Category: Linux


A remotely exploitable vulnerability in bash has been discovered by Stephane Chazelas. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This affects Debian as well as other Linux distributions. The vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the Bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. The name of these crafted variables does not matter, only their contents. As a result, this vulnerability is exposed in many contexts.

This issue affects all software that uses the Bash shell and parses values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

However, there is nothing to worry about as a patch has been issued. It is recommended to install it using your system software manager.

Bash Patch

You can verify the upgrade by running the following command. You should receive “Not vulnerable”.

$env check=’Not vulnerable’ x='() { :;}; check=Vulnerable’ bash -c ‘echo $check

Read more : https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

varnish

If you have a website, it is crucial it loads up fast so users get a good experience. There is a small piece of software known ‘Varnish Cache’ which can help your side load faster by caching its content. Varnish Cache is an open source web application accelerator also known as HTTP accelerator or caching HTTP reverse proxy. Varnish Cache can dramatically improve the site performance and depending upon your system architecture can speedup your website performance by 80% or more.
Continue reading

Configure Static IP in RHEL 7

It is fairly simple to configure a static IP address in Red Hat Enterprise Linux 7.

First one needs to stop & disable the Network Manager service. We do so since we are going to manually enter our network parameters.

To stop & disable the Network Manager service issue;

#systemctl stop NetworkManager.service

#systemctl disable NetworkManager.service

Next issue the following command if you are not sure of the name of the interface you want to set the static IP for. [If you have a single network interface card(NIC) installed in your system, there would be only a single file with the NIC name in network-scripts directory & hence issuing this command is avoidable.]

#ipconfig -a

Next we need to edit manually the interface file. It is recommended you take a backup of this file first before editing.

#vi /etc/sysconfig/network-scripts/ifcfg-p2p1

Keep the default file parameters as they are & simply make the below changes.

BOOTPROTO=STATIC

ONBOOT=yes

IPADDR=192.168.1.71

NETMASK=255.255.255.0

GATEWAY=192.168.0.1

Save the file & quit Vi.

You should keep a note in your mind. Whenever you edit a network interface file, you must restart the network service for the changes to take effect. Since RHEL 7 uses ‘systemd’ to manage the services we issue the following command to restart the network service.

#systemctl restart network

(Though one can even use the old #service network restart)

Once the network service is restarted successfully, you can verify the new IP by;

$ifconfig

Like most others, if you tried installing Windows 8.1 or Windows Server 2012 R2 64Bit in Oracle Virtualbox, you must have encountered the following error.

Win_VM_Error

This error occurs when the instruction CMPXCHG16B is disabled in your CPU. It is so by default in Oracle Virtualbox. The simple solution is to enable this instruction & then you should not get the error on initializing the Windows 8.1/Windows 2012 virtual machine.

To do this on your linux system first issue the following command,

$VBoxManage list vms

The above command will list all the virtual machines present. Be sure to run this command as a normal user. You won’t see a list of vm’s if the command is executed as a root. The VboxManage command is case-sensitive, keep that in mind. So make sure you use it properly as VboxManage.

Once done, copy down the vms name. In my case “Windows”.

[shuttertux@localhost ~]$ VBoxManage list vms

“Windows” {6e60906c-d449-4142-ba17-bb0424d3da3d}

Now to enable the CMPXCHG16B CPU instruction one needs to execute,

$VBoxManage setextradata “Windows” VBoxInternal/CPUM/CMPXCHG16B 1

The value ‘1’ at the end of the command enables the desired CPU instructions. Now you can go ahead successfully and install Windows 8.1/Windows 2012 64Bit in Oracle VirtualBox.

The wikipedia explains the following on CMPXCHG16B CPU instructions:

Early AMD64 processors lacked the CMPXCHG16B instruction, which is an extension of the CMPXCHG8B instruction present on most post-80486 processors. Similar to CMPXCHG8B,CMPXCHG16B allows for atomic operations on octal words. This is useful for parallel algorithms that use compare and swap on data larger than the size of a pointer, common in lock-free and wait-free algorithms. Without CMPXCHG16B one must use workarounds, such as a critical section or alternative lock-free approaches. This also prevents 64-bit Windows from having a user-mode address space larger than 8 terabytes. The 64-bit version of Windows 8.1 requires this feature.

As we saw earlier, Rsync can be a nifty tool to transfer data across the systems in an organization while taking backup. However, its prompt for password during transfers can irritate everytime you transfer. Even having a cron-job for automatic backups using rsync will mean you having to enter password which defeats the purpose of cron-job. Here I will show you how you can use rsync over ssh to sync data across computers without password. That’s right, password less transfers with rsync.

First on your server(IP:192.168.100.101) create a ssh key using ssh-keygen,

#ssh-keygen

It will ask you for a location, hit enter for the default location. Next you’ll be prompted for a pass-phrase, hit enter & confirm it with another enter. We want the pass-phrase to be blank. You’ll get the following.

Generating public/private rsa key pair.
Enter file in which to save the key (root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

Next we will need to copy the public key to the remote system(192.168.100.102). On the local system(192.168.100.101) enter the following;

#ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.100.102

You’ll be prompted for password for the remote system. Once you enter it, the key will be copied on the remote host. Now you can use rsync to connect & transfer to the remote system(192.168.100.102) without any password prompt.

#rsync -avz -e ssh /root/Desktop/test root@192.168.100.102:/root/Desktop

Now the transfer will be commenced without any prompt for password. You can transfer your public key to various other systems on your network to facilitate a password-less rsync over ssh.

Follow

Get every new post delivered to your Inbox.

Join 81 other followers

%d bloggers like this: