Installing Linux Kernel v4.10

I started using CentOS over several other Distros that I have been testing ever the years. I still have an Ubuntu laptop just to keep up to date with things seeing that it’s one of the most popular ones.

I’ve covered installing Kernels before but I wanted to refresh that topic and include how to do it on CentOS.

Continue reading Installing Linux Kernel v4.10

Advertisements

Linux Kernel Zero Day Vulnerability CVE-2016-0728

This vulnerability has existed since 2012 and it affects Android and Linux systems running Linux Kernel version 3.8+, and Linux server or desktop running kernel 3.8+ is vulnerable.

As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets).

How do I fix this?

First some background on what the CVE-2016-0728 bug is. From the Perception Point Research Team

CVE-2016-0728 is caused by a reference leak in the keyrings facility. Before we dive into the details, let’s cover some background required to understand the bug. It can successfully escalates privileges from a local user to root.

Continue reading Linux Kernel Zero Day Vulnerability CVE-2016-0728

Install Viber on Linux

What is viber?

Viber for Desktop lets you send free messages as well as make free calls to other Viber users, on any device and network, in any country! Initially released as a phone app, you can now use it on your Windows and Mac desktops with a Linux version currently in development for 64-bit systems.

For the Viber site:

Viber is a mobile application that allows you to make phone calls and send text messages to all other Viber users for free! Viber is available over WiFi or 3G. Our sound quality is much better than a regular call. Once you and your friends install Viber, you can use it to talk and message as much as you want. Talk, message, and talk and message some more – for free!* You can also call any number that doesn’t have Viber at low rates using ViberOut.

Continue reading Install Viber on Linux

Colorful Bash and Vim in CentOS 7

CentOS comes default with a bland bash and vi setup. I prefer to have a colorful interface as I work. Here’s how I got mine working…

Bash

Most people use a colorful bash to distinguish between files and directories and such.

Open a terminal and do the following:

  • change to the root user

su -
or
sudo -i

  • run the following two commands:

echo "alias ls='ls --color=auto'" >> ~/.bashrc
source ~/.bashrc

Vim

Syntax highlighting is useful if you use Vim to edit files and create scripts and such. It ensures that you are doing it right. As per Vim’s website:

Syntax highlighting enables Vim to show parts of the text in another font or color. Those parts can be specific keywords or text matching a pattern.

Open a terminal and do the following:

  • change to the root user

su -

or

sudo -i

  • Make sure vim is installed

yum -y install vim-enhanced

  • Open the profile config file for editing

vi /etc/profile

  • Add the following line

alias vi=vim

  • Run the following to finalize the changes

source /etc/profile

That’s it… Now go have fun with your colorful ls outputs and syntax highlighted edits.

SSH Private-Public Key Auth for Linux and Mac

First Things First

First off, let’s talk about SSH keys and Security real briefly so that you can understand a bit more about what’s going on here and why it’s important. With all the issues happening in today’s digital age, everyone needs to start thinking about and taking one thing very seriously. You know, all the hacking and spying going on around us all.

One of the ways you can accomplish that is by using stronger encryption methods, in this case … SSH Keys or Public Key Cryptography. One of the major things is the key size. 1024 was common but that has long been hacked and not used anymore for websites and other public; so logically many are moving on to 2048 and even 4096, which is what I use.

SSH Keys provide a much more secure way to log into your servers than using passwords. While passwords can be easily broken by brute force attacks, SSH Keys way more difficult and if using a higher key can be almost impossible to decipher.

How does it work?

Generating a key pair provides you with a Private and a Public Key. You place the public key on a server you will connect to leaving the private key on your machine. When you SSH to your server you will not need to enter your password as your public key will be unlocked by your private key and you will be verified and allowed to get in. Continue reading SSH Private-Public Key Auth for Linux and Mac

Bash ‘Shell Shock’ bug blasts OS X, Linux systems wide open

A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems – and, thanks to their ubiquity, the internet at large.

It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers.

The vulnerability is present in Bash up to and including version 4.3, and was discovered by Stephane Chazelas. It puts Apache web servers, in particular, at risk of compromise: CGI scripts that use or invoke Bash in any way – including any child processes spawned by the scripts – are vulnerable to remote-code injection. OpenSSH and some DHCP clients are also affected on machines that use Bash.

Ubuntu and other Debian-derived systems that use Dash exclusively are not at risk – Dash isn’t vulnerable, but busted versions of Bash may well be present on the systems anyway. It’s essential you check the shell interpreters you’re using, and any Bash packages you have installed, and patch if necessary.

Security expert Kenn White tweeted:

You can check if you’re vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words “busted”, then you’re at risk. If not, then either your Bash is fixed or your shell is using another interpreter. Continue reading Bash ‘Shell Shock’ bug blasts OS X, Linux systems wide open

agedu for keeping up with disk usage in Linux

A few months ago I was tasked with tracking down whatever it was that kept devouring all the disk space on one of our servers. Not too hard except it’s a Linux server and I did not want to put in the effort to shell in and run commands every time something happened and I certainly did not want to have to get this one server into our production environment as it was used mostly for QA to keep their stuff.

I looked around to see if there was an easy solution and ran across agedu (age dee you) and I got them setup with it so they could do their own searches. The process to clean up disk is to track down the culprits and delete them, aged does a full drive scan and displays reports that show how much space is being used by each directory and file. It even shows the access time range for each directory.

The du vs aged thing

Yes, you could just run du and get a summary of disk usage; but, aged actually takes things to another level by distinguishing between data that is still being used and ones that are not been accessed for some time so it not only finds what is using up the most space, but also what is wasting your space by just taking up space and not being used.

From the aged site

Unix provides the standard du utility, which scans your disk and tells you which directories contain the largest amounts of data. That can help you narrow your search to the things most worth deleting.

However, that only tells you what’s big. What you really want to know is what’s too big. By itself, du won’t let you distinguish between data that’s big because you’re doing something that needs it to be big, and data that’s big because you unpacked it once and forgot about it.

Most Unix file systems, in their default mode, helpfully record when a file was last accessed. Not just when it was written or modified, but when it was even read. So if you generated a large amount of data years ago, forgot to clean it up, and have never used it since, then it ought in principle to be possible to use those last-access time stamps to tell the difference between that and a large amount of data you’re still using regularly.

agedu is a program which does this. It does basically the same sort of disk scan as du, but it also records the last-access times of everything it scans. Then it builds an index that lets it efficiently generate reports giving a summary of the results for each sub-directory, and then it produces those reports on demand.

Continue reading agedu for keeping up with disk usage in Linux