Professional Linux & Windows Server Management & Security Services (cPanel, Plesk, DirectAdmin and others)

 We provide a wide range of server management plans. You can completely customize your order or feel free to contact us. All of our experts are highly trained and certified. You can rest assured that you’re always in safe hands.

Our Server Management services:

Linux Server management

Windows Server Management

VPS Node management

Feel free to contact us for any customized or additional requests by clicking here

Rsync remote attack-CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

 

Timeline

January 5, 2015 MITRE reserved CVE
February 12, 2015 NVD published advisory

Authority references

Vendor & other references

GHOST: glibc vulnerability (CVE-2015-0235)

Background Information

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Impact

The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

A list of affected Linux distros

  • RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
  • CentOS Linux version 5.x, 6.x & 7.x
  • Ubuntu Linux version 10.04, 12.04 LTS
  • Debian Linux version 7.x
  • Linux Mint version 13.0
  • Fedora Linux version 19 or older
  • SUSE Linux Enterprise 11 and older (also OpenSuse Linux 11 or older versions).
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP2 LTSS
  • SUSE Linux Enterprise Server 11 SP1 LTSS
  • SUSE Linux Enterprise Server 10 SP4 LTSS
  • SUSE Linux Enterprise Desktop 11 SP3
  • Arch Linux glibc version <= 2.18-1

Resolution

Update the glibc and nscd packages on your system using:

Fix for Centos/RHEL/Fedora 5,6,7:

  •  yum update glibc
  • Restart ALL running services or reboot the server as an alternative.

Fix for Ubuntu:

  • sudo apt-get clean
  • sudo apt-get update
  • sudo reboot

Linux is just the kernel, GNU is the OS.

This is an interesting read and some old history copied from http://www.gnu.org/gnu/linux-and-gnu.html

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.

Many users do not understand the difference between the kernel, which is Linux, and the whole system, which they also call “Linux”. The ambiguous use of the name doesn’t help people understand. These users often think that Linus Torvalds developed the whole operating system in 1991, with a bit of help.

Programmers generally know that Linux is a kernel. But since they have generally heard the whole system called “Linux” as well, they often envisage a history that would justify naming the whole system after the kernel. For example, many believe that once Linus Torvalds finished writing Linux, the kernel, its users looked around for other free software to go with it, and found that (for no particular reason) most everything necessary to make a Unix-like system was already available.

What they found was no accident—it was the not-quite-complete GNU system. The available free software added up to a complete system because the GNU Project had been working since 1984 to make one. In the The GNU Manifesto we set forth the goal of developing a free Unix-like system, called GNU. The Initial Announcement of the GNU Project also outlines some of the original plans for the GNU system. By the time Linux was started, GNU was almost finished.

Most free software projects have the goal of developing a particular program for a particular job. For example, Linus Torvalds set out to write a Unix-like kernel (Linux); Donald Knuth set out to write a text formatter (TeX); Bob Scheifler set out to develop a window system (the X Window System). It’s natural to measure the contribution of this kind of project by specific programs that came from the project.

If we tried to measure the GNU Project’s contribution in this way, what would we conclude? One CD-ROM vendor found that in their “Linux distribution”, GNU software was the largest single contingent, around 28% of the total source code, and this included some of the essential major components without which there could be no system. Linux itself was about 3%. (The proportions in 2008 are similar: in the “main” repository of gNewSense, Linux is 1.5% and GNU packages are 15%.) So if you were going to pick a name for the system based on who wrote the programs in the system, the most appropriate single choice would be “GNU”.

But that is not the deepest way to consider the question. The GNU Project was not, is not, a project to develop specific software packages. It was not a project to develop a C compiler, although we did that. It was not a project to develop a text editor, although we developed one. The GNU Project set out to develop a complete free Unix-like system: GNU.

Many people have made major contributions to the free software in the system, and they all deserve credit for their software. But the reason it is an integrated system—and not just a collection of useful programs—is because the GNU Project set out to make it one. We made a list of the programs needed to make a complete free system, and we systematically found, wrote, or found people to write everything on the list. We wrote essential but unexciting (1) components because you can’t have a system without them. Some of our system components, the programming tools, became popular on their own among programmers, but we wrote many components that are not tools (2). We even developed a chess game, GNU Chess, because a complete system needs games too.

By the early 90s we had put together the whole system aside from the kernel. We had also started a kernel, the GNU Hurd, which runs on top of Mach. Developing this kernel has been a lot harder than we expected; the GNU Hurd started working reliably in 2001, but it is a long way from being ready for people to use in general.

