If you've ever used Linux, you’ve probably heard about SELinux or Security-enhanced Linux. For a very long time, my interaction with it was just restricted to: Like many other security solutions, SELinux can sometimes be annoying, and understanding even the basic concepts can change our bigger enemy to our best friend.

Linux servers have been in use for specific uses for a long time. One ought to be conscious that a new Linux server’s degree of protection is exceptionally low by default configuration. This is in order to permit as much functionality and competency as feasible while installing it. Consequently, it’s essential to carry out fundamental hardening procedures prior to installing the server in a production environment.

Linux and Windows are a study in contrasts—the former operating system is open and users can easily copy and modify the code at will, while the latter is closed and proprietary. However, Windows is no longer the only game in town; increasingly, both are used in enterprises, which makes securing them a tall task. While many tools exist for organizations to manage vulnerabilities in their software, they tend to be OS-specific.

In this post, I want to scratch at the surface of a very interesting technology that Elastic’s Universal Profiler and Security solution both use called eBPF and explain why it is a critically important technology for modern observability. I’ll talk a little bit about how it works and how it can be used to create powerful monitoring solutions — and dream up ways eBPF could be used in the future for observability use cases.

Note: The examples in this post use apt commands, which are for Debian-based operating systems like Ubuntu, Kali and Mint. However, the examples have also been tested with yum/dnf commands for RPM-based distros like CentOS, Red Hat, Fedora and openSUSE.

AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.

None of us want to look into a production audit system, as this most likely happens after a security breach or a security incident. Over the years, people have come up with many ideas to see what applications are doing. Almost all databases keep event logs to prevent data loss. Systems such as Kubernetes generate events for every action, and applications that probably run in your production also implement some structured logging for the same reason. But what can we do if all of that is not enough?

Digital infrastructure is constantly evolving, forcing security professionals to strengthen security operations at an accelerated pace to mitigate risks. With that said, organizations increasingly realize how essential API security is to their information security strategy, and are evaluating solutions that are being touted as potential tools to secure APIs. Recently, eBPF (an evolution of Berkeley Packet Filter) has been a topic of discussion as a method for collecting data on APIs.

This in-depth analysis explores CVE-2020-25669, a vulnerability that exploited a memory corruption issue in Linux Kernel.