Thursday, November 27, 2014

Alert-Out-of-Band Security Updates for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player 15.0.0.223 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.418 and earlier versions for Linux.

Update Adobe Flash Player to the latest version

References:

Understanding Formatted Capacity versus Unformated Capacity

Have you wondered why Formatted Capacity is lesser than the Unformated Capacity of a Hard Disk. Do take a look at this article Formatted capacity confusion clarified

Storage hardware is using the base 10 system and software is using the base 2 system. So no storage is actually lost, it is just a question of how the information is represented.

Wednesday, November 26, 2014

Compiling udunits-2.1.24 on CentOS 6

The UDUNITS package supports units of physical quantities. Its C library provides for arithmetic manipulation of units and for conver

Step 1: Download udunits-2.1.24 from ftp://ftp.unidata.ucar.edu/pub/udunits/

Step 2:Untar and compile
# tar -zxvf udunits-2.1.24
# cd udunits-2.1.24
# ./configure --prefix=/usr/local/udunits-2.1.24 CC=gcc CXX=g++
# make 
# make install

Compling ANTLR 2.7.7 on CentOS 6

What is ANTLR?
ANTLR, ANother Tool for Language Recognition, (formerly PCCTS) is a language tool that provides a framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. ANTLR provides excellent support for tree construction, tree walking, and translation. There are

Step 1: Download ANTLR 2.7.7

Step 2: Untar ANTLR-2.7.7
# tar -zxvf antlr-2.7.7
# antlr-2.7.7

Step 3: For RHEL and CentOS, edit the source file /root/antlr-2.7.7/lib/cpp/antlr/CharScanner.hpp
# vim /root/antlr-2.7.7/lib/cpp/antlr/CharScanner.hpp

Add the following into the CharScanner.hpp file


Step 4: Compile the antlr-2.7.7
# ./configure --prefix=/usr/local/antlr2.7.7 --disable-examples
# make -j 8
# make install

References:
  1. http://sourceforge.net/p/nco/discussion/9830/thread/08ae0201

Saturday, November 22, 2014

HTTP Server Prone To Slow Denial Of Service Attack

1. For Apache HTTPD Server:
Upgrade to the latest version that has "mod_reqtimeout" module support available by default.
Then enable the module "mod_reqtimeout" and configure it to set the timeout and minimum data rate for receiving requests,

See my screenshot below


RequestReadTimeout header=10-20,minrate=500
RequestReadTimeout body=10,minrate=500

For a complete write-up see Using mod_reqtimeout to make HTTP Server less vulnerable for DOS Attack for CentOS

References:
  1. Apache Module mod_reqtimeout
  2. Using mod_reqtimeout to make HTTP Server less vulnerable for DOS Attack for CentOS

Tuesday, November 18, 2014

Install GCC 4.8.1 and other Scientitic Packages via Yum on CentOS

Do take a look at Linux @ CERN for the documentation on how to use yum to install devtoolset which contain the following packages. The latest version for CentOS 6 is devtoolset-2.1. Here is a summary of the Linux @ CERN

CentOS 6 / SL 6

Developer Toolset 2.1 provides following tools:
  • gcc/g++/gfortran - GNU Compiler Collection - version 4.8.2
  • gdb - GNU Debugger - version 7.6.34
  • binutils - A GNU collection of binary utilities - version 2.23.52
  • elfutils - A collection of utilities and DSOs to handle compiled objects - version 0.155
  • dwz - DWARF optimization and duplicate removal tool - version 0.11
  • systemtap - Programmable system-wide instrumentation system - version 2.1
  • valgrind - Tool for finding memory management bugs in programs - version 3.8.1
  • oprofile - System wide profiler - version 0.9.8
  • eclipse - An Integrated Development Environment - version 4.3.1 (Kepler)

CentOS 5 / SL 5

Developer Toolset 1.1 provides following tools:
  • gcc/g++/gfortran - GNU Compiler Collection - version 4.7.2
  • gdb - GNU Debugger - version 7.5
  • binutils - A GNU collection of binary utilities - version 2.23.51
  • elfutils - A collection of utilities and DSOs to handle compiled objects - version 0.154
  • dwz - DWARF optimization and duplicate removal tool - version 0.7
  • systemtap - Programmable system-wide instrumentation system - version 1.8
  • valgrind - Tool for finding memory management bugs in programs - version 3.8.1
  • oprofile - System wide profiler - version 0.9.7

Installation and Enablement

CentOS 6 / SL 6
Save repository information as /etc/yum.repos.d/slc6-devtoolset.repo on your system:
# cd /etc/yum.repos.d/ 
# wget -O /etc/yum.repos.d/slc6-devtoolset.repo http://linuxsoft.cern.ch/cern/devtoolset/slc6-devtoolset.repo
# yum install devtoolset-2 --nogpgcheck
# scl enable devtoolset-2 bash

