Tag Archives: ubuntu

Outdated Linux Versions, Misconfigurations Triggering Cloud Attacks: Report

The “Linux Threat Report 2021 1H” from Trend Micro found that Linux cloud operating systems are heavily targeted for cyberattacks, with nearly 13 million detections in the first half of this year. As organizations expand their footprint in the cloud, correspondingly, they are exposed to the pervasive threats that exist in the Linux landscape.

This latest threat report, released Aug. 23, provides an in-depth look at the Linux threat landscape. It discusses several pressing security issues that affect Linux running in the cloud.

Key findings include that Linux is powerful, universal, and dependable, but not devoid of flaws, according to the researchers. However, like other operating systems, Linux remains susceptible to attacks.

Linux in the cloud powers most infrastructures, and Linux users make up the majority of the Trend Micro Cloud One enterprise customer base at 61 percent, compared to 39 percent Windows users.

The data comes from the Trend Micro Smart Protection Network (SPN) or the data reservoir for all detections across all Trend Micro’s products. The results show enterprise Linux at considerable risk from system configuration mistakes and outdated Linux distributions.

For instance, data from internet scan engine Censys.io revealed that nearly 14 million results for exposed devices running any sort of Linux operating system on July 6, 2021. A search for port 22 in Shodan, a port commonly used for Secure Shell Protocol (SSH) for Linux-based machines, showed almost 19 million exposed devices detected as of July 27, 2021.

Like any operating system, security depends entirely on how you use, configure, or manage the operating system. Each new Linux update tries to improve security. However, to get the value you must enable and configure it correctly, cautioned Joseph Carson, chief security scientist and advisory CISO at Thycotic.

“The state of Linux security today is rather good and has evolved in a positive way, with much more visibility and security features built-in. Nevertheless, like many operating systems, you must install, configure, and manage it with security in mind — as how cybercriminals take advantage is the human touch,” he told LinuxInsider.

Top Linux Threats

The Trend Micro Report disclosed rampant malware families within Linux systems. Unlike previous reports based on malware types, this study focused on the prevalence of Linux as an operating system and the pervasiveness of the various threats and vulnerabilities that stalk the OS.

That approach showed that the top three threat detections originated in the U.S. (almost 40 percent), Thailand (19 percent), and Singapore (14 percent).

Detections arose from systems running end-of-life versions of Linux distributions. The four expired distributions were from CentOS versions 7.4 to 7.9 (almost 44 percent), CloudLinux Server (more than 40 percent), and Ubuntu (about 7 percent).

Trend Micro tracked more than 13 million malware events flagged from its sensors. Researchers then cultivated a list of the prominent threat types consolidated from the top 10 malware families affecting Linux servers from Jan. 1 to June 30, 2021.

The top threat types found in Linux systems in the first half of 2021 are:

  • Coinminers (24.56 percent)
  • Web shell (19.92 percent)
  • Ransomware (11.56 percent)
  • Trojans (9.56 percent)
  • Others (3.15 percent)

The top four Linux distributions where the top threat types in Linux systems were found in H1-2021 are:

  • CentOS Linux (50.80 percent)
  • CloudLinux Server (31.24 percent)
  • Ubuntu Server (9.56 percent)
  • Red Hat Enterprise Linux Server (2.73 percent)

Top malware families include:

  • Coinminers (25 percent)
  • Web shells (20 percent)
  • Ransomware (12 percent)

CentOS Linux and CloudLinux Server are the top Linux distributions with the found threat types, while web application attacks happen to be the most common attack vector.

Web Apps Top Targets

Most of the applications and workloads exposed to the internet run web applications. Web application attacks are among the most common attack vectors in Trend Micro’s telemetry, said researchers.

If launched successfully, web app attacks allow hackers to execute arbitrary scripts and compromise secrets. Web app attacks also can modify, extract, or destroy data. The research shows that 76 percent of the attacks are web-based.

The LAMP stack (Linux, Apache, MySQL, PHP) made it inexpensive and easy to create web applications. In a very real way, it democratized the internet so anyone can set up a web application, according to John Bambenek, threat intelligence advisor at Netenrich.

“The problem with that is that anyone can set up a web app. While we are still waiting for the year of Linux on the desktop, it is important for organizations to use best practices for their web presences. Typically, this means staying on top of CMS patches/updates and routine scanning with even open-source tools (like the Zed Attack Proxy) to find and remediate SQL injection vulnerabilities,” he told LinuxInsider.

