Tag Archives: linux news

Patch your FreeBSD server for openssh vulnerabilities [11/Jan/2017]

Patch your FreeBSD server for openssh vulnerabilities [11/Jan/2017]

OpenSSH is critical for both sysadmin and programmers. It is an implementation of the SSH protocol suite, from OpenBSD project. It provides an encrypted session to your server.

OpenSSH multiple vulnerabilities

OpenSSH has multiple vulnerabilities as of 11th January 2017 running on FreeBSD operating system. From the advisory:

The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009]

When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of ‘root’ instead of the authenticated user. [CVE-2016-10010]

Solution

I updated my vulnerable FreeBSD box via a binary patch:
# freebsd-update fetch
# freebsd-update install
# service sshd restart
# ps aux | grep -i ssh-agent

If found any ssh-agent process, kill all running ssh-agent:
# killall ssh-agent

Fig.01: Fixed FreeBSD-SA-17:01.openssh

Fig.01: Fixed FreeBSD-SA-17:01.openssh

For more info see FreeBSD security mailing list.

Halal Vitamins

Powered by WPeMatico

Awesome comic explains HTTP status code

Awesome comic explains HTTP status code

HTTP response status codes indicate whether a specific HTTP request has been successfully completed. However, I guess you know that. If you or your friend wanted a refresh course, check out this comic.

Web Server HTTP Status codes

Also check out

  1. HTTP status code using doggo
  2. HTTP status code using kitten

Comic credit

  • Taken from monkeyuser.com comics page.

Halal Vitamins

Powered by WPeMatico

How to speeding up SSH session creation

How to speeding up SSH session creation

You can reuse OpenSSH connections to the same server when you want to open subsequent connections to the same server. For example, if I ran ssh vivek@server42.cyberciti.biz, the ssh client will establish a new SSH connection. It usually takes only a few seconds. However, if I run ssh vivek@server42.cyberciti.biz command again, connecting to a server42.cyberciti.biz multiple times result into the overhead.

This tutorial talks about ssh features called multiplexing that reuse an already-established connection when creating a new SSH session.

Halal Vitamins

Powered by WPeMatico

Linux / Unix: “-bash: python: command not found” error and solution

Linux / Unix: “-bash: python: command not found” error and solution

I am a new user and trying to run Python program. I have a cloud based VM/VPS and when I type python mycode.py at the terminal of my server, I get the following error:
-bash: python: command not found

How do I solve this problem?
Halal Vitamins

Powered by WPeMatico

Talos Secure POWER8 Linux Workstation With Fully Open Source Firmware

Talos Secure POWER8 Linux Workstation With Fully Open Source Firmware
Raptor Engineering is working and crowdfunding a high-end power8 based desktop computer with zero proprietary firmware blobs in the Talos Secure Workstation. Traditionally IBM, Oracle(Sun), Intel/AMD and others ruled this market segment. But now there is competition to Intel for a desktop computer.
talos openpower
Halal Vitamins

Powered by WPeMatico

How to secure MongoDB on Linux or Unix production server

How to secure MongoDB on Linux or Unix production server

MongoDB ransom attacks are in Wild. I am using it for storing data on my public facing cloud server powered by Ubuntu Linux. How do I protect and secure my MongoDB nosql server on Linux or Unix operating system?
Halal Vitamins

Powered by WPeMatico

Why HTTPS for Everything?

Why HTTPS for Everything?

HTTPS enables privacy and integrity by default. It is going to be next big thing. The internet’s standards bodies, web browsers, major tech companies, and the internet community of practice have all come to understand that HTTPS should be the baseline for all web traffic. Ultimately, the goal of the internet community is to establish encryption as the norm, and to phase out unencrypted connections. Investing in HTTPS makes it faster, cheaper, and easier for everyone.

Free SSL certificate for all

You can get your free ssl cert with Let’s Encrypt project. It is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption. See how to configure and use Let’s Encrypt TLS on a Ubuntu or Debian Linux:

In this tutorial, I will explain how to use Let’s Encrypt to install a free SSL certificate for Nginx web server along with how to properly deploy Diffie-Hellman on your nginx server to get SSL labs A+ score.

Halal Vitamins

Powered by WPeMatico

Awesome Git Commands & Best Practices Cheat Sheet For Sysadmin and DevOPS

Awesome Git Commands & Best Practices Cheat Sheet For Sysadmin and DevOPS

git-cheat-sheetGit is a version control system (VCS) for tracking changes in computer files and coordinating work on those files among multiple people. It is primarily used for software development, but it can be used to keep track of changes in any files.

This cheat-sheet is useful for both sysadmins and programmers/devops peeps. You can download larger version by visiting this url.

Halal Vitamins

Powered by WPeMatico