The article mentions certain things, but every piece of outside software run is a potential security problem. Every piece of inside software is a potential security problem for that matter. The authors don't even have to be malicious, just careless. How many remote holes did Drupal, Joomla and Wordpress have? (A lot)
Yes, the article is right that you should not just grab some random compiled binary and throw it on your production server. It mentions Debian. I suspect Red Hat and Suse have better solutions, as their customers demand it. Of course they may not have an officially blessed package of something that was released last month.
How to be a good sysadmin? For big installations there are production servers, staging servers, development servers, and then often some unofficial development servers. You control access to the production server, the procedure to do releases is formalized. You update server firmware, OS updates and package security updates. Do it regularly on staging, QA it, then do it on production.
Most security breakins I have seen are because a non sysadmin, non security person is doing something they're not supposed to. They're running an unauthorized server on their desktop not set up by the sysadmins, with a glaring security hole. Or an outside consultant is careless about how they connect to your systems, and someone breaks in through their account.
Maybe you're a sysadmin at a web site and you notice scripts trying to hack web usernames and passwords. Your workload is high, and you bring this to the attention of the head developers and management. No one cares, the business logic management wants implemented in the short term is very high, there is no time or budget for security. So you can either end your normal work at 6:15 PM and stay another hour at work each day fixing the problem, or ignore it and go home like everyone else.
I knew some people who were on the early tiger teams for the big accounting firms. They told me their success rate was 100% - they managed to get in to the company systems every time. They also mentioned they were at a disadvantage, as they had to remain within the law (beyond the blessing of management to probe security), while others doing so would not.
Insofar as logging - syslog calls from programs go to syslogd. This can be sent to various places, including to /var/log. You can tune facilities and logging levels in the syslog configuration file. Under systemd it might be different. Do you understand what I said in this paragraph? Good, you now know more than 95% of the Unix sysadmins I've interviewed over the past 20 years. I wish I was kidding.
Yes, the article is right that you should not just grab some random compiled binary and throw it on your production server. It mentions Debian. I suspect Red Hat and Suse have better solutions, as their customers demand it. Of course they may not have an officially blessed package of something that was released last month.
How to be a good sysadmin? For big installations there are production servers, staging servers, development servers, and then often some unofficial development servers. You control access to the production server, the procedure to do releases is formalized. You update server firmware, OS updates and package security updates. Do it regularly on staging, QA it, then do it on production.
Most security breakins I have seen are because a non sysadmin, non security person is doing something they're not supposed to. They're running an unauthorized server on their desktop not set up by the sysadmins, with a glaring security hole. Or an outside consultant is careless about how they connect to your systems, and someone breaks in through their account.
Maybe you're a sysadmin at a web site and you notice scripts trying to hack web usernames and passwords. Your workload is high, and you bring this to the attention of the head developers and management. No one cares, the business logic management wants implemented in the short term is very high, there is no time or budget for security. So you can either end your normal work at 6:15 PM and stay another hour at work each day fixing the problem, or ignore it and go home like everyone else.
I knew some people who were on the early tiger teams for the big accounting firms. They told me their success rate was 100% - they managed to get in to the company systems every time. They also mentioned they were at a disadvantage, as they had to remain within the law (beyond the blessing of management to probe security), while others doing so would not.
Insofar as logging - syslog calls from programs go to syslogd. This can be sent to various places, including to /var/log. You can tune facilities and logging levels in the syslog configuration file. Under systemd it might be different. Do you understand what I said in this paragraph? Good, you now know more than 95% of the Unix sysadmins I've interviewed over the past 20 years. I wish I was kidding.