Sunday 28 September 2014

Shellshock vulnerability in bash

Shellshock is a vulnerability in GNU's bash shell that gives attackers access to run remote commands
on a vulnerable system. If your system has not updated bash in since Sun Sep 28 2014: 1:11AM EST,
you're most definitely vulnerable and have been since first boot.
    Certain services and applications allow remote unauthenticated attackers to provide environment variables,
allowing them to exploit this issue.
    The Shellshock vulnerability can be exploited on systems that are running Services or applications
that allow unauthorized remote users to assign Bash environment variables. Examples of exploitable systems
include the following:

  • Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash sub-shells
  • Certain DHCP clients
  • Open SSH servers that use the ForceCommand capability
  • Various network-exposed services that use Bash



There are a few different ways to test if your system is vulnerable to shellshock. Try running the following command in a shell.
 

#env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If you see "vulnerable" you need to update bash. Otherwise, you should be good to go.



CentOS, Ubuntu, Linux systems
Shellshock is a vulnerability in bash. In order to patch your vulnerable system, you will need
to get the most up to date version of bash available from GNU.org.

Depending on your package manager (yum, apt-get, etc) you may be able to just run a yum update
and you'll be good to go.


Patch your system
For CentOS, Fedora, Red Hat (and the like) users, justto update it
In order to update to the most recent version of the Bash package run the following command:


you can also retrieve Bash version using any of these commands:

#rpm -q bash
#yum info bash
#yum list installed bash


If the output shows version older than 4.1.2-15.el6_5.1, you’d need upgrade bash to its most recent version. If that’s the case, then execute the following YUM command:



CentOS /RedHat  

#yum clean all; yum update bash
 
For Ubuntu Systems:
#apt-get update; apt-get upgrade;
 

For Arch Linux:
#pacman -Syu


If your package manager doesn't find an update, you will need to build bash from src.
Building From Source

#curl https://shellshocker.net/fixbash | sh
#cd ~/
#mkdir bash
#cd bash
#wget https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#tar zxvf bash-4.3.tar.gz
#cd bash-4.3
#./configure && make && make install



Perform a system reboot [might not need a reboot] OR
if system cannot be reboot, run command

#/sbin/ldconfig

No need to reboot your system either. Rebooting may be necessary only if someone has already
taken control of your machine because of the bug.
But in such a case, you should reinstall your system

If you have a strong reason to suspect that a system was compromised by this vulnerability then
a system reboot should be performed after the update is installed as a best security practice
and security checks should be analyzed for suspicious activity.



 

Test your system 

To test your system, log into your bash shell and type:

#env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you see “vulnerable” afterwards, you haven’t patched it.

If you see “this is a test”, you’re patched.


OS X 

If you're running OS X, you will need to download and compile bash yourself using brew or MacPorts.

We recommend using brew - Go to http://brew.sh/ and install brew on your system.

Once you have brew installed, run the following commands to update your system

brew update
brew install bash
sudo sh -c 'echo "/usr/local/bin/bash" >> /etc/shells'
chsh -s /usr/local/bin/bash
sudo mv /bin/bash /bin/bash-backup
sudo ln -s /usr/local/bin/bash /bin/bash


If you're using MacPorts, run the following:

sudo port self update
sudo port upgrade bash

Once you've updated, try the exploit again and report back your findings






Ref Sites :

https://access.redhat.com/articles/1200223
http://www.linuxbrigade.com/bash-shellshock-bug-find-youve-tested/
http://www.joe0.com/2014/09/24/how-to-fix-the-bash-software-bug-biggest-threat-since-heartbleed-on-fedora-centos-red-hat-scientific-linux-yellow-dog-linux-oracle-linux-systems/
https://access.redhat.com/articles/1200223
http://stevejenkins.com/blog/2014/09/how-to-manually-update-bash-to-patch-shellshock-bug-on-older-fedora-based-systems/
http://www.lynda.com/articles/shellshock-bash-exploit
http://www.engadget.com/2014/09/25/what-is-the-shellshock/
http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html
http://lists.centos.org/pipermail/centos-announce/2014-September/020591.html
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
http://timesofindia.indiatimes.com/tech/tech-news/Security-experts-expect-Shellshock-software-bug-to-be-significant/articleshow/43657819.cms
https://access.redhat.com/articles/1200223

