In October, 2016, critical Linux kernel vulnerability was discovered. The vulnerability called Dirty COW is related to copy-on-write (COW) kernel memory processing mechanism. Actually, it exists in Linux kernel since 2007.
Vulnerability refers to privilege escalation. Exploiting Dirty COW bug, unauthorized local users More →
LAMP stack is a widespread group of software that consists of Linux OS, Apache web server, MySQL or MariaDB database management system, and PHP server side scripting language. Of course, server side protection is a rather vast topic that cannot be fully investigated within a single article. This article just covers the basics of LAMP components protection.
To protect Linux:
- Use key authentication instead of password authentication whenever possible.
- Change the port sshd is listening to; it is recommended that a port higher than 1024 is used.
- You should consider using iptables or fail2ban firewall. More →
On January 27, 2015, Linux world was struck by critical vulnerability called GHOST. The bug exists in GNU C Library (or Glibc) functions gethostbyname and gethostbyname2 starting from glibc-2.2 version released in 2000; it was fixed in glibc-2.18 version released in May 2013, therefore, only LTS distributions are vulnerable:
- Ubuntu 12.04,
- Debian 7,
- RHEL 6 and 7,
- CentOS 6 and 7.
Note: other libc implementations (such as uclibc, musl) are not vulnerable to GHOST. More →
Docker is an open source platform that automates the process of deployment by creating application containers that can be launched on absolutely any system (regardless of the language the application is written in). This platform brings together the Docker Engine container runtime, tools for creating packages and API. There are also repositories containing environment instances to run popular applications (MySQL, Nginx, Redis, etc..). Docker is written in Go and licensed under Apache 2.0. It comes complete with a full set of documentation and guarantees API backward compatibility. More →