{"id":9951,"date":"2021-08-25T14:44:23","date_gmt":"2021-08-25T11:44:23","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9951"},"modified":"2021-08-25T14:44:23","modified_gmt":"2021-08-25T11:44:23","slug":"linux-security-hybrid-cloud","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/linux-security-hybrid-cloud\/9951\/","title":{"rendered":"Linux&#8217;un korumaya ihtiyac\u0131 var m\u0131?"},"content":{"rendered":"<p>Yak\u0131n zamana kadar BT toplulu\u011funun b\u00fcy\u00fck bir b\u00f6l\u00fcm\u00fc, sistem mimarisinin do\u011fas\u0131 gere\u011fi neredeyse yenilmez oldu\u011fu, sald\u0131rganlar\u0131n ilgisini \u00e7ekmedi\u011fi ve a\u00e7\u0131k kaynak kod ideolojisinin beklenmedik, ciddi g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n ortaya \u00e7\u0131kmas\u0131na kar\u015f\u0131 bir t\u00fcr olarak g\u00fcvence oldu\u011fu d\u00fc\u015f\u00fcncesiyle Linux makinelerinin korumaya ihtiyac\u0131 olmad\u0131\u011f\u0131na ikna edildi. Ancak son y\u0131llarda, sabit fikirli bilgi g\u00fcvenli\u011fi \u00e7al\u0131\u015fanlar\u0131 bile bu ifadelerin temelinin olduk\u00e7a zay\u0131f oldu\u011funun fark\u0131na vard\u0131lar.<\/p>\n<h2>Linux sunuculara y\u00f6nelik tehditler<\/h2>\n<p>Siber su\u00e7lar yaln\u0131zca son kullan\u0131c\u0131lar\u0131n harcamalar\u0131ndan para kazanmaya odakl\u0131yken Linux sunucular\u0131 ger\u00e7ekten de g\u00f6rece olarak g\u00fcvenliydi. Ancak g\u00fcn\u00fcm\u00fcz siber su\u00e7lular\u0131, uzun zaman \u00f6nce \u00e7ok daha b\u00fcy\u00fck kazan\u00e7lar elde edebilecekleri, daha y\u00fcksek potansiyele sahip i\u015f d\u00fcnyas\u0131na odakland\u0131lar. Farkl\u0131 Linux yap\u0131lar\u0131n\u0131n ciddi bir \u015fekilde incelendi\u011fi yer i\u015fte tam da buras\u0131. Sonu\u00e7 olarak bir sunucu, casusluk, sabotaj veya s\u0131radan fidye yaz\u0131l\u0131m\u0131 da\u011f\u0131t\u0131m\u0131, amac\u0131 her ne olursa olsun her sald\u0131rgan i\u00e7in stratejik bir \u00f6neme sahiptir. Bu konudaki \u00f6rnekler i\u00e7in \u00e7ok da uzaklara bakman\u0131za gerek yok.<\/p>\n<ul>\n<li>Ge\u00e7en Kas\u0131m ay\u0131nda uzmanlar\u0131m\u0131z, RansomEXX Truva At\u0131nda, Linux makinelerindeki verileri \u015fifreleyebilecek bir de\u011fi\u015fiklik yap\u0131ld\u0131\u011f\u0131n\u0131 <a href=\"https:\/\/securelist.com\/ransomexx-trojan-attacks-linux-systems\/99279\/\" target=\"_blank\" rel=\"noopener\">tespit ettiler<\/a>. Belirli kurulu\u015flara y\u00f6nelik hedefli sald\u0131r\u0131larda kullan\u0131lmak \u00fczere (kod ve fidye notu her yeni hedef i\u00e7in \u00f6zelle\u015ftirilir) uyarlanm\u0131\u015f Truva at\u0131 ke\u015ffedildi\u011finde zaten kullan\u0131l\u0131yordu.<\/li>\n<li>Bu yaz tespit edilen ve ve bula\u015ft\u0131\u011f\u0131 makinelerdeki t\u00fcm Docker kapsay\u0131c\u0131lar\u0131n\u0131 durdurabilen <a href=\"https:\/\/securityaffairs.co\/wordpress\/119256\/uncategorized\/wormable-bash-darkradiation-ransomware.html\" target=\"_blank\" rel=\"noopener nofollow\">DarkRadiation fidye yaz\u0131l\u0131m\u0131<\/a>, Red Hat\/CentOS ve Debian Linux\u2019a y\u00f6nelik sald\u0131r\u0131lar i\u00e7in \u00f6zel olarak olu\u015fturulmu\u015f. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m tamamen bir Bash komut dosyas\u0131na yaz\u0131lm\u0131\u015f ve C&amp;C sunucular\u0131yla ileti\u015fim kurmak i\u00e7in bir Telegram messenger API\u2019si kullan\u0131yor.<\/li>\n<li>G\u00fcn\u00fcm\u00fczdeki hemen hemen her APT grubunun Linux i\u00e7in arka kap\u0131lar\u0131, rootkit\u2019leri veya yetkisiz eri\u015fim sa\u011flamaya y\u00f6nelik kodu bulunuyor. K\u00fcresel Ara\u015ft\u0131rma ve Analiz Ekibimiz (GReAT), Linux makinelerini hedef alan <a href=\"https:\/\/securelist.com\/an-overview-of-targeted-attacks-and-apts-on-linux\/98440\/\" target=\"_blank\" rel=\"noopener\">en yeni APT ara\u00e7lar\u0131yla ilgili bir \u00e7al\u0131\u015fma yay\u0131nlad\u0131lar<\/a>.