Tuesday 16 September 2014

CentOS 7 for 64bit Released

The CentOS Project Team is pleased to announce the immediate availability of CentOS 7 for x86_64. This is the first release for CentOS-7 and is version marked as 7.0-1406. CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by Red Hat.

 
For the first time, this release was built from sources hosted at git.centos.org, however srpms being a byproduct of the build and also considered critical in the code and buildsys process are being published to match every rpm we release. Sources will be available from vault.centos.org in their own dedicated directories to match the corrosponding binary rpms.
For the first time, there is a supported upgrade path from CentOS-6 to CentOS-7. This path is only supported from the latest version of CentOS-6 (being 6.5 at the time of writing) to the latest version of CentOS-7. The tools needed for this functionality are still being tested and will be released at a later time.
There are many fundamental changes in this release, compared to previous releases of CentOS. Notably the inclusion of systemd, Gnome3, and a default filesystem of XFS. Most notable changes are:
  • Kernel updated to 3.10.0
  • Support for Linux Containers
  • Open VMware Tools and 3D graphics drivers out of the box
  • OpenJDK-7 as default JDK
  • In Place Upgrade from 6.5 to 7.0 (as already mentioned)
  • LVM-snapshots with ext4 and XFS
  • Switch to systemd, firewalld and GRUB2
  • XFS as default file system
  • iSCSI and FCoE in kernel space
  • Support for PTPv2
  • Support for 40G Ethernet Cards
  • Supports installations in UEFI Secure Boot mode on compatible hardware


Download ISO Files
Click button below and select from the list of mirrors closest to you to make it faster for download

 













 Ref: http://www.sysads.co.uk/2014/07/centos-7-for-64bit-released/





Change interface name “eth0″ in CentOS 7

Change the default network interface name to “eth0″


CentOS7 has a default nic name as “en016…..”, like this. To change it back to the default network device name like “ethX”, edit the grub file:


# vi /etc/default/grub

Search for the line “GRUB_CMDLINE_LINUX” and append the following: “net.ifnames=0 biosdevname=0


GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="vconsole.font=latarcyrheb-sun16 vconsole.keymap=us rd.lvm.lv=centos/root crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"


Then it Will look like this:



GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="vconsole.font=latarcyrheb-sun16 vconsole.keymap=us rd.lvm.lv=centos/root crashkernel=auto rhgb quiet net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"




Create a new configuration based on the currently running system using grub2-mkconfig command:
# grub2-mkconfig -o /boot/grub2/grub.cfg



Rename the interface files by renaming the file “/etc/sysconfig/network-scripts/ifcfg-en01…
# sudo mv /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eth0

Reboot the system:

# reboot


After reboot, check the interface name:

# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.58.255
inet6 fe80::20c:29ff:fe6e:b0ae prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:6e:b0:ae txqueuelen 1000 (Ethernet)
RX packets 25336 bytes 2829386 (2.6 MiB)
RX errors 0 dropped 11 overruns 0 frame 0
TX packets 172 bytes 35789 (34.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Wednesday 10 September 2014

Tips & Tuning history file.

7 Tips that can help you to improve you Bash history file.
You will learn how to add date and time to bash history file, increase history size, ignore specific commands and much more ..


