Tag: File Permissions

What is Umask in Linux?

Umask (short for user file-creation mode mask) is used by UNIX-based systems to set default permissions for newly created files and directories. It does this by masking or subtracting these permissions. For example, with the usual Umask being set to 022 on most systems all the new files we create will subtract the Umask value from full permissions (for files that would be 666 - 022 = 644). Umask can be expressed in octal or symbolic values. 

Introduction

Intrusion detection systems (IDSs) are an ever-present requirement in a cybersecurity infrastructure to ensure a server or internal network is protected. An intrusion detection system is either a hardware device or software program that actively monitors a server or group of servers for network policy violations or malicious activity. Any suspicious activity, attempted attack, or policy violation is reported and logged to a centrally located security information and event management (SIEM) system database, or directly to a security administrator for further review. This article explores Liquid Web’s intrusion detection product called Alert Logic Security and Compliance Suite.

Introduction

This article will review some of the more technical aspects of F5 Distributed Cloud AIP. F5 Distributed Cloud AIP is a platform-independent intrusion detection system (IDS) designed to provide users with a unique view into various integrated server security functions. It monitors both Linux and Windows servers as well as Kubernetes or other container-based server infrastructures to observe behaviors and detect malicious, uncommon, and risky activity.

Introduction

In this article, we provide updated information concerning the ongoing threat posed by the malware directed at Microsoft Exchange Servers noted in CVE-2021-26855. We also furnish the steps needed to update and secure your Microsoft Exchange Server. In a recent post, the Cybersecurity & Infrastructure Security Agency posted a priority security advisory regarding the recent Microsoft Exchange Server vulnerability. They state:

Security Information and Event Management (or SIEM) is a subset of the computer security field, where applications and services join forces with security event management and security information management. When united, these disciplines provide significantly improved real-time statistical data and threat analysis of alerts generated by the related applications. The 2021 Internet Security Threat Report from Sophos denotes that are not only the number of attacks on the rise but also the diverse nature of methodologies and vectors of incursions used. This necessitates the fact that adding a SIEM is especially warranted at this time.

Zero Trust security is the concept, methodology, and threat model that assumes no user, system, or service operating within a secured internal environment should be automatically trusted. It put forward that every interaction must be verified when trying to connect to a system before being granted access. This concept uses micro-segmentation, and granular edge controls based on user rights, application access levels, service usage, and relation to the location to determine whether to trust a user, machine, or application seeking to access a specific part of an organization.

As you are probably already aware, everything is considered to be a file in Linux. That includes hardware devices, processes, directories, regular files, sockets, links, and so on. Generally, the file system is divided into data blocks and inodes. With that being said, you can think about inodes as a basis of the Linux file system. To explain it more clearly, an Inode is a data structure that stores metadata about every single file on your computer system. 

In this tutorial, we will look at several methods that are used to compromise a website. In today's world, websites use multiple procedures that represent the core functions of a modern business. Whether you have an eCommerce site or a business card site, a website is essential for driving business growth. We can safely state that a website is a unique image of your respective business. 

What is Remote Code Execution?

Remote code execution, also known as code injection, is one of the most common ways hackers compromise a website. This term encompasses multiple techniques which have one aspect in common. The attacker passes off their code as legitimate in the server's eyes, using a data submission method typically reserved for regular users.

What Are Linux File Permissions?

Setuid, Setgid and Sticky Bits are special types of Unix/Linux file permission sets that permit certain users to run specific programs with elevated privileges. Ultimately the permissions that are set on a file determine what users can read, write or execute the file. Linux provides more advanced file permissions that allow you to do more specific things with a file, or directory.  Typically, these file permissions are used to allow a user to do certain tasks with elevated privileges (allow them to do things they normally are not permitted to do). This is accomplished with three distinct permission settings.  They are setuid, setgid, and the sticky bit.