CentOS 5 / SL 5
Save repository information as /etc/yum.repos.d/slc5-devtoolset.repo on your system:
# cd /etc/yum.repos.d/
# wget -O /etc/yum.repos.d/slc5-devtoolset.repo http://linuxsoft.cern.ch/cern/devtoolset/slc5-devtoolset.repo
# yum install devtoolset-1.1
# scl enable devtoolset-1.1 bash

Monday, November 17, 2014

Comparing the Security Policies for Session Sharing in VNC, NoMachine, NX, EoD and FastX

This white Papers Comparing the Security Policies for Session Sharing in VNC, NoMachine, NX, EoD and FastX was written by StarNet Communications 



Executive Summary 
Session sharing is the process where multiple users interact with the same desktop from remote systems. Security is a major issue in session sharing software as by its very nature shared sessions work around policy rules enforced by the operating system. However, the collaborative benefit of session sharing make it a valuable in modern day companies. Special care needs to be taken by session sharing software vendors to make a shared session as secure as it possibly can be as to limit the amount of damage, a mismanaged session can cause to an organization. There are currently five major session sharing software tools available for linux systems: VNC, NoMachine, NX, Exceed on Demand, and FastX.

VNC offers minimal security and its use is a major security hole to an organization. NX is the widely used predecessor to NoMachine which has a flawed default configuration granting clients unneeded access. NoMachine offers better security, but it has several features that can be exploited. Exceed on Demand is fairly secure, but its use of an access control list that retains client permissions can be exploited to spy on the session owner. FastX offers the best security allowing session sharing to be dynamically enabled/disabled as well as the use of a one time sharing key that disables sharing whenever the owner disconnects.


Sunday, November 16, 2014

Error Problem Connecting for XRDP

After yum install xrdp and starting the service, I encountered the error during remote desktop to the Linux Box.

connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait...
xrdp_mm_process_login_reponse: login successful for display
started connecting
connecting to 127.0.0.1 5910
error - problem connecting

At the /var/log/xrdp-sesman.log
......
[20141118-23:53:40] [ERROR] X server for display 10 startup timeout
[20141118-23:53:40] [INFO ] starting xrdp-sessvc - xpid=2998 - wmpid=2997
[20141118-23:53:40] [ERROR] X server for display 10 startup timeout
[20141118-23:53:40] [ERROR] another Xserver is already active on display 10
[20141118-23:53:40] [DEBUG] aborting connection...
[20141118-23:53:40] [INFO ] ++ terminated session:  username root, display :10.0
..... 

I have installed the necessary GNOME Desktop packages. Installing GNOME Desktop on CentOS 6 on a console before installing xrdp.

But the solution is quite simple. You need to install the tigervnc-server package and just the tigervnc only.
# yum install tigervnc-server

Restart the xrdp again.
# service xrdp restart

Friday, November 14, 2014

Wednesday, November 12, 2014

Red Hat Enterprise Linux Atomic Host Beta Now Available


Red Hat Enterprise Linux 7 Atomic Host is a secure, lightweight and minimized footprint operating system that is optimized to run Linux Containers. A member of the Red Hat Enterprise Linux family, Red Hat Enterprise Linux Atomic Host couples the flexible, lightweight and modular capabilities of Linux Containers with the reliability and security of Red Hat Enterprise Linux in a reduced image size.

Red Hat Enterprise Linux Atomic Host is now ready to download and test; please share your feedback with Red Hat as you work through the testing process.

Features (According to the Website):
  1. Optimised for Containers
    Deploy a secure, integrated host platform that is designed to run container images with optimizations for scalability, density, and performance.
  2. Building and Running of Containers
    Build and run image-based containers using the docker service, accessible through the Extras channel as part of a Red Hat Enterprise Linux Server subscription.
  3. Orchestration
    Build composite applications by orchestrating multiple containers as microservices on a single host instance using the Kubernetes orchestration framework.
  4. Ability to Run Red Hat Enterprise Linux Platform Images
    Deploy applications that have been developed, tested and certified for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 in a container on Red Hat Enterprise Linux Atomic Host Beta.
  5. Atomic Updating and Rollback
    A new, simplified update mechanism for host OS lets you download and deploy updated versions in a single step. With built-in retention of a previous version of the host OS, you can easily rollback to an earlier state.
  6. Security
    Secure and isolate applications with SELinux in containers, reducing potential attack surfaces and ensuring that if a container process goes down or is compromised, other applications and the host remain safe and functional.
  7. Flexibility to Deploy Across the Open Hybrid Cloud
    Deploy Red Hat Enterprise Linux 7 Atomic Host Beta to physical, virtual and public and private cloud environments, including Amazon Web Services and Google Compute Engine.

Wednesday, November 5, 2014

NTU Scales up with Hybrid Cloud with NetApp

News Information regarding NTU scaling up with Hybrid Cloud. The same article was presented in various sites.
  1. NTU scales up with Hybrid Cloud  (Computerworld Singapore)
  2. NTU scales up with Hybrid Cloud (CIO Asia)
  3. NTU scales up with Hybrid Cloud (MIS Asia)