1. Add Date and Time to Bash History

Sometimes it would be very nice to know when some command got executed.
Set HISTTIMEFORMAT to print the time stamps associated with each history entry.
Append the following line to ~/.bashrc file :

 export HISTTIMEFORMAT="%h %d %H:%M:%S "

Now, when you type history, it will show something like :

113  Jun 08 16:31:06 sudo ifconfig
114  Jun 08 16:31:10 top
115  Jun 08 16:31:19 ping 8.8.8.8
116  Jun 08 16:31:22 history

2. Increase Bash History Size

Increase HISTSIZE - the number of commands to remember in the command history (the default value is 500).
 
export HISTSIZE=10000


Increase HISTFILESIZE - the maximum number of lines contained in the history file (the default value is 500).
 
export HISTFILESIZE=10000

 

 3. Append Bash Commands to History File

Bash overwrites .bash_history file?

 
shopt -s histappend

4. Store Bash History Immediately

By default, Bash only records a session to the .bash_history file when the session terminates.
This means that if you crash or your session terminates improperly, you lose the history up to that point.
Use $PROMPT_COMMAND variable to save each command right after it has been executed.
Append the following line to ~/.bashrc file, if the variable $PROMPT_COMMAND hasn't been set yet :
 
PROMPT_COMMAND='history -a'



Append the following line, if the variable $PROMPT_COMMAND has already been set :
PROMPT_COMMAND='$PROMPT_COMMAND; history -a'

 

 

5. Control Bash History

HISTCONTROL is a colon-separated list of values controlling how commands are saved in the history file.
Value Description
ignorespace don't save lines which begin with a <space> character
ignoredups don't save lines matching the previous history entry
ignoreboth use both 'ignorespace' and 'ignoredups'
erasedups eliminate duplicates across the whole history
Example :
 
export HISTCONTROL=ignorespace:erasedups

 

 

6. Ignore Specific Commands

HISTIGNORE is a colon-separated list of patterns used to decide which command lines should be saved in the history file.
Don't save ls, ps and history commands :
 
export HISTIGNORE="ls:ps:history" 



 Don't save commands with s in the beginig :

export HISTIGNORE="s*"

 

 

7. Use one command per line

Store multi-line commands in one history entry :
shopt -s cmdhist

 

 Change the History File Name

Use HISTFILE to change the name of the file in which Bash history is saved. The default value is ~/.bash_history.
 
export HISTFILE=~/.custom_file



Saturday 6 September 2014

POP3 and IMAP protocol difference

POP3 and IMAP protocol difference


There are mainly two ways to access emails for users. pop3 and imap protols are the commonly using protocol to access the emails.



POP3 (Post Office Protocol 3)  
Port details:

POP3 Port: 110
SSL POP3 Port: 995
In POP3, all emails from your server is downloaded to the local machine. Please note that, you can not access it once you delete the email from email account with POP3. There are a lot of advantages and disadvantages are there with POP3.


Advantages of POP3:

  1. Email is available when you are offline.
  2. Email is not stored on the server, so your disk usage on the server is less.
  3. All email clients (software) support POP3.
  4. There is no advertising when you read your email.
  5. Opening attachments is a quick and painless process because they are already on your PC.
  6. There are often no size limits on the email you send or receive.
  7. There is not a maximum size on your mailbox, except as determined by the size of your hard drive.

Disadvantages of POP3:

  1. Can be much slower to check mail
  2. Much harder to do server-side filtering
  3. Mail is inaccessible from other machines
  4. Opening attachments is a quick and painless process, unless the attachment has a virus payload in it.
  5. All messages are stored on your hard drive eating up what is sometimes very valuable space.
  6. Since all attachments are stored (downloaded) on your PC there is a potential danger of virus attack if they are not properly scanned by virus scanners. Then virus scans can only address 60% of attacks effectively leaving your PC to a great danger.
  7. Email folders can become corrupted and sometimes lost forever. Recovering is often a painful exercise.
  8. All messages are stored on your system, and privacy disappears when someone sits down at your machine. Even if your email reader is password protected, it is often possible for someone who knows what they are doing to read your email by using another application to open your mail folders.
  9. It is unable to manage folders; it can manage only inbox folder
  10. It cannot transfer selected portions of some messages










IMAP (Interactive Mail Access Protocol)  
Port details:

IMAP Port: 143
SSL IMAP Port: 993
In this protocol emails are not stored in the local machine and there is an interactive connection to the server for accessing the emails.



