≡ Menu


An alias is nothing but shortcut to commands. The alias command allows user to launch any command or group of commands (including options and filenames) by entering a single word. Use alias command to display list of all defined aliases. You can add user defined aliases to ~/.bashrc file. You can cut down typing time with these aliases, work smartly, and increase productivity at the command prompt.
[click to continue…]

I already written about howto remove a password from all PDF files under Ubuntu or any other Linux distribution in a batch mode. However, many user want a simple command to recover password from pdf files. This is useful if you forgotten your password for pdf file. It is also useful for data-archaeologists, computer forensics professionals, people who want to test their password-strength (pdf files generated by webpass) and many more.
[click to continue…]

There was random number generator vulnerability in Debian OpenSSL package and similar packages in derived distributions such as Ubuntu / others. Many of our regular readers would like to know:

Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux workstation / server users?

Short answer, yes.

All keys generated using Debian OpenSSL package must be replaced on other system including FreeBSD / CentOS / RHEL etc as all keys considered as compromized. OpenSSL, OpenSSH and OpenVPN are badly effected. For example, if you use OpenSSH key to get into other Linux / UNIX servers and if key-pair is generated with a vulnerable OpenSSL library, you are at the risk as the key can be reproduced easily.

Bottom, line you need to update keys on other boxes too.

Ubuntu / Debian Linux Find Weak OpenSSL keys

This bug really was a bad one. I've client with over 200 Debian Linux server. Updating all systems wasn't the problem. With the help of Cfengine I was able to push updates but managing all workstation ssh keys (over 1000+ Windows and Linux/BSD workstations) and testing everything took so much time. Debian shouldn't have modified the package in first place. I also had to upgrade over 30 SSL certificates and a whole new CA for OpenVPN. Luckily VeriSign is providing revocation and replacement of SSL certificates (generally it is not provided free of charge) till 30-June-2008.

How do I find out all weak keys?

You can check all your weak keys with following commands:
# wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
# wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc
# gpg --keyserver subkeys.pgp.net --recv-keys 02D524BE
# gpg --verify dowkd.pl.gz.asc
# gunzip dowkd.pl.gz
# perl dowkd.pl host localhost

You should see 0 weak keys. If you run Debian or Ubuntu Linux upgrade your OpenSSL and fix all the affected softwares. There is also wiki page that will address all your concerns. Overall it lasted for few days for large clients. How many hours did you spend updating Debian systems?

There is a serious security flaw in Debian openssl - the random number generator in Debian's openssl package is predictable. As a result, cryptographic key material may be guessable.

=> Package : openssl
=> Vulnerability : predictable random number generator
=> Problem type : remote
=> Debian-specific: yes
=> CVE Id(s) : CVE-2008-0166
=> Checkout description and recommended fix at the following url:

[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Here is one of the most frequently asked questions from my mailbag:

Hey I need to know how much ram memory I have in my Ubuntu Linux computer. Under Windows XP I can find out memory by visiting Start > Control Panels > System in control panel. So how do I find out RAM information under Linux PC?

[click to continue…]

Static routes improves overall performance of your network (especially bandwidth saving). They are also useful in stub networks (i.e. there is only one link to the network). For example, each LAN (located at different offices) is connected to HQ IDC (Internet data center) using single T1/LL/Wan links.

For example under Red Hat/Fedora Linux you can add static router for eth0 network interface by editing /etc/sysconfig/network-scripts/route-eth0 file. Under Debian Linux add static route by editing /etc/network/interface file.

[click to continue…]