<\/li>\n<\/ul>\n<p>Her ne kadar a\u00e7\u0131k kaynak toplulu\u011fu da\u011f\u0131t\u0131mlar\u0131 dikkatle incelese, ortakla\u015fa bir \u015fekilde g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 de\u011ferlendirse ve sorumlu bir \u015fekilde davranarak bunlarla ilgili bilgileri (\u00e7o\u011fu zaman) yay\u0131nlasa da sistem y\u00f6neticileri her zaman Linux sunucular\u0131n\u0131 g\u00fcncellemiyor. Bir\u00e7o\u011fu hala \u201c\u00e7al\u0131\u015f\u0131yorsa dokunma\u201d diye d\u00fc\u015f\u00fcn\u00fcyor.<\/p>\n<p>Baz\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n olduk\u00e7a ciddi olmas\u0131na ra\u011fmen y\u00f6neticiler aras\u0131nda bu yakla\u015f\u0131m hala olduk\u00e7a yayg\u0131n. \u00d6rne\u011fin, siber su\u00e7lular yetki y\u00fckseltimi i\u00e7in polkit sistem hizmetinde (bir\u00e7ok Linux da\u011f\u0131t\u0131m\u0131nda varsay\u0131lan olarak y\u00fcklenir) bulunan ve Haziran 2021\u2019de yay\u0131nlanan <a href=\"https:\/\/access.redhat.com\/security\/cve\/CVE-2021-3560\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-3560<\/a>\u2018\u0131 kullanabilir. G\u00fcvenlik a\u00e7\u0131\u011f\u0131, CVSS v3 \u00f6l\u00e7e\u011finde 10 \u00fczerinden 7.8 olarak puanland\u0131.<\/p>\n<h2>Linux sunucular\u0131 nas\u0131l g\u00fcvenli hale getirilir?<\/h2>\n<p>Her ne kadar Kaspersky Endpoint Security for Linux, kullan\u0131c\u0131lar\u0131 bu t\u00fcr sorunlardan uzun s\u00fcredir koruyor olsa da Linux \u00fczerinde \u00e7al\u0131\u015fan sunuculara y\u00f6nelik sald\u0131r\u0131lar\u0131n artmas\u0131yla birlikte \u00e7\u00f6z\u00fcm\u00fcm\u00fcz\u00fc bir dizi yeni teknolojiyle g\u00fcncellemeye karar verdik.<\/p>\n<p>\u0130lk olarak, \u00e7\u00f6z\u00fcm\u00fcm\u00fcz art\u0131k tam Uygulama Denetimi (yaln\u0131zca g\u00fcvenilenler listesindeki uygulamalar\u0131 \u00e7al\u0131\u015ft\u0131rmaya veya g\u00fcvenilmeyenler listesindekileri engellemeye y\u00f6nelik bir teknoloji) i\u00e7eriyor. Kullan\u0131c\u0131lar\u0131n bu mod\u00fcl\u00fc yap\u0131land\u0131rmas\u0131na yard\u0131mc\u0131 olmak ad\u0131na y\u00fcr\u00fct\u00fclebilir programlar envanterine yeni \u00f6zellikler ekledik ve \u00f6zel kategoriler tan\u0131mlad\u0131k. Bu, \u00e7ok \u00e7e\u015fitli tehditlere kar\u015f\u0131 son derece etkili koruma sa\u011fl\u0131yor. \u0130kincisi, art\u0131k sistemin fidye yaz\u0131l\u0131m\u0131na kar\u015f\u0131 koruma \u00f6zelli\u011finin (bu t\u00fcr k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar art\u0131k davran\u0131\u015f \u015fekilleriyle tespit ediliyor) g\u00fc\u00e7lendirilmesinin zaman\u0131 gelmi\u015fti.<\/p>\n<p>Linux makinelerinin \u00f6nemli bir b\u00f6l\u00fcm\u00fcn\u00fcn art\u0131k m\u00fc\u015fterilerin ofislerinde \u00e7al\u0131\u015fan fiziksel makineler de\u011fil, bulut sunucular\u0131 oldu\u011funun da fark\u0131nday\u0131z. Ayr\u0131ca kapsay\u0131c\u0131la\u015ft\u0131rma (containerization) teknolojilerinin geli\u015fimi sayesinde art\u0131k uygulamalar\u0131, y\u00f6neticilerin \u00f6l\u00e7eklenebilirlik sorunlar\u0131n\u0131 \u00e7\u00f6zmesine, uygulama kararl\u0131l\u0131\u011f\u0131n\u0131 art\u0131rmas\u0131na ve bilgi i\u015flem kaynaklar\u0131n\u0131n verimlili\u011fini art\u0131rmas\u0131na olanak tan\u0131yan kapsay\u0131c\u0131larda \u00e7al\u0131\u015ft\u0131rmak da m\u00fcmk\u00fcn. Bu nedenle, \u00e7\u00f6z\u00fcm\u00fcm\u00fcz\u00fc herkese a\u00e7\u0131k bulutlarda da\u011f\u0131tmaya ve kapsay\u0131c\u0131la\u015ft\u0131rma platformlar\u0131n\u0131 (Docker, Podman, Cri-O ve Runc) korumaya y\u00f6nelik senaryolara odakland\u0131k. Bunlar, hem teknisyenlerin tehditleri i\u00e7eren belirli kapsay\u0131c\u0131lar\u0131 tan\u0131mlamas\u0131na ve k\u00f6t\u00fc ama\u00e7l\u0131 dosyalara giden yollar\u0131 (\u00e7al\u0131\u015fma zaman\u0131-runtime ortam\u0131nda) belirlemesine olanak tan\u0131yan, \u00e7al\u0131\u015ft\u0131r\u0131lan kapsay\u0131c\u0131lara y\u00f6nelik tehdit alg\u0131lama modu i\u00e7in hem de iste\u011fe ba\u011fl\u0131 \u015fekilde