New Linux tools and updates kept IT security hacks at bay in 2007. That said, new problems -- such as security risks in virtual machines -- cropped up last year. Here's my round-up of the big Linux security events, software releases and controversies that cropped up in 2007.
Continued discussion about the security of PHP
PHP security issues stayed on the radar in 2007, triggered by the resignation of Stefan Esser from the PHP Security Response Team. Esser developed the
Snort parent company Sourcefire acquires open source anti-virus tool ClamAV
The move caused some initial consternation and a flurry of questions in the ClamAV community. Sourcefire moved quickly to reassure users that the tool would remain open source and continue to be released under the GPL.
Snort version 3.0 is launched
Staying with Sourcefire, the long-awaited Snort version 3.0 was released in alpha. The new features in 3.0 included a new architecture and a command-line interface supported by an embedded programming language called Lua. The new version will also include the much anticipated protocol decoders for IPv6, MPLS, GRE and 802.1q. At this stage, Snort 3.0 is not ready to be used in production environments but is available for testing.
Virtual machine security
Despite developments in a number of Linux and open source virtual machine technologies such as Xen, QEMU, KVM and lguest, potential security issues for virtual machines went ignored. Many managers and administrators of virtualized environments seem to presume that security tools are not needed. Therefore, rootkits and malicious code running in virtual machines are often a threat, as they can be undetectable to security tools running on the underlying operating system.
A notable exception to this apparent lack of concern was made when Symantec released a report into security on both proprietary and open source virtual machines.
OpenID takes the next step
OpenID, the open source digital identity framework may have started to come into its own this year. Version 2.0 of the framework was released in December and the number of platforms, websites and development libraries supporting OpenID authentication continues to grow.
Samba 4 released
The next release of Samba, the open source file and print services provider for SMB/CIFS clients, was released in alpha. The biggest advance in Samba 4 is the implementation of the server-side components of Windows Active Directory. Whereas Samba 3 is happy as a member of Windows Active Directory domain, a Samba 4 server can actually function as a domain controller with domain join and logon services for clients. This release is a significant step forward for open source security and authentication interoperability.
The Honeynet project goes virtual
The Honeynet project is a collaborative open source project that aims to raise awareness of the threats and vulnerabilities that exist in the Internet. This year has seen significant advances in the project's capabilities including the release of HoneyMole a client-server honeynet application that allows the deployment of remote honeynet clients that report to a central server.
The SANS Top 20
This year's SANS Top 20 didn't contain any major security threats or revelations about the risks that currently exist. But one of the risks highlighted was the threat posed by unnecessary, unsecured and unauthenticated Unix services. SANS suggest that the risk can be mitigated by turning off unnecessary services, protecting hosts with firewalls, regular patching and the use of encryption and appropriate authentication.
The "storm bot"
Whilst not directly impacting Linux users, the "storm bot" and its sophisticated attack vectors, management infrastructure and somewhat polymorphic nature point to a disturbing new trend in bots and malware. It reminds those of us in the Linux community who have not been adversely affected by virus attack that threats are constantly evolving.
About the author: James Turnbull is the author of Pro Nagios 2.0. and Hardening Linux. A security architect for the National Australia Bank, James is the resident security expert for SearchEnterpriseLinux.com. Recently, James discussed how to use iptables against SSH attacks
This was first published in January 2008