Headed to the Space Station

While Izzy and Ed are still going strong, the ESA has decided it’s about time these veteran Raspberries finally get the retirement they’re due. Set to make the journey to the ISS in December aboard a SpaceX Cargo Dragon, the new Astro Pi MK II hardware looks quite similar to the original 2015 version at first glance. But a peek inside its 6063-grade aluminium flight case reveals plenty of new and improved gear, including a Raspberry Pi 4 Model B with 8 GB RAM. The beefier hardware will no doubt be appreciated by students looking to push the envelope. While the majority of Python programs submitted to the Astro Pi program did little more than poll the current reading from the unit’s temperature or humidity sensors and scroll messages for the astronauts on the Astro Pi’s LED matrix, some of the more advanced projects were aimed at performing legitimate space research. From using the onboard camera to image the Earth and make weather predictions to attempting to map the planet’s magnetic field, code submitted from teams of older students will certainly benefit from the improved computational performance and expanded RAM of the newest Pi. As with the original Astro Pi, the ESA and the Raspberry Pi Foundation have shared plenty of technical details about these space-rated Linux boxes. After all, students are expected to develop and test their code on essentially the same hardware down here on Earth before it gets beamed up to the orbiting computers. So let’s take a quick look at the new hardware inside Astro Pi MK II, and what sort of research it should enable for students in 2022 and beyond. Read more

Debian: EasyOS, Rust, TeX Live 2021

  • nodejs compiled in OpenEmbedded

    I posted a couple of days ago about another attempt to compile Chromium. Learnt a lot from that. One thing, is that need the 'nodejs' package in the host OS.

  • Ian Jackson: Tricky compatibility issue - Rust's io::ErrorKind

    This post is about some changes recently made to Rust's ErrorKind, which aims to categorise OS errors in a portable way. [...] The Rust programming language tries to make it straightforward to write portable code. Portable error handling is always a bit tricky. One of Rust's facilities in this area is std::io::ErrorKind which is an enum which tries to categorise (and, sometimes, enumerate) OS errors. The idea is that a program can check the error kind, and handle the error accordingly. That these ErrorKinds are part of the Rust standard library means that to get this right, you don't need to delve down and get the actual underlying operating system error number, and write separate code for each platform you want to support. You can check whether the error is ErrorKind::NotFound (or whatever). Because ErrorKind is so important in many Rust APIs, some code which isn't really doing an OS call can still have to provide an ErrorKind. For this purpose, Rust provides a special category ErrorKind::Other, which doesn't correspond to any particular OS error.

  • Norbert Preining: TeX Live 2021 for Debian

    The release of TeX Live 2021 is already half a year away, but due to the delay of waiting for Debian/Bullseye release, we haven’t updated TeX Live in Debian for quite some time. But the waiting is over, today I uploaded the first packages of TeX Live 2021 to unstable.

today's howtos

  • How to Install Glances System Monitor on Linux Mint 20 - LinuxCapable

    Glances System Monitor is free, an open-source command-line tool for process monitoring, system resources such as CPU, Disk I/O, File System, Load Average, Memory, Network Interfaces and processes. Glances are built with Python language. Glances support cross-platform monitoring, which can be used in conjunction with a web-based interface. One of the excellent features Glances supports is the ability to set thresholds in the program. You can set careful, warning, and critical in the configuration file, which will then relay information in colors that can show alerts to systems resources bottlenecks, system resources issues, and much more. Glances, by default, comes with a pre-set list of colors, but you can modify and add additional configs.

  • How To Install OpenLDAP on Ubuntu 20.04 - idroot

    In this tutorial, we will show you how to install OpenLDAP on Ubuntu 20.04 LTS. For those of you who didn’t know, OpenLDAP (lightweight directory access protocol) provides user authentication and enables you to set up user accounts that provide the user access to each computer in your network without having to set up a local user account on each computer. OpenLDAP is the free and open-source implementation of LDAP. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the OpenLDAP on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • Add storage with LVM | Opensource.com

    Logical Volume Manager (LVM) allows for a layer of abstraction between the operating system and the hardware. Normally, your OS looks for disks (/dev/sda, /dev/sdb, and so on) and partitions within those disks (/dev/sda1, /dev/sdb1, and so on). In LVM, a virtual layer is created between the operating system and the disks. Instead of one drive holding some number of partitions, LVM creates a unified storage pool (called a Volume Group) that spans any number of physical drives (called Physical Volumes). Using the storage available in a Volume Group, LVM provides what appear to be disks and partitions to your OS. And the operating system is completely unaware that it's being "tricked."

  • Turn Your Old PC into an Access Point [Ed: Old article reposted]

    Got some older computer equipment lying around? Don’t throw away those old PCs just yet. Whether you’re cleaning out or upgrading the computers in the office or at home, you should be able to find something to do with them. As we’ll discuss, you can use them for experimentation, routing, security, file or Internet serving, and more. Use these five suggestions to make one of the projects your late-night endeavor on the weekend or your new project at work.

  • How to back up Linux apps and files on your Chromebook - TechRepublic

    If you've made the jump and installed Linux support on your Chromebook, you've probably already started installing apps and working with files and data. That being the case, you might be curious as to how you back up those apps and data. In some cases, you'll be saving data within the Linux filesystem hierarchy (and not on either your local or cloud storage, via Chrome OS. Fortunately, the Chrome OS developers thought of this, so you don't have to bother with locating that data and running commands to back it all up.