Archive for October, 2012

SBDavid

mdadm command for Raid

mdadm command for Raid

mdadm –create /dev/md0 –level=0 –raid-devices=2 /dev/sdb1 /dev/sdb2

This will crate raid devices level 0 with /dev/sdb1 /dev/sdb2

mdadm –query /dev/name-of-device

This will find out if a given device is a RAID array, or is part of one, and will provide brief information about the device.

mdadm –assemble –scan

This will assemble and start all arrays listed in the standard config file. This command will typically go in a system startup file.

mdadm –stop –scan

This will shut down all arrays that can be shut down (i.e. are not currently in use). This will typically go in a system shutdown script.

SBDavid

tcpdump - dump traffic on a network

tcpdump - dump traffic on a network

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

Example:

root@u12:~# tcpdump -nnvvXS -c2 port 80

-n
Don’t convert host addresses to names. This can be used to avoid DNS lookups.

-nn
Don’t convert protocol and port numbers etc. to names either.

-vv
Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded.

-X
When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.

-S
Print absolute, rather than relative, TCP sequence numbers.

Summary

A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel & WHM.

Security Rating

This vulnerability has been rated as Critical[1] by the cPanel Security team.

Description

A remote code execution flaw in Exim has been discovered by an internal audit performed by the Exim developers[2]. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. In some circumstances this may lead to privilege escalation.

The vulnerability is tied to the DKIM support introduced in Exim 4.70. It has been assigned CVE-2012-5671[3].

The following Exim RPMs, as distributed by cPanel, Inc. are known to be vulnerable:

* exim-4.76-1
* exim-4.77-0
* exim-4.77-1
* exim-4.80-0
* exim-4.80-1

These RPMs were shipped as part of cPanel & WHM versions 11.32 and 11.34.

Solution

Contact us at info@serverbuddies.com for patching your Exim server with the latest security patches and run a Full Security Audit on your server.

SBDavid

OpenStack components

OpenStack components:

Keystone (Identity)
A common identity service that provides authentication for other services.

Glance (Image)
A service that acts as a registry for virtual machine images.

Nova (Compute)
A service that manages virtual machines and the storage and networking associated with them.

Horizon (Dashboard)
A web based dashboard for interacting with the rest of the services.

Swift (Object)
Object storage.

SBDavid

Configuring Sudo

Configuring Sudo

To run as root use the su or sudo commands. Avoid using root for any non-administration usage, since the root account makes it easy to create security or data risks. If you frequently use a single user desktop, you may find it convenient to configure sudo so you can use the same password for both root and your regular account. To do this, follow this procedure:

Become the root user using the su command. Enter the password for the root account when prompted.

su -

Run this command, using your user account name in the place of “sampleusername”:

echo ’serveradmin ALL=(ALL) ALL’ >> /etc/sudoers

Note that when sudo prompts you for a password, it expects your user password, not root’s.

Next »