![]() La encontré mientras buscaba apps hablaran de SQL Injection y me llamó poderosamente la atención. "¿Una app para hackear Facebook que está relacionada con SQL. Security By Default. Pues hoy os traigo una entrevista al padre de ambas criaturas: Michael Boelen. Holandés y un auténtico experto en Linux. Sin duda una persona de la que aprender, tanto a nivel técnico como por desarrollar Lynis, su proyecto personal, y potenciarlo hasta dedicarse profesionalmente en cuerpo y alma a él. La entrevista está en inglés.
Pensé en traducirla al español, pero creo que así como lo he hecho en otras, el resultado ha perdido su esencia. Creo que es mejor dejarla en el idioma original y, a no ser que me lo pidáis en los comentarios, la dejamos así. Sb. D - Michael, you are the developer or Lynis, one of the main automated internal auditing tools for GNU/Linux systems. What did make you to start developing this useful tool? Michael Boelen The. I. needed a quick way to replace hardening guides (like the CIS benchmarks). ![]() Reading the documents simply. And instead of just checking the boxes, I wanted a. I guess you use CIS Benchmarks Guides to adjust the checks they recommend to improve your tool. Which any other sources do you have in mind? That. is the beauty of a tool like Lynis. It is not limited to one single. Instead, we take the most important. We group. them by their focus area, like cryptography, database, mail, web, etc.- Lynis also has plugins developed by the community, can you talk us about them? The. plugin system of Lynis extends the normal set of tests. Where normal. tests have a clear outcome (good, bad, or could be better), plugins are. This data could then be used during. This data report could then be fed into a SIEM, or a management. Have you ever thought about creating profiles to be able to measure asystem security level depending on the checks that standards like PCI- DSS requires? We. definitely have. In 2. 01. 3 we started actually a company (CISOfy) to put. Lynis. For companies that have specific. PCI- DSS, HIPAA, or ISO2. It leverages the Lynis client tool and. And when you have. For example finding the questions to how do. Are similar systems also similarly configured? And for. those with a need of compliance checking, the Enterprise version can do. Simply add a machine and add a compliance. Although Lynis is free, you have this Enterprise version you mentioned. Do you earn your life with this project or do you work somewhere else and Lynis is a hobby or a complementary job for you? Lynis. started as a hobby project in 2. With the business support from. CISOfy in 2. 01. 3, the project has seen a great increase in number of users. I'm full- time involved with business and software. There are other tools that says to do the same as Lynis, like Linux Check list or LSAT. Why is Lynis better than the rest? During. the last 1. The big problem. with all the tools: they are badly maintained. Still, I see occasionally. With Lynis celebrating. Compared to commercial solutions, Lynis is. That is another important aspect of our. The last one might be surprising, but Lynis is written in shell. Not in bash, but bourne shell (/bin/sh). This makes it perfect. Python. Simply fetch the output of your script and embed into your. Another benefit is that Lynis runs on AIX, Free. BSD, Open. BSD. Linux, mac. OS, and others. As long as you have that basic /bin/sh shell. Do you have any tips for people that like to contribute to open source projects? Maybe. the most important tip is that your involvement with a project could. Think of finding a job, a. Even if you can't program, you can help making. Even if you find a small typo, that is already. For those who can do programming, any tips? If. you have the gift of being a developer, then I suggest valuing your. In my opinion, it is better to make one very good tool, than three. Focus on easy of use, documentation, design, sane. Last but. not least, learn the skill of marketing. Even the best open source tools. Besides Lynis, are there any projects that you are involved in? People. might know me from my first big project in the past, named rkhunter. Rootkit Hunter). While I still read about malware, I don't do as much. The time of dissecting rootkits is over. Instead, I. put in a lot of time to share knowledge regarding Linux security (like. The state of Linux security' - -> https: //linux- audit. The blog Linux Audit is one of these places where I share such. As a technical founder, I find it important to help making. By sharing tips and ideas. Another area includes giving. Last year about 1. Speaking about. conferences, I help to organize one in The Netherlands. It is a Dutch. UNIX user group (NLUUG), focused on open standards like open source and. GNU/Linux. Besides being a board member, I provide my guidance in the. And another small side. I'm running, is the Twitter handle @infosec_cfp. It helps. security specialists to get involved in call for papers/proposals of any. If we like to know more about you, what is a good place to look?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |