400K+ Exim MTA affected by overflow vulnerability on Linux/Unix

Posted on in Categories Linux News, Security last updated March 8, 2018

Exim is a free and open source message transfer agent (MTA) developed at the University of Cambridge. It is famous on Unix and Linux systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. There is a buffer overflow in base64d() of Exim MTA that allows an attacker to run code remotely. ALL versions of Exim MTA affected by overflow vulnerability i.e. CVE-2018-6789.
Continue reading “400K+ Exim MTA affected by overflow vulnerability on Linux/Unix”

How to record statistics about a Linux machine’s uptime

Posted on in Categories Command Line Hacks, Hardware last updated November 15, 2017

Linux/Unix sysadmins have a weird obsession with server uptime. There is a xkcd comic devoted to this subject where a good sysadmin is an unstoppable force that it stands between the forces of darkness and your cat blog’s servers.
Fig.01: Devotion to Duty https://xkcd.com/705/
One can tell how long the Linux system has been running using the uptime command or w command or top command. I can get a report of the historical and statistical running time of the system, keeping it between restarts using tuptime tool. Like uptime command but with the more impressive output. Recently I discovered another tool called uptimed that records statistics about a machine’s uptime. Let us see how to get uptime record statistics using uptimed and uprecords on Linux operating system.

I put a cronjob in /etc/cron.{hourly,daily,weekly,monthly} and it does not run and how can I troubleshoot it?

Posted on in Categories Cloud Computing, Howto, Open Source, Web Developer last updated August 27, 2017

Recently I created a simple shell script called backup.sh in /root/scripts directory to just backup MySQL database and dumped it to /nfs/mysql/ directory. I put a file (more like used the ln command to create a soft link ) in /etc/cron.hourly/ and it doesn’t run. There was no error in systemd log or cron log. Why is my cron job was not working, and here is how I troubleshoot it.

Linux security alert: Bug in sudo’s get_process_ttyname() [ CVE-2017-1000367 ]

Posted on in Categories Security last updated May 31, 2017

There is a serious vulnerability in sudo command that grants root access to anyone with a shell account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. Patch your system as soon as possible.

How to speed up OpenSSL/GnuPG Entropy For Random Number Generation On Linux

Posted on in Categories Howto, Open Source, Security last updated November 7, 2016

Entropy is nothing but the measure of “randomness” in a sequence of bits. The PRNG ( pseudorandom number generator ) is a special device (e.g. /dev/random on Linux) to create randomness from server hardware activities. It uses interrupts generated from the keyboard, hard disk, mouse, network and other sources. The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The randomness usually used for security purposes like creating TLS/SSL keys and the quality source of random bits is critical. For example, OpenSSL APIs can use quality randomness to make your program cryptographically secure. However, a poor source of randomness could result in loss of security. In this post, I will cover haveged and rng-utils/rng-tools to generate random numbers and feed linux random device for your virtual or dedicated Linux server.