The report referenced the Open Web Application Security Project (OWASP) top 10 security risks, which lists injection flaws and cross-scripting (XSS) attacks remaining as high as ever. What strikes Trend Micro researchers as significant is the high number of insecure deserialization vulnerabilities.

This is partly due to the ubiquity of Java and deserialization vulnerabilities in it, according to Trend Micro. It’s report also noted that the Liferay Portal, Ruby on Rails, and Red Hat JBoss deserialization vulnerabilities as being prominent.

Attackers also try to use vulnerabilities where there is broken authentication to gain unauthorized access to systems. Plus, the number of command injection hits also poses a surprise as they are higher than what Trend Micro’s analysts expected.

Expected Trend

It is no surprise that the majority of these attacks are web-based. Every website is different, written by different developers with different skill sets, observed Shawn Smith, director of infrastructure at nVisium.

“There is a wide range of different frameworks across a multitude of languages with various components that all have their own advantages and drawbacks. Combine this with the fact that not all developers are security gurus, and you’ve got an incredibly alluring target,” he told LinuxInsider.

Web servers are one of the most common services to expose to the internet because most of the world interacts with the internet through websites. There are other areas exposed — like FTP or IRC servers — but the vast majority of the world is using websites as their main contact point to the internet.

“As a result, this is where attackers will focus to get the biggest return on investment for their time spent,” Smith said.

OSS Linked to Supply Chain Attacks

Software supply chains must be secured to deal with the Linux attack landscape as well, noted the Trend Micro report. Attackers can insert malicious code to compromise software components of third-party suppliers. That code then connects to a command-and-control server to download and deploy backdoors and other malicious payloads within the system, causing remote code.

This can lead to remote code execution to an enterprise’s system and computing resources. Supply chain attacks can also come from misconfigurations, which are the second top incident type in cloud-native environments, according to the Trend Micro report. More than 56 percent of their survey respondents had a misconfiguration or known unpatched vulnerability incident involving their cloud-native applications.

Hackers are having an easy time. “The major attack types on web-based applications have remained constant over the recent past. That, combined with the rising time-to-fix and declining remediation rates, makes the hackers’ job easier,” said Setu Kulkarni, vice president of strategy at NTT Application Security.

Organizations need to test applications in production, figuring out what their top three-to-five vulnerability types are. Then launch a targeted campaign to address them, rinse, and repeat, he recommended.

The “Linux Threat Report 2021 1H” is available here.

Source link

Latest POP_OS! Release Brings COSMIC Overtones

When I reviewed POP!_OS 20.04 in May 2020, I saw its potential to be one of the best starting points for any new Linux user.

The latest release, POP!_OS Linux 21.04 issued June 29, clearly shows that the in-house tweaking of the GNOME desktop to the COSMIC GNOME-based desktop is even more inviting.

Given this distro’s rising popularity, it will continue to hold that distinction. COSMIC is an attractive offering for seasoned Linux users as well.

That is a bold statement, but developer System76 has made some bold moves to push this distro to the forefront and spark its popularity among newcomers to Linux — as well as with seasoned users. That was true for the changeover to a modified GNOME desktop last year. It is even truer with this latest release’s added COSMIC polish to GNOME.

COSMIC stands for Computer Operating System Main Interface Components. While it is not an out-of-this-world or strikingly new desktop environment, it does provide enough change to the traditional GNOME user interface to be better than the original.

That has been System 76’s goal from the get-go. The company has refined the desktop experience primarily for its own line of Linux-powered computers. But even running POP_OS! on your own unoptimized hardware, this Linux distribution soars like a heavenly creature.

What’s Up with COSMIC

Ubuntu 21.04 (Hirsute Hippo) is the first release of System76’s distribution with its own revamped GNOME desktop environment. Earlier releases were based on stock GNOME with additional System76 tweaks.

Numerous distro makers using the GNOME desktop modify its user interface. So that is not a remarkable innovation at all.

What is noteworthy, however, is the subtlety of the innovations that produce a much better hands-on experience using GNOME’s underpinnings. I am not a zealous fan of GNOME in almost any modified version. I find that the desktop environment is too inflexible in meeting the demands of my workflow.

Much of that displeasure is a reaction to power-user features easily accessible to fully functional panel bars and keyboard shortcuts that supplement navigating around multiple open virtual workspaces. GNOME just gets in the way of executing my on-screen workflow needs.

