OpenSSL updates for ALL versions

The OpenSSL team released an update that affects all versions of OpenSSL to some degree with the primary issue on affecting version 1.0.1+. There are 5 vulnerabilities fixed by the latest patch ranging from MITM attacks to buffer overflows. The MITM bug allows a specially crafted packet to potentially force a weak keyring and allow for decryption of the SSL content. This bug can be exploited with any version of openssl on the client and version 1.0.1+ on the server. Updates have been released for all versions of OpenSSL, including below 1.0.1 to mitigate this issue.

Barnyard2 error

While doing a fresh install of barnyard2 from a guide I found online I encountered the following error while starting it:

[Select()]: Failed to execute query [SELECT vseq FROM `schema`] , will retry
[Select()]: Failed to execute query [SELECT vseq FROM `schema`] , will retry
[Select()]: Failed to execute query [SELECT vseq FROM `schema`] , will retry

Suricata build error

While compiling the latest version of Suricata on CentOS 6.4 the following error was encountered:

Archipel build error - sqlalchemy

While configuring Archipel the following error was encountered:

ArchipelAgent]# archipel-initinstall
Traceback (most recent call last):
File "/usr/bin/archipel-initinstall", line 4, in
import pkg_resources
File "/usr/lib/python2.6/site-packages/pkg_resources.py", line 2659, in
parse_requirements(__requires__), Environment()
File "/usr/lib/python2.6/site-packages/pkg_resources.py", line 546, in resolve
raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: sqlalchemy>=0.6.6

Archipel build error - numpy

While configuring Archipel the following error was encountered:

Archipel build error - python-setuptools

While trying to do an initial install of Archipel the following error was encountered on a CentOS 6 64bit machine:

ArchipelAgent]# ./buildAgent -d
MESSAGE: Performing the developer installation
Traceback (most recent call last):
File "setup.py", line 18, in
from setuptools import setup, find_packages
ImportError: No module named setuptools
ERROR: Unable to install EGG package archipel-agent-hypervisor-network in developer mode

This issue is that python-setuptools was not installed. Installing it should fix the error:

Ossec ar.conf issue

While setting up a new ossec cluster I encountered the following error when trying to restart ossec on the client server using /var/ossec/bin/agent_control 001 :

ossec-execd(1103): ERROR: Unable to open file '/var/ossec/etc/shared/ar.conf'.
ossec-execd(1311): ERROR: Invalid command name 'restart-ossec0' provided.

The issue is a problem with ownership on the ar.conf file. By default ossec installs it with root:root permissions but it needs to be root:ossec.

#chown root:ossec /var/ossec/etc/shared/ar.conf

Linksys 0-day Exploit

Security researchers at DefenseCode uncovered a 0day exploit within the linksys firmware. They have only tested it on the WRT54GL but believe other models will be vulnerable. At the moment only security researchers appear to have the exploit code. Per defensecode's vulnerability disclosure policy they are going to release the full details of the attack on January 25th.

Red October Malware Campaign

Securelist has a very interesting post about a malware campaign that has existed under the radar for at least 5 years. More will be coming out in the next few days.

http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanc...

Did you know? Yawig offers Data Backup Services & Solutions to secure your websites & data from malware and hackers.

0-Day in Java 1.7

A new exploit in java has been made public, details can be found here: http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-d...

It appears the exploit has been around for at least some time as two different exploit kits already include it. At the moment the only fix is to disable java. If you need java I would suggest running it on a specific browser used only for that, ideally within a virtual machine.

Exploit for Internet Explorer Version 6 through 8

If you are using internet explorer beware of the current 0-day exploit that is being actively exploited. There is also a metasploit tool that allows users to exploit the vulnerability.

Dropbox DB stolen?

It appears that dropbox has had at least part of the Dropbox user database stolen. Many users with unique email addresses created only for dropbox have reported spam. Krebs has a good post on it over here along with a few relavent links to the dropbox forum and twitter.

http://krebsonsecurity.com/2012/07/spammers-target-dropbox-users/

Qualys SSL checker

Encryption is vital to any website that takes information that should not be viewable by others. Ecommerce sites are one of the more obvious places for SSL but login pages should be and many contact forms would ideally be encrypted.

A decent check of your website to make sure that SSL is properly configured can be found here: https://www.ssllabs.com/ssltest/

Enjoy!

Libvirtd starting problems

The following error was encountered while trying to get libvirtd running:

libvirt version: 0.9.10, package: 21.el6_3.1 (CentOS BuildSystem , 2012-07-03-16:15:49, c6b8.bsys.dev.centos.org)
error : virNetServerMDNSStart:460 : internal error Failed to create mDNS client: Daemon not running

Note that I had to check /var/log/libvirt/libvirt.log as a service libvirtd start looked fine, a restarted was failing on stopping it.

The issue comes from avahi not running. Go ahead and install it and get messagebus running via:

Plesk 0 day exploit

If you are running Parallels Plesk control panel (both linux and windows) check out this article: http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-s...

Plesk reports that patching can help it but some are reporting that even patched servers may be vulnerable to this exploit. The most common attack seems to be uploading an iframe that can be then used to distribute malware to people surfing the site.

Welcome to the new page!

Well its about that time...time for a new page! I have done a complete revamp of the backend and have everything up to the latest and greatest versions. The last few years have gone by in the blink of an eye, now after changing jobs I have a bit more time and plan to use some of that time to rejuvenate the site.

Enjoy your visit! =-)

-John
"eth00"

Icinga-web install problem

This error I got when trying to install icinga-web on a cents 5 server.

[Wed May 25 20:54:02 2011] [fatal] Uncaught AppKitPHPError: PHP Error mkdir() [function.mkdir]: File exists (/usr/local/icinga-web/app/cache/config/compile.xml_development__033d402eaeb08f42e4e3d5f8474e444805e2c7c6.php:1327) (/usr/local/icinga-web/app/modules/AppKit/lib/logging/AppKitExceptionHandler.class.php:20)

Articles and guides:

Ossec start problems

The following is an error encountered after setting up ossec as an agent:

ossec-agentd: INFO: Trying to connect to server (10.0.0.2:1514).
ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '10.0.0.2'.

Make sure that the ossec server is running, has no firewall, and the IP for it is correct.

OSSEC start problem due to keys

The following is an error I got after starting ossec as an agent that is supposed to connect back to a central server:


#/var/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)...
Started ossec-execd...
ossec-agentd(1402): ERROR: Authentication key file '/var/ossec/etc/client.keys' not found.
ossec-agentd(1750): ERROR: No remote connection configured. Exiting.
ossec-agentd(4109): ERROR: Unable to start without auth keys. Exiting.

Unreal 3.2 Source compile errors

If you get the following while trying to source compile Unreal 3.2:

Pages

Subscribe to Server admin info for cPanel, Plesk and linux! RSS