Security Introduction

The EulerOS team does its utmost to protect the safety of our customers, and we regard software security as a continuous development process. We implement the following measures:

•Promptly react to security incidents and deliver premium quality security updates

•Continuously improve the security-related functionality in EulerOS products

•Continuously contribute to the rapidly growing maturity of Open Source Software

•Respect the Open Source Software security principles of openness, transparency and traceability

Software security is a complex challenge. Software can provide many of its own security features, such as authentication methods, encryption, intrusion prevention and detection, and backup. At the same time, it can also contain errors (both deliberate and accidental) that can affect the system's security, including design flaws, programming errors, and backdoors. The EulerOS Security Team addresses all of these aspects of software security to ensure the security of the customer's system.

Software provides security features (such as authentication methods, encryption, intrusion prevention and detection, backup and others), but it also contains errors (such as design flaws, programming errors, and even backdoors) that often turn out to be relevant for the system's security. The EulerOS Security Team's task is to addresses all of these aspects of software security, in conviction that security in software is a challenge that never ends.

Security Features:

•A modern Linux Operating System feature a rich set of security programs and functions that range from access controls, intrusion prevention and detection, flexible and trustworthy authentication mechanisms, encryption for files and network connections, file integrity checking utilities, network analysis tools and monitoring/logging utilities for your system.

•To complement this, there are advanced tools that help you to securely configure and administer your system, and to securely download and install update packages. The update packages fix security bugs that have been found after your product has been made.

•The security features of your Linux system are waiting for you to explore them. Take advantage of them to further improve the level of privacy and security that is built into your system already by default!

Security Bugs:

•Programs are (usually) written by humans, and humans make mistakes. By consequence, all software contains errors. Some of these errors appear as instabilities (the software or the entire system crashes), while others may not have any apparent, visible effect. However, some software errors may introduce a security risk.

•A local or a remote attacker may be able to feed specially drafted data to the software which takes advantage of the programming error (in the case of a remotely exploitable bug, the data comes from an attached network device, such as a cable or DSL modem, or a wireless network interface card). The application then either crashes, resulting in a Denial of Service (DoS) attack, or it executes code that originates from the attacker, transferring control over the execution context from what the programmer intended to what the attacker has in mind for the exploitation of the error. Depending on the software's function, the resulting security breach can impose little or high security risks for your data and your system, potentially giving an attacker the opportunity to delete, alter or even steal your data, or use the system for his own purposes.

•Help to carefully select and configure the software used in EulerOS.

•Develop security tools and applications.

•Regularly conduct source code audits of Open Source Software. A source code audit is a detailed in-depth analysis of the program text that the programmer wrote to implement the functions of the software.

•Monitor security mailing lists for security related errors in software.

•Maintain contact to software authors, individuals that specialize in software security and software security organizations (such as the CERT) to communicate and coordinate technical and organizational details about security related malfunctions in software.

•Provide solutions for software security breaches in the form of security updates.

•Communicate the error and the availability of security updates (update packages).

Security Service

EulerOS provides the following security services:

•Reads and responds (non-automated) to all email communication within three working days.

•Keeps you informed. If the issue you tell us about is complicated and requires greater attention from our technical staff, we contact you to explain this and when to expect a more detailed response.

•Works with you to identify other organizations, such as other open source software vendors, that you may wish to also contact about the issue.

•Directs all customers without security-related inquiries to more appropriate contact points.

EulerOS rates the impact of security issues found in products using a four-point scale (Low, Moderate, Important, and Critical), as well as Common Vulnerability Scoring System (CVSS) base scores. For a detailed description of the CVSS V3 standard, please refer to the following official link: 

https://www.first.org/cvss/calculator/3.0 These provide a prioritized risk assessment to help you understand and schedule upgrades to your systems, enabling informed decisions on the risk each issue places on your unique environment.