The modified COSMIC GNOME integration soothes and solves much of that workflow blockage. The COSMIC desktop comes with a fully customizable dock. It splits the Activities Overview function into Workspaces and Applications views. It provides the ability to open the launcher with the Super key, as well as various trackpad gestures.

The COSMIC desktop also brings streamlined launching and switching between applications. All these features make the interface simpler and more straightforward to use.

POP_OS! Workspaces

Meet the COSMIC layout. Workspace overview is still displayed in a vertical column when you click on the Workspaces button at the top left of the screen. You can also use the Show Workspaces button on the far left of the bottom dock or near the right side of the top panel.

More Under the Hood

In short, COSMIC with POP_OS! just has enough new options to deliver an adjusted GNOME desktop to satisfy my personal computing tastes and meet most of my workflow needs. Is it an all-around perfect computing solution? No! But it is much closer to meeting that goal without having to leave GNOME behind.

One glaring example is the option to have minimize/maximize buttons for windows. Add to that the ability to tile windows with the mouse by clicking and dragging tiled windows to rearrange them.

COSMIC also adds an ability to upgrade the recovery partition, an improved search feature, and a plugin system for the launcher to let you create your own plugins. Plus, the new release comes with updated components and a newer kernel from the upstream Ubuntu 21.04 release.

Another nice touch is being able to move the workspaces to the left or right edges of the screen. To do that, open Settings and go to Desktop | Workspaces.

But the System76 designers left a glaring old GNOME menu display in place. The application menu remains full screen. That might be a visual impediment to which new users will have to adjust. The popup or dropdown one- or two-column menu most Linux operating systems use is not a part of the COSMIC display.

POP_OS! Applications launcher

One thing that has not changed with COSMIC’s design is the full-screen applications launcher. Press the Applications button and then select the software category. You can see the selected category (in this case System applications) in the top square overlay. The full-screen menu with all software is somewhat visible under the displayed System folder.

A More Likable GNOME

POP_OS! is largely a “take it or leave it” offering. If you really like the GNOME environment, you should love how System76 morphed the UI into something unlike any other GNOME desktop revisions in any other Linux distro. If you are not familiar with GNOME yet, this is a much better version to make that introduction.

One example of this likability is how COSMIC handles workspaces. POP_OS! uses a vertical layout along the edge of the screen for the workspace overview. But the designers made up for that GNOME carryover somewhat by adding a Workspaces button in the top panel. I give designers credit for building in the ability to easily drag and drop applications to a different Workspace.

Another new element is the centered bottom dock. But I find the dock provides less utility than a fully functional bottom panel. Functionality should include more than just a holding spot for quick access apps.

YES, the latest POP_OS! has a top panel that resembles a classic Linux layout. But this panel bar lacks full functionality. However, it does provide access to other system icons on the right end. It also includes a Workspaces button in the top panel.

Unusual Tiling Option

Usually, tiling window managers is a separate kind of desktop environment in Linux distros that offer that option. POP_OS! does include it as an option. Tiling windows is not for everyone. In COSMIC, the tiling window manager is highly tweaked.

The window tiling feature automates the process of arranging window sizes in split-screen configurations. But it is not a typical Linux feature that has universal appeal.

I doubt new users to POP_OS! will find it particularly endearing or useful. However, other components of COSMIC will certainly make trying this new release worthwhile; like trackpad gestures, for instance.

Keeping Track of Gestures

System76 seems quite committed to making gestures a new Linux OS staple for trackpads. Its designers have done a good job to make this a palatable feature.

If you are handy with the Chromebook platform, you no doubt already are proficient in using trackpad gestures. Lately, I use Chrome OS quite a bit. It is a nice change of pace and lets me combine the benefits of tablets and my favorite Linux applications. I think my growing affinity for Chromebooks has made me feel more at home with the latest release of POP_OS!.

The included gestures are:

  • Swipe four fingers right on the trackpad to open the Applications view;
  • Swipe four fingers left to open the Workspaces view;
  • Swipe four fingers up or down to switch to another workspace;
  • Swipe (in any direction) with three fingers to switch between open windows.

Trackpad’s gestures is a game-changer for desktop Linux in general and for POP_OS! in particular. It is efficient and user-friendly.

Bottom Line

The combination of an Ubuntu base and GNOME customization makes POP!_OS with the new COSMIC integration a winning choice. New features and more tweaking make this release extra productive.

The only decision you need to make to download POP_OS! is your hardware configuration. It must be a 64-bit system. This release will not run on older 32-bit computers.

Another factor is the type of graphics your system uses. One download ISO file is strictly for Nvidia graphics cards. Otherwise, click on the other ISO choice.

The only other hardware requirement to meet is two GB RAM with at least 16 GB storage.

If you like the performance that this latest POP_OS! release gives you on your current computer, sit back and enjoy. Then think about how super-fast it will run on a spiffy new System76 computer that enhances the optimized operating system software.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me and I’ll consider them for a future column.

And use the Reader Comments feature below to provide your input!

Source link

A Prominent, Longtime Dell Linux Engineer Recently Joined AMD’s Linux Team

AMD --

Here should hopefully be a great indication about AMD’s Linux efforts moving forward with one of their recent and exciting hires at the company.

As noted across various Phoronix articles over the past year, AMD has been ramping up their Linux staff given their market successes on both client and server. This has been much desired considering nearly a decade ago they let go many of their Linux developers and closed their Operating System Research Center. AMD’s Linux support for recent CPU (and GPU) launches has been good, but Intel continues to serve as the “gold standard” of Linux support when it comes to generally providing punctual pre-launch support for new hardware, generally ensuring their new hardware features are supported under Linux, making sure their forthcoming microarchitectures are well supported by the prominent open-source compilers ahead of time, etc. Intel’s large open-source engineering pool has allowed this generally very good pre-launch hardware support. In addition, that large talent pool has led Intel to contributing significantly to various non-Intel-specific improvements to the Linux kernel and other areas.

While the AMD processor support is generally in good shape at launch on Linux, their Linux engineers have been under-staffed since the unfortunate OSRC closure in 2012. This has led to non-critical items like temperature and power monitoring often not coming to Linux until post-launch by the community even when it’s often just been new IDs needing to be added, Google and other companies contributing hardware features normally carried out by the hardware vendor, compiler support for new microarchitectures not being published until around launch-time and thus longer until in a stable compiler, various quirks, and other areas that could be improved upon.

Thus I was rather excited to notice on Friday (albeit belated) that Mario Limonciello is among their recent Linux hires at the company. Mario is a longtime Linux engineer at Dell since ~2008 that was involved with “Project Sputnik” and their other Linux-enablement work at Dell. In particular, heavily involved with Dell’s efforts around Ubuntu preloads across a range of consumer laptops/desktops over the years. He’s also been involved with FWUPD firmware updating on Linux and other efforts and submitting a number of upstream Linux kernel patches.

Prior to joining Dell, he was also an Ubuntu contributor (and Mythbuntu developer, pictured above – left, back in 2007 at the former Ubuntu Live conference) and also involved with the ATI fglrx install scripts back in the day and more.

With his background and significant Linux client work at Dell, it’s great to see he is now at AMD working on their Linux efforts.

It turns out he joined AMD earlier this year. His apparent joining of the company came weeks after the jobs mentioned in this prior article about AMD is hiring more Linux engineers. What is significant about that is that those job postings were for Linux on the client side. Those postings also noted “a new organization” being built at AMD around Linux on the client side.

Further pointing to the AMD Linux client work is how I noticed he was at AMD… Mario’s latest kernel patches. Now at AMD, his latest patch series is bringing up Yellow Carp for the k10temp temperature monitoring driver! Pre-launch temperature monitoring support for a client APU! Yellow Carp is possibly the next-gen Rembrandt APUs. Seeing the CPU temperature monitoring driver support pre-launch for Yellow Carp / Rembrandt while it may seem silly to Windows users that take it for granted, seeing this happen on the client-side is significant. Heck as mentioned in the Ryzen 7 5700G Linux testing just this week, with that already-shipping desktop APU that k10temp support isn’t even coming until the next kernel cycle (5.15).

Since joining AMD in April, Mario has also been working on some fixes for Renoir/Cezanne and other bits as well. Hopefully this is just the start of more AMD Linux client improvements. AMD has also been hiring to work on the Linux scheduler, memory management, and other areas with some of those positions not yet filled.

