By Milind Gangwani
The prevalence for running Linux systems in the enterprise is increasing, typically depended on for running business operations software, web applications, cloud technology, internet of things devices, and core banking software. However, these systems are often the most neglected in security. Furthermore, custom Linux variants pose a significant issue for many customers. Custom Linux variants can respond very differently than traditional core Linux variants like Ubuntu, Red Hat, and Fedora; because of the high variability across kernel and builds the IT staff often leaves these systems unattended despite their crucial role in IT security-based Infrastructure.
As the preferred operating system for cloud deployments, Adlumin typically sees configurations with either Debian and Fedora as the variant of choice. Even container technology, like Docker, utilizes a Linux Kernel.
While Linux, as an operating system, is used to manage applications, conduct computing, and process large volumes of data, organizations struggle to easily monitor and analyze activity transactions.
Here at Adlumin, we have designed and developed a Linux daemon that feeds into our cloud-native SIEM (Security Information & Event Management) technology. Our Linux forwarder can be installed on any of the version of Debian or Fedora. To state it more accurately, it can be deployed on Fedora version 6.0 and Debian version 6.0 onwards, till the latest release. These base builds include Linux variants like Red Hat, Ubuntu, CentOS, and many more.
The installation of the forwarder is incredibly simple and takes just minutes. Upon installation it scans resident Kernel libraries looking for the correct setup procedures and it requires no intermediate dependencies to run seamlessly. The daemon configuration is such that, even if a sudo/root user were to tamper with the process, the daemon would restart silently.
The forwarder uses a simple but effective approach. Initial information is collected ‘/etc/os-release’ or ‘/etc/system-release’ paths. Subsequently all account, privilege, share, and permission data sets are collected from a variety of sources. This permits Adlumin to make an excellent assessment of risk by understanding what access points may be vulnerable to attack.
The Linux forwarder was developed using Googles Golang programming language. GoLang is known for its lightweight footprint and efficiency. It can be universally deployed anywhere without a machine interpreter.
Using a hybrid combination of the Golang operating system API, traditional API’s, and external binary inclusion Adlumin now can provide a lightweight forwarder that is effective on almost any Linux operating system version.
This Linux forwarder is part of our holistic intrusion detection approach by monitoring, reporting, and analyzing user and entity behavior. The underlying technology and analytics is designed to traverse windows, Linux, and network device you can dream of. Using data points from all sources to instantaneously produce a conclusion.
Biography: Milind Gangwani is a full-stack developer at Adlumin and has been in development for more than 10 years. Prior to joining Adlumin, Milind was a senior developer at SalientCRGT at the US Patent office. He has a master’s degree in computer vision from Rochester Institute of Technology.