Fortunately, we didn’t have to wait for the Hurd, because of Linux. Once Torvalds freed Linux in 1992, it fit into the last major gap in the GNU system. People could thencombine Linux with the GNU system to make a complete free system — a version of the GNU system which also contained Linux. The GNU/Linux system, in other words.

Making them work well together was not a trivial job. Some GNU components(3) needed substantial change to work with Linux. Integrating a complete system as a distribution that would work “out of the box” was a big job, too. It required addressing the issue of how to install and boot the system—a problem we had not tackled, because we hadn’t yet reached that point. Thus, the people who developed the various system distributions did a lot of essential work. But it was work that, in the nature of things, was surely going to be done by someone.

The GNU Project supports GNU/Linux systems as well as the GNU system. The FSF funded the rewriting of the Linux-related extensions to the GNU C library, so that now they are well integrated, and the newest GNU/Linux systems use the current library release with no changes. The FSF also funded an early stage of the development of Debian GNU/Linux.

Today there are many different variants of the GNU/Linux system (often called “distros”). Most of them include non-free software—their developers follow the philosophy associated with Linux rather than that of GNU. But there are also completely free GNU/Linux distros. The FSF supports computer facilities for two of these distributions, Ututoand gNewSense.

Making a free GNU/Linux distribution is not just a matter of eliminating various non-free programs. Nowadays, the usual version of Linux contains non-free programs too. These programs are intended to be loaded into I/O devices when the system starts, and they are included, as long series of numbers, in the “source code” of Linux. Thus, maintaining free GNU/Linux distributions now entails maintaining a free version of Linux too.

Whether you use GNU/Linux or not, please don’t confuse the public by using the name “Linux” ambiguously. Linux is the kernel, one of the essential major components of the system. The system as a whole is basically the GNU system, with Linux added. When you’re talking about this combination, please call it “GNU/Linux”.

If you want to make a link on “GNU/Linux” for further reference, this page and http://www.gnu.org/gnu/the-gnu-project.html are good choices. If you mention Linux, the kernel, and want to add a link for further reference, http://foldoc.org/linux is a good URL to use.

Addendum: Aside from GNU, one other project has independently produced a free Unix-like operating system. This system is known as BSD, and it was developed at UC Berkeley. It was non-free in the 80s, but became free in the early 90s. A free operating system that exists today(4) is almost certainly either a variant of the GNU system, or a kind of BSD system.

People sometimes ask whether BSD too is a version of GNU, like GNU/Linux. The BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them, but the code had little overlap with GNU. BSD systems today use some GNU programs, just as the GNU system and its variants use some BSD programs; however, taken as wholes, they are two different systems that evolved separately. The BSD developers did not write a kernel and add it to the GNU system, and a name like GNU/BSD would not fit the situation.(5)

Notes:

  1. These unexciting but essential components include the GNU assembler, GAS and the linker, GLD, both are now part of the GNU Binutils package, GNU tar, and more.
  2. For instance, The Bourne Again SHell (BASH), the PostScript interpreter Ghostscript, and the GNU C library are not programming tools. Neither are GNUCash, GNOME, and GNU Chess.
  3. For instance, the GNU C library.
  4. Since that was written, a nearly-all-free Windows-like system has been developed, but technically it is not at all like GNU or Unix, so it doesn’t really affect this issue. Most of the kernel of Solaris has been made free, but if you wanted to make a free system out of that, aside from replacing the missing parts of the kernel, you would also need to put it into GNU or BSD.
  5. On the other hand, in the years since this article was written, the GNU C Library has been ported to several versions of the BSD kernel, which made it straightforward to combine the GNU system with that kernel. Just as with GNU/Linux, these are indeed variants of GNU, and are therefore called, for instance, GNU/kFreeBSD and GNU/kNetBSD depending on the kernel of the system. Ordinary users on typical desktops can hardly distinguish between GNU/Linux and GNU/*BSD.

Can I add more RAM to my 32 bit Operating System (OS)?

Some 32 bit Operating Systems (OS) limit the amount of RAM they will support. Exceeding that limit may contribute to a number of problems. Therefore it is not supported. Upgrading to a 64 bit Operating Systems (OS) is recommended. A list of 32 bit Operating Systems (OS) with limited RAM is below.