Intel AMX Patches For The Kernel Posted A 10th Time, But To Miss Out On Linux 5.15


Going back to June of last year there has been work on Intel bringing up Advanced Matrix Extension (AMX) that will debut with next-gen Xeon “Sapphire Rapids” processors as a new programming paradigm. Over the past year they have published patches for the Linux kernel and open-source toolchains with GCC and LLVM Clang. One year later, the AMX kernel patches are up to their tenth revision but will miss out on the imminent Linux 5.15 merge window.

Intel open-source engineers have been working on a set of more than two dozen patches around AMX handling for the Linux kernel. Among the kernel work involved is that a new system call is needed for applications to actually request feature access to Advanced Matrix Extensions, handling for applications without AMX permissions, and other changes.

Sent out on Wednesday were the tenth revision of these AMX kernel patches that have some code simplification, improved/updated code comments, and a variety of other low-level code churn. The prior “v9” patches were sent out about one month ago.

Those interested in the kernel-side patches around Intel AMX can see the v10 patches.

However, given the timing of these patches and some aspects appearing to not be yet firmly settled and the patches needing to undergo further review, the AMX support isn’t likely to make it for Linux 5.15. The 5.15 kernel cycle is expected to begin next week unless delayed by one week, but even still it’s so close to the merge window that it’s very unlikely it will land.

Hopefully though these AMX patches will get squared away in time for the Linux 5.16 cycle… Xeon Sapphire Rapids is currently expected to ramp up in Q2’2022 so getting the code mainlined in time for spring 2022 Linux distributions like Ubuntu 22.04 LTS will be important for its initial adoption.

On the compiler toolchain side there is initial bits in GCC 11 along with GNU Binutils 2.36 and early portions in LLVM Clang 13.

Happy 30th, Linux! – Linux.com

“I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I’d like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things).

I’ve currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I’ll get something practical within a few months, and I’d like to know what features most people would want. Any suggestions are welcome, but I won’t promise I’ll implement them :-)”

With that note to an online newsgroup 30 years ago today, Linus Torvalds announced what would become arguably the most significant piece of software in history – Linux. Since August 25, 1991, Linux has grown to power all the world’s supercomputers, most mobile devices, financial exchanges, space stations and rovers, and serve as the backbone of the cloud and the internet itself. Companies, organizations, governments and individuals around the world rely on it to conduct business and live their lives every single day.

Our upcoming 2021 Open Source Jobs Report, which will be released in late September, will reveal that demand for Linux talent is as strong as ever, especially as companies rebound from the COVID-19 pandemic. That means now is the perfect time to improve your Linux skills, which is why through the end of 2021 we are offering 30% off select Linux-focused training courses and certification exams in recognition of the 30th anniversary (use code LINUX30 at checkout).

Programs in this offer include:


Linux Foundation Certified IT Associate (LFCA) – Demonstrates knowledge of fundamental IT concepts including operating systems, software application installation and management, hardware installation, use of the command line and basic programming, basic networking functions, security best practices, and other related topics to validate your capability and preparedness for an entry-level IT position.
Linux Foundation Certified System Administrator (LFCS) – Demonstrates you have the ability to design, install, configure, and manage a system installation, and understand key concepts such as networking, storage, security, maintenance, logging and monitoring, application lifecycle, troubleshooting, API object primitives and the ability to establish basic use-cases for end users. The discount is valid for the standalone exam or bundled with the associated training course.
Linux Foundation Certified Engineer (LFCE) – Demonstrates your ability to deploy and configure the Linux operating system at enterprise scale, and shows you possess all the necessary skills to work as a Linux engineer. The discount is valid for the standalone exam or bundled with the associated training course.

eLearning Courses:

Essentials of Linux System Administration (LFS201) – In this eLearning course, you’ll learn how to administer, configure and upgrade Linux systems running one of the three major Linux distribution families (Red Hat, SUSE, Debian/Ubuntu). You’ll also learn all the tools and concepts you need to efficiently build and manage a production Linux infrastructure. This course also serves as preparation for the LFCS exam.
Linux Networking and Administration (LFS211) – In this eLearning course, you will learn how to design, deploy and maintain a network running under Linux; how to administer the network services; the skills to create and operate a network in any major Linux distribution; how to securely configure the network interfaces; and how to deploy and configure file, web, email and name servers. This course also serves as preparation for the LFCE exam.

To take advantage of this offer, use code LINUX30 at checkout. 

Here’s to 30 more years of Linux innovation!

The post Happy 30th, Linux! appeared first on Linux Foundation – Training.