under the microscope
play

Under the microscope: Linux security tools Lessons learned from - PowerPoint PPT Presentation

Under the microscope: Linux security tools Lessons learned from 500+ projects Michael Boelen michael.boelen@cisofy.com NLLGG, September 2018 Michael Boelen Open Source Lynis, Rootkit Hunter Business Founder of CISOfy


  1. Under the microscope: Linux security tools Lessons learned from 500+ projects Michael Boelen michael.boelen@cisofy.com NLLGG, September 2018

  2. Michael Boelen ● Open Source ○ Lynis, Rootkit Hunter ● Business ○ Founder of CISOfy ● Other ○ Blogger at Linux-Audit.com ○ Board member NLUUG 2

  3. The LSE project

  4. Project: LSE LinuxSecurity.Expert ● Library ● People ● Toolkit 4

  5. Library ● Checklists → ● Guides ● Configuration ○ sysctl ○ systemd ○ SSH 5

  6. People Profiles ● Specialists in our field ○ Person behind a tool ○ Interviews 6

  7. Toolkit ● Tools ● Categories ● Snippets 7

  8. Tools - Discovery 8

  9. Tools - Discovery Criteria ● Open source ● Security ● Runs on Linux, macOS, BSD 9

  10. Tool analysis

  11. Tool analysis Basics Quality Project description Changelog Tool category Popularity Typical user Documentation License Code Author Releases Language Usage Keywords Installation Latest release Ease of use 12

  12. Tool analysis 13

  13. Output

  14. Tool review ● Introduction ● Typical tool usage ● How it works ● Background details ● Strengths and weaknesses ● Example output ● Author information ● Tool alternatives ● Categories ● Tags ● And more... 15

  15. Tool review 16

  16. Top 100: security tools 17

  17. Tools by category 18

  18. Lessons learned

  19. Lessons learned - Basics ● Not really open source! ● Unclear goal ● Authorship ● Versioning ● Changelog missing 20

  20. Lessons learned - Documentation ● Missing a basic description ● No ‘get started’ guide ● Lack of good examples 21

  21. Lessons learned - Ease of use ● Complicated installation ● No sane defaults (e.g. --help missing) ● Parameters make no sense 22

  22. What questions do you have? Get connected ● Twitter (@mboelen and @LSELabs) ● LinkedIn (Michael Boelen) 23

  23. More? Related articles at linux-audit.com ● Why we use your open source project (or not) ● How to Promote your Open Source Project 24

  24. Best Practices --full-throttle-engine, -f --help, -h, or help --version, -V Learn more: docopt.org 27

  25. Best Practices Keep a changelog ● History ● Trust ● Troubleshooting Learn more: keepachangelog.com 28

  26. Best Practices Semantic versioning! Major.Minor.Patch Learn more: semver.org 29

  27. Credits Images Where possible the origin of the used images are included in the slides. Some came without an origin from social media and therefore have no source. If you are the owner, let us know and we add the source. 30

Recommend


More recommend