Under the microscope: Linux security tools Lessons learned from - - PowerPoint PPT Presentation

under the microscope
SMART_READER_LITE
LIVE PREVIEW

Under the microscope: Linux security tools Lessons learned from - - PowerPoint PPT Presentation

Nov 15, 2022 461 likes •782 views

Under the microscope: Linux security tools Lessons learned from 500+ projects Michael Boelen michael.boelen@cisofy.com NLLGG, September 2018 Michael Boelen Open Source Lynis, Rootkit Hunter Business Founder of CISOfy

slide-1
SLIDE 1

Linux security tools

Lessons learned from 500+ projects

Michael Boelen

michael.boelen@cisofy.com NLLGG, September 2018

Under the microscope:

slide-2
SLIDE 2

Michael Boelen

  • Open Source

○ Lynis, Rootkit Hunter

  • Business

○ Founder of CISOfy

  • Other

○ Blogger at Linux-Audit.com ○ Board member NLUUG

2

slide-3
SLIDE 3

The LSE project

slide-4
SLIDE 4

LinuxSecurity.Expert

  • Library
  • People
  • Toolkit

Project: LSE

4

slide-5
SLIDE 5

Library

  • Checklists →
  • Guides
  • Configuration

○ sysctl ○ systemd ○ SSH

5

slide-6
SLIDE 6

People

Profiles

  • Specialists in our field

○ Person behind a tool ○ Interviews

6

slide-7
SLIDE 7

Toolkit

  • Tools
  • Categories
  • Snippets

7

slide-8
SLIDE 8

Tools - Discovery

8

slide-9
SLIDE 9

Tools - Discovery

Criteria

  • Open source
  • Security
  • Runs on Linux, macOS, BSD

9

slide-10
SLIDE 10

Tool analysis

slide-11
SLIDE 11
slide-12
SLIDE 12

Tool analysis

Basics

Project description Tool category Typical user License Author Language Keywords Latest release

12

Quality

Changelog Popularity Documentation Code Releases

Usage

Installation Ease of use

slide-13
SLIDE 13

Tool analysis

13

slide-14
SLIDE 14

Output

slide-15
SLIDE 15

Tool review

  • Introduction
  • Typical tool usage
  • How it works
  • Background details
  • Strengths and weaknesses
  • Example output
  • Author information
  • Tool alternatives
  • Categories
  • Tags
  • And more...

15

slide-16
SLIDE 16

Tool review

16

slide-17
SLIDE 17

Top 100: security tools

17

slide-18
SLIDE 18

Tools by category

18

slide-19
SLIDE 19

Lessons learned

slide-20
SLIDE 20

Lessons learned - Basics

  • Not really open source!
  • Unclear goal
  • Authorship
  • Versioning
  • Changelog missing

20

slide-21
SLIDE 21

Lessons learned - Documentation

  • Missing a basic description
  • No ‘get started’ guide
  • Lack of good examples

21

slide-22
SLIDE 22

Lessons learned - Ease of use

  • Complicated installation
  • No sane defaults (e.g. --help missing)
  • Parameters make no sense

22

slide-23
SLIDE 23

What questions do you have?

Get connected

  • Twitter (@mboelen and @LSELabs)
  • LinkedIn (Michael Boelen)

23

slide-24
SLIDE 24

More?

Related articles at linux-audit.com

  • Why we use your open source project (or not)
  • How to Promote your Open Source Project

24

slide-25
SLIDE 25
slide-26
SLIDE 26
slide-27
SLIDE 27

Best Practices

  • -full-throttle-engine, -f
  • -help, -h, or help
  • -version, -V

27

Learn more: docopt.org

slide-28
SLIDE 28

Best Practices

Keep a changelog

  • History
  • Trust
  • Troubleshooting

28

Learn more: keepachangelog.com

slide-29
SLIDE 29

Best Practices

Semantic versioning! Major.Minor.Patch

29

Learn more: semver.org

slide-30
SLIDE 30

Credits

Images Where possible the origin of the used images are included in the slides. Some came without an origin from social media and therefore have no source. If you are the owner, let us know and we add the source.

30