Advantages of IMAP:
  1. Email is available from any machine.
  2. Email is stored on the server, so your email cannot be deleted/destroyed if your computer should happen to crash, be stolen, or destroyed
  3. You can access IMAP mail via the web, without even needing a mail client installed. This means you can check your mail from someone else’s machine or even a public terminal and not have to worry about the security of your passwords.
  4. If you read a message on one computer, it is read on any other computer you use to access your mail. If you reply to an email on one computer, that reply is available on any computer you use.
  5. Robust folders for storing received and sent messages
  6. Freedom for user to download attachments at will
  7. Provision for determining message structure without downloading entire message.
  8. Selective fetching of individual MIME body parts.
  9. Server-based searching and selection to minimize data transfer.
  10. Ability to append messages to a remote folder.
  11. Ability to set standard and user-defined message status flags.
  12. Support for simultaneous update and update discovery in shared folders.
  13. New mail notification.
  14. Ability to manipulate remote folders other than INBOX.
  15. Remote folder management (list/create/delete/rename).
  16. Support for folder hierarchies.
  17. Suitable for accessing non-email data; e.g., NetNews, documents.



Disadvantages of IMAP:

  1. Mail is not usually available if you are offline.
  2. IMAP uses more bandwidth. 
  3. IMAP is slower

Linux Servers Load Monitoring

Load monitoring in Linux servers – top, w and uptime commands


Load expresses the number of processes that are in the queue to access the processor. It is calculated over a period of time and smaller the number is better.

In Unix/Linux, load can be calculated by any of the following commands.

 
# top
# w
# uptime



Load average is usually expressed in 3 numbers.

Example:

 
# w
 05:40:18 up 3 days, 18:23,  2 users,  load average: 1.11, 1.83, 1.98
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    123.456.789.55     05:06    0.00s  0.10s  0.00s w
root     pts/0    123.456.555.55     03:06    0.00s  0.30s  0.00s bash



Uptime gives a one line display which represents current time, how long the system has been running, how many users are currently logged on and the system load averages for the past 1 minute, 5 minutes and 15 minutes respectively. For the last 5 minutes, average load was 0.10 and for the last 15 minutes, average server load was 0.11. Example:

 
# uptime
 11:34:15 up 3 days, 12 min,  2 users,  load average: 0.06, 0.10, 0.11



How much server load is acceptable?

Server load or Load is actually CPU load. This value shows how your processor is coping up with the tasks it needs to do. Larger the value of server load indicates a poor measure for server’s performance.



Single core processor

Ideal load for a single processor server is 1 which means that the processor is handling all the tasks in a well ordered manner and there is no process waiting in the queue. The higher the server load goes, processes get queued. This actually doesn’t means that when the server load goes over 1, the server starts failing. Server load under 10 may not result in server failure.



Multiple processors and server load

For servers with multiple processors load is calculated by dividing the actual load by number of CPUs.

Server load = Actual load/Number of CPUs


Ideal load for a single core processor is 1, 2.00 on a dual core and 4 on a quad-core etc.

Load get evenly distributed among the different processors in case of a multiprocessor server. In case if one processor is busy, the task will be handled by other processor.



How the server gets overloaded?

Higher loads are caused by different reasons. Now-a-days, almost 90% of the users have database driven websites. When such websites have lot of visitors, then the number of database connections increases which results in high load. If your users have any Ecommerce website with a lot of visitors, then your server laod goes high. Also, some website scripts may also consume more CPU resurces which may result in server load.

In some other cases, spamming results in server load. You can check whether spamming is going on in the server by using the commands given below:

 
# exim -bpc -- to view the number of emails in the queue
# exim -bp -- emails that are currently in queue



If you found frozen emails in queue, then there is a chance of spamming going on in the server.


Also, cPanel backup or cPremote backup may cause the server to over load. You can set the cron for backup to run at very convenient time that is at server off-peak hours to reduce the load.