 

Operating System (OS)

Bit

RAM Limit (GB)

CloudLinux 5 32 bit 64
CloudLinux 6 32 bit 8
Debian 6 32 bit 32
RHEL/CentOS 5 Minimal/LAMP 32 bit 64
RHEL/CentOS 6 Minimal/LAMP 32 bit 16
Ubuntu 8.04 LTS 32 bit 64
Ubuntu 10.04 LTS 32 bit 64
Ubuntu 12.04 LTS 32 bit 64

How to increase /tmp partition size on a non-control panel server

Stop Apache and MySQL services.

# /etc/init.d/httpd stop; /etc/init.d/mysql stop

Take a backup of /tmp

# cp -rp /tmp /tmp.bak

Create a partition of 2GB using the below command

# dd if=/dev/zero of=/usr/temp-disk bs=2M count=1024

Create the file system on it using the mke2fs command

# mke2fs -j /usr/temp-disk

Unmount the current /tmp partition

# umount /tmp

Mount the new /tmp filesystem using the below command

# mount -t ext3 -o rw,noexec,nosuid,loop /usr/temp-disk /tmp

Set the correct permission for /tmp

# chmod 1777 /tmp

To verify the partition, execute:

# mount

Restore the content of old /tmp.bkp directory

# cp -rp /tmp.bak/* /tmp

Start Apache and MySQL services.

# /etc/init.d/httpd start; /etc/init.d/mysql start

To make sure this partition is mounted automatically after every reboot, edit the /etc/fstab and replace /tmp entry line with the following one.

/usr/temp-disk /tmp ext3 rw,noexec,nosuid,loop 0 0

Why do I need an owned IP for my own SSL certificate?

The reason you must have your own dedicated IP address when you want to use your own SSL certificate (when you don’t want the server wide shared certificate) is because of the way SSL and Apache (httpd) works.

For name based web-hosting (when many domains are on one IP) the web browser will pass the name of the domain being requested inside the httpd headers along with the request.  This way, Apache knows which domain you are trying to access even though there are many domains on that one IP address.

When you do the same thing through an SSL connection, the connection has to be made *before* the request can be sent.  In this connection, the certificate is passed.  The only information that Apache knows before the request is made is which IP the connection is being made to.  It has to be able to know which certificate to send before the request is made, thus you can’t use multiple certificates on the same IP (if you do, Apache will use the first certificate listed which DA will always set to the server shared certificate for shared IPs).

If you want to use your own certificate, it must be the first certificate listed.  This wouldn’t work for a shared IP, because there would multiple domain wanting this status, and the first certificate would the one shown.  For this reason the shared certificate is always used on a shared IP.  For your certificate, DA will acknowledge the IP as being ‘owned’ and will remove the server shared certificate as the first cert to be loaded, thus your certificate will be loaded instead.

Redirect domain.com to www.domain.com

If you want to force clients to use www.domain.com, you can redirect them from domain.com to the www version with an .htaccess file.

In your public_html folder, create a file called .htaccess and add the code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=permanent]

where you’d need to replace domain\.com and domain.com with your actual domain name.  Note the \ character must be present to escapce the . character.

Other versions of the same thing do a negation check to see if the domain is not www.domain.com, but that doesn’t work if you have subdomains.. hence the need for the explicit check for the value we don’t want.

How to use SSH

 

To use ssh, you’ll need an ssh client for your local computer.  We recommend PuTTY

Once you’ve installed your ssh client, load it up and you should be given a space to enter some information.  You’ll want to select “SSH” on port 22.  You can past in the name of your server “domain.com” or the ip “1.2.3.4” in the the space that says “Host Name (or IP Address)”.  Click Open.

If you’ve entered all info correctly, you should be prompted with a large black screen asking for your login information.  If you are doing system tasks, you’ll probably need root access.  If you have root access, enter “root” and press enter.. sometimes it can take several seconds before you see any change.   Enter the root password (and press enter), and if everything works, you should see a command prompt, ex:[[email protected]]#

You are now on the server. This is your starting point.

From here you can do anything, including destroy your server, so you must be very careful with the commands you enter.

Some basic commands include:

List: ls[[email protected]]# ls
file1.txt   file2.txt   file3.txt

Change Directories: cd[[email protected]]# cd /home/admin

Remove a file: rm[[email protected]]# rm file1.txt
rm: remove `file1.txt’ ? y

Once you’ve finished working, you can type[[email protected]]# exit

and the ssh window should be closed.

 

Welcome to our blog

This blog will cover the following topics:

  • Attacker.NET offers & News
  • Security Advisories
  • Tutorials & How-To’s
  • Genetal IT news, Issues and Best practices