security

  • user warning: Table 'cache' is marked as crashed and should be repaired query: SELECT data, created, headers, expire FROM cache WHERE cid = 'filter:1:79209cb7f30f20eaf2de8a97166807a6' in /home/dowdle/public_html/montanalinux/includes/database.mysql.inc on line 121.
  • user warning: Table 'cache' is marked as crashed and should be repaired query: UPDATE cache SET data = '<p><a href=\"http://firehol.sourceforge.net\" target=\"_new\">FireHOL</a> allows you to configure your firewall using a \"high-level\" language that anyone can read. Meanwhile, it allows all the power and flexibility you have come to expect from iptables.</p>\n<br class=\"clear\" />', created = 1410989889, expire = 1411076289, headers = '' WHERE cid = 'filter:1:79209cb7f30f20eaf2de8a97166807a6' in /home/dowdle/public_html/montanalinux/includes/database.mysql.inc on line 121.

Video: LFNW2010 - Linux Server Hardening

| |

Linux Server Hardening Tips and Techniques by Gary Smith.

Video: LFNW2010 - Hack this Site

| |

Hack this Site or Learn How Anyway by Andrew Becherer.

Kernel 2.6.17 - 2.6.24 Security Flaw

|

Just so you are aware... two days ago a bug was announced in Linux kernels 2.6.17 and above... that will give a local user root access. Here's info with the exploit code:

http://www.securityfocus.com/bid/27704/info

I have verified that the exploit compiles and works. I was able to get root on stock Fedora, RHEL and CentOS machines running the 2.6.18 or above kernels. Supposedly all distros running a 2.6.17 or later kernel are affected... even those running with the grsecurity patches.

I was unable to get root on an OpenVZ patched kernel but the exploit did cause a kernel panic that locked the machine I tried it on. I didn't want to crash any more machines so I didn't try any more. I've heard (but have not verified) that Linux-Vserver is affected on both the host node and inside of containers although exploits done within containers only get root of the container and are still trapped inside of it. Your milage may vary. Kernels prior to 2.6.17 are not affected. I hope vendors have fixes for this RSN... although I have heard that the current fix is not complete.

Update: The bug got fixed upstream late Sunday... and has found its way into a number of distro updates including Debian, rPath, Fedora, and PCLinuxOS. Red Hat, after the QA process, just released this morning (Tuesday). It seems that distros or kernel releases based on distro release updates will take a bit longer... CentOS and OpenVZ for example.

Update: 02/13/08 CentOS has released updated kernel packages.


Firewalling with FireHOL

| | | |

FireHOL allows you to configure your firewall using a "high-level" language that anyone can read. Meanwhile, it allows all the power and flexibility you have come to expect from iptables.


Syndicate content