In certain cases, RAID re-build may also cause the server to overload.


You can monitor your server using the “top” command.

# top -c
 

load1


You can kill the process which is consuming high CPU resource.

# kill -9 PID


If PHP processes are consuming more CPU resources, you can use

# killall -9 php


 Then, you need to restart Apache


You can kill httpd, if Apache is consuming high resources

# killall -9 httpd
# /etc/init.d/httpd restart


You can also check the number of connections from an IP address currently connected to the server. Connections upto 100 are treated as normal.

# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n



In this command if you find an abnormal connection to the server, that is connections above 100. In that case you can block the IP address which have 100+ connection to the server.

You can block the IP address in server firewall. 















Ref:http://crybit.com/load-monitoring-in-linux-servers/

Postfix Hardening

Postfix Hardening 

Make sure the Postfix is running with non-root account:    
    root@SysAdmin-Desktop:~#ps aux | grep postfix | grep -v '^root'   
 



Change permissions and ownership on the destinations below: 
    root@SysAdmin-Desktop:~#chmod 755 /etc/postfix
   
root@SysAdmin-Desktop:~#chmod 644 /etc/postfix/*.cf
   
root@SysAdmin-Desktop:~#chmod 755 /etc/postfix/postfix-script*
   
root@SysAdmin-Desktop:~#chmod 755 /var/spool/postfix
   
root@SysAdmin-Desktop:~#chown root:root /var/log/mail*
   
root@SysAdmin-Desktop:~#chmod 600 /var/log/mail*



    Edit file /etc/postfix/main.cf and add if necessary check & make the following changes:Modify the myhostname value to correspond to the external fully qualified domain name (FQDN) of the Postfix server, for example:
        myhostname = myserver.example.com

 
Configure network interface addresses that the Postfix service should listen on, for example:
        inet_interfaces = 192.168.1.1
   


    
Configure Trusted Networks, for example:
        mynetworks = 10.0.0.0/16, 192.168.1.0/24, 127.0.0.1
       
 


Configure the SMTP server to masquerade outgoing emails as coming from your DNS domain, for example:
        myorigin = example.com
       
 


Configure the SMTP domain destination, for example:
        mydomain = example.com
       
 


Configure to which SMTP domains to relay messages to, for example:
        relay_domains = example.com
       
 


Configure SMTP Greeting Banner:
        smtpd_banner = $myhostname
         



Limit Denial of Service Attacks:
        default_process_limit = 100
        smtpd_client_connection_count_limit = 10
        smtpd_client_connection_rate_limit = 30
        queue_minfree = 20971520
        header_size_limit = 51200
        message_size_limit = 10485760
        smtpd_recipient_limit = 100
     



Restart the Postfix daemon:
    service postfix restart

 

Monday 1 September 2014

RAID Configurations

RAID Defined

RAID stands for Redundant Array of Independent Disks. RAID is a method of combining several hard drives into one unit. It offers fault tolerance and higher throughput levels than a single hard drive or group of independent hard drives. RAID levels 0,1, 10 and 5 are the most popular.
The acronym RAID, originally coined at UC-Berkeley in 1987, stood for Redundant Array of Inexpensive Disks.

RAID Configurations

 

RAID 0 Diagram
RAID 0 splits data across drives, resulting in higher data throughput. The performance of this configuration is extremely high, but a loss of any drive in the array will result in data loss. This level is commonly referred to as striping.
Minimum number of drives required: 2
Performance: High
Redundancy: Low
Efficiency: High









 Advantages:

  • High performance
  • Easy to implement
  • Highly efficient (no parity overhead)

Disadvantages:

  • No redundancy
  • Limited business use cases due to no fault tolerance









RAID 1 Diagram
RAID 1 writes all data to two or more drives for 100% redundancy: if either drive fails, no data is lost. Compared to a single drive, RAID 1 tends to be faster on reads, slower on writes. This is a good entry-level redundant configuration. However, since an entire drive is a duplicate, the cost per megabyte is high. This is commonly referred to as mirroring.
Minimum number of drives required: 2
Performance: Average
Redundancy: High
Efficiency: Low













Advantages:

  • Fault tolerant
  • Easy to recover data in case of drive failure
  • Easy to implement

Disadvantages:

  • Highly inefficient (100% parity overhead)
  • Not scalable (becomes very costly as number of disks increase)









RAID 5 Diagram
RAID 5 stripes data at a block level across several drives, with parity equality distributed among the drives. The parity information allows recovery from the failure of any single drive. Write performance is rather quick, but because parity data must be skipped on each drive during reads, reads are slower. The low ratio of parity to data means low redundancy overhead.
Minimum number of drives required: 3
Performance: Average
Redundancy: High
Efficiency: High

Advantages:

  • Fault tolerant
  • High efficiency
  • Best choice in multi-user environments which are not write performance sensitive

Disadvantages:

  • Disk failure has a medium impact on throughput
  • Complex controller design



RAID 6 Diagram
RAID 6 is an upgrade from RAID 5: data is striped at a block level across several drives with double parity distributed among the drives. As in RAID 5, parity information allows recovery from the failure of any single drive. The double parity gives RAID 6 additional redundancy at the cost of lower write performance (read performance is the same), and redundancy overhead remains low.
Minimum number of drives required: 4
Performance: Average
Redundancy: High
Efficiency: High









 

 

Advantages:

  • Fault tolerant – increased redundancy over RAID 5
  • High efficiency
  • Remains a great option in multi-user environments which are not write performance sensitive

Disadvantages:

  • Write performance penalty over RAID 5
  • More expensive than RAID 5
  • Disk failure has a medium impact on throughput
  • Complex controller design







RAID 0+1 Diagram
RAID 0+1 is a mirror (RAID 1) array whose segments are striped (RAID 0) arrays. This configuration combines the security of RAID 1 with an extra performance boost from the RAID 0 striping.
Minimum number of drives required: 4
Performance: Very High
Redundancy: High
Efficiency: Low







 

 Advantages:

  • Fault tolerant
  • Very high performance

Disadvantages:

  • Expensive
  • High Overhead
  • Very limited scalability









RAID 10 Diagram
RAID 10 is a striped (RAID 0) array whose segments are mirrored (RAID 1). RAID 10 is a popular configuration for environments where high performance and security are required. In terms of performance it is similar to RAID 0+1. However, it has superior fault tolerance and rebuild performance.
Minimum number of drives required: 4
Performance: Very High
Redundancy: Very High
Efficiency: Low











 

 Advantages:

  • Extremely high fault tolerance – cnder certain circumstances, RAID 10 array can sustain multiple simultaneous drive failures
  • Very high performance
  • Faster rebuild performance than 0+1

Disadvantages:

  • Very expensive
  • High overhead
  • Limited scalability








RAID 50 Diagram
RAID 50 combines RAID 5 parity and stripes it as in a RAID 0 configuration. Although high in cost and complexity, performance and fault tolerance are superior to RAID 5.
Minimum number of drives required: 6
Performance: High
Redundancy: High
Efficiency: Average










 

 Advantages:

  • Higher fault tolerance than RAID 5
  • Higher performance than RAID 5
  • Higher efficiency than RAID 5

Disadvantages:

  • Very expensive
  • Very complex / difficult to implement






RAID 60 Diagram


RAID 60 combines RAID 6 double parity and stripes it as in a RAID 0 configuration. Although high in cost and complexity, performance and fault tolerance are superior to RAID 6.
Minimum number of drives required: 8
Performance: High
Redundancy: High
Efficiency: Average













Ref: http://www.icc-usa.com/raid-calculator/

Advantages:

  • Higher fault tolerance than RAID 6
  • Higher performance than RAID 6
  • Higher efficiency than RAID 6

Disadvantages:

  • Very expensive
  • Very complex / difficult to implement