Hacking Linux Exposed





previous article
next article
Where to Go for Timely Alerts
By Bri Hatch.

Summary: A little knowledge can go a long way, especially when that knowledge is about the latest threats to your system. But where does the savvy admin go for such information?

The worst thing that can happen to a security administrator is to be oblivious to the newest, and thus most pressing, vulnerabilities that can affect your systems. Without prompt action -- upgrades, patches, increased access restrictions, or turning off software all together -- you are likely to fall victim to the latest exploits or worms.

So, whom should you turn to for this nay-crucial information? You can find good Linux security information at a bunch of places, but I trust very few sources to provide me timely vulnerability announcements. Most have both Web pages and email lists. Personally, I don't rely on Web pages because I've never been good at checking things periodically (and too many of them don't render well in lynx). I prefer email. It's something I check every few seconds and I can use procmail to make sure important messages get sent to my pager in case I'm doing something rare, like sleeping.

So, without further rambling, here are my suggestions for must-read email lists:

  • CERT: The granddaddy of alert notification. CERT advisories are usually reserved for the big problems, such as the widespread SNMP problems, which required careful coordination between multiple vendors to avoid 'spilling the beans' too early, or the latest 'Become the Windows Administrator user in 2 easy packets' bug.

    $ echo 'subscribe cert-advisory' | mail majordomo@cert.org

  • SANS Security Alert Consensus: The SANS organization sends out alerts similar to CERT, though usually with more useful information such as custom tools you can use to audit your systems. This newsletter is actually a weekly security summary, but they use it for important alerts as well.

    $ lynx http://www.sans.org/sansnews/

  • Incidents: On this list, admins can submit information about suspicious network activity they've captured. When new worms and exploits start making the rounds, this is often the first place they are seen on the radar. It can get pretty high volume as folks try to figure out what they're seeing in the wild.

    $ echo 'SUBS incidents Firstname Lastname' | mail listserv@securityfocus.com

  • Bugtraq: Bugtraq was the original full disclosure list, and it is an absolute essential to any administrator. Vendors and hackers alike announce vulnerabilities here. Often no solutions are suggested, but folks on the list quickly discuss appropriate responses to the problem.

    $ echo 'SUBS bugtraq Firstname Lastname' | mail listserv@securityfocus.com

  • Linux Distro: Whichever Linux distribution you use likely has an email list dedicated to security concerns. Sometimes the problems are specific to a particular distribution's configuration whereas sometimes they are universal Linux concerns.

    Your distribution-specific list will give you the links you need to see exactly what packages you need to upgrade, including the download URLs and instructions. Unless you're using Debian, of course, in which case you can upgrade everything with a mere 32 keystrokes.

These are the lists that I use for security alerts. You can subscribe to many other lists for weekly or monthly news, but for timely security information, I suggest the above lists so you aren't caught off guard.

Bri Hatch is Chief Hacker at Onsight, Inc and author of Hacking Linux Exposed and Building Linux VPNs. He has been securing and breaking into computers since before he traded in his Apple ][+ for his first Unix system. Bri can be reached at bri@hackinglinuxexposed.com.

Copyright Bri Hatch, 2002.

This article was first published here in ITworld.com Inc., 118 Turnpike Rd., Southborough, MA 01772  on 05-Mar-2002.

previous article
next article