kapsay\u0131c\u0131 g\u00f6r\u00fcnt\u00fclerini (hem yerel hem de depolarda bulunan) kontrol etmeye y\u00f6nelik sunulan hizmet i\u00e7in ge\u00e7erlidir. \u0130kinci senaryoda, bir Docker kapsay\u0131c\u0131s\u0131nda Kaspersky Endpoint Security for Linux\u2019u \u00e7al\u0131\u015ft\u0131rmak ve bunu, \u00f6rne\u011fin CI\/CD hatt\u0131ndaki kapsay\u0131c\u0131 g\u00f6r\u00fcnt\u00fclerini tarama g\u00f6revlerini otomatikle\u015ftirmeye yarayan RESTful API\u2019yi kullanarak di\u011fer kapsay\u0131c\u0131lar\u0131 tehditlere kar\u015f\u0131 taramak i\u00e7in kullanmak m\u00fcmk\u00fcnd\u00fcr.<\/p>\n<p>Kullan\u0131c\u0131lar art\u0131k Microsoft Azure, AWS, Google Cloud ve Yandex Cloud gibi herkese a\u00e7\u0131k bulutlardaki sunuculara ve kapsay\u0131c\u0131 y\u00fcklerine ait koruman\u0131n y\u00f6netimi konusunda birden fazla se\u00e7ene\u011fe sahip. Birinci se\u00e7enek, \u015firket i\u00e7i bir veri merkezinde veya herkese a\u00e7\u0131k bir buluttaki konsol arac\u0131l\u0131\u011f\u0131yla y\u00f6netim. \u0130kinci se\u00e7enek ise, bizim taraf\u0131m\u0131zdan da\u011f\u0131t\u0131lan ve desteklenen Kaspersky Security Center Bulut Konsolu arac\u0131l\u0131\u011f\u0131yla y\u00f6netimdir ve bu se\u00e7enek y\u00f6neticiye, kendi altyap\u0131s\u0131n\u0131n korunmas\u0131n\u0131n y\u00f6netimi konusuna odaklanmas\u0131n\u0131 sa\u011flar.<\/p>\n<p>Kaspersky Endpoint Security for Linux, <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security\/virtualization-hybrid-cloud?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____khcs___\" target=\"_blank\" rel=\"noopener\">Kaspersky Hybrid Cloud<\/a> \u00e7\u00f6z\u00fcm paketinin bir par\u00e7as\u0131d\u0131r. \u00d6zellikle otomatik engelleri a\u015fabilen tehlikeli siber tehditlere y\u00f6nelik <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/managed-detection-and-response?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Managed Detection and Response<\/a> hizmetiyle entegre olur.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Son zamanlarda Linux&#8217;e y\u00f6nelik tehditlerle ilgili \u00e7\u0131kan haberlerde bir art\u0131\u015f s\u00f6z konusu. \u0130\u015fte bu konuya ili\u015fkin yapabilecekleriniz.  <\/p>\n","protected":false},"author":1475,"featured_media":9952,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2461,2037,2462,2276],"class_list":{"0":"post-9951","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-docker","10":"tag-hibrit-bulut","11":"tag-kapsayicilastirma","12":"tag-linux"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/linux-security-hybrid-cloud\/9951\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/linux-security-hybrid-cloud\/23203\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/linux-security-hybrid-cloud\/18691\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/linux-security-hybrid-cloud\/25230\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/linux-security-hybrid-cloud\/23297\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/linux-security-hybrid-cloud\/41259\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/linux-security-hybrid-cloud\/15149\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/linux-security-hybrid-cloud\/31462\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/linux-security-hybrid-cloud\/29577\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/linux-security-hybrid-cloud\/29382\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/hibrit-bulut\/","name":"hibrit bulut"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9951","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/1475"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9951"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9951\/revisions"}],"predecessor-version":[{"id":9953,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9951\/revisions\/9953"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9952"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}