CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is
this credible?
by stan
Wikileaks released a document about an attack against CentOS / Rhel.
https://wikileaks.org/vault7/#OutlawCountry
Here's the text, there are some docs there also.
OutlawCountry
29 June, 2017
Today, June 29th 2017, WikiLeaks publishes documents from the
OutlawCountry project of the CIA that targets computers running the
Linux operating system. OutlawCountry allows for the redirection of all
outbound network traffic on the target computer to CIA controlled
machines for ex- and infiltration purposes. The malware consists of a
kernel module that creates a hidden netfilter table on a Linux target;
with knowledge of the table name, an operator can create rules that
take precedence over existing netfilter/iptables rules and are
concealed from an user or even system administrator.
The installation and persistence method of the malware is not described
in detail in the document; an operator will have to rely on the
available CIA exploits and backdoors to inject the kernel module into a
target operating system. OutlawCountry v1.0 contains one kernel module
for 64-bit CentOS/RHEL 6.x; this module will only work with default
kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT
rules to the PREROUTING chain.
My first take is that this doesn't represent a very serious threat. Do
you disagree?
3 years, 9 months
Writing a systemd service file
by Alex
Hi,
I'm trying to write a service file for a daemon and having some
problems. I believe the issue is with the ability to give the process
write and read access to parts of the filesystem which appear to
somehow be restricted.
The daemon is the Avira virus scanner, which runs under amavisd-new.
The daemon's home directory is
/usr/local/savapi-sdk-linux_glibc24_x86_64, and it needs write access
in the modules directory.
The daemon can run as root or as the amavis user. It drops its
privileges to the amavis user after starting anyway.
Here is what I have so far:
# cat /etc/systemd/system/savapi.service
[Unit]
Description=Avira Antivirus SDK
Documentation=http://www.ijs.si/software/amavisd/#doc
After=network.target
Wants=clamd(a)amavisd.service
Wants=postfix.service
RequiresMountsFor="/usr/local/savapi-sdk-linux_glibc24_x86_64"
[Service]
Type=forking
User=amavis
Group=amavis
PIDFile=/var/run/amavisd/savapi.pid
ExecStart=/var/spool/amavisd/savapi.sh start
ExecReload=/var/spool/amavisd/savapi.sh reload
Restart=on-failure
#PrivateTmp=
PrivateDevices=false
CapabilityBoundingSet=
ProtectSystem=full
ProtectHome=true
[Install]
WantedBy=multi-user.target
I've specified "RequiresMountsFor", which I understood could be used
to provide access to parts of the filesystem. I've also disabled
PrivateTmp and PrivateDevices.
The ExecStart script just spawns the savapi daemon:
#!/bin/bash
cd /usr/local/savapi-sdk-linux_glibc24_x86_64/bin
./savapi --config=savapi.conf &
When I attempt to start the service, journalctl -xe shows me:
Validation failed for option 'ModulesDir' with value
'/usr/local/savapi-sdk-linux_glibc24_x86_64/modules'. Path cannot be
accessed (no write permission).
ModulesDir is /usr/local/savapi-sdk-linux_glibc24_x86_64/modules
When I run the script manually as root or as the amavis user, it runs
successfully.
I think the problem is that I don't understand how systemd processes
access the filesystem and the restrictions on permissions.
Any ideas greatly appreciated.
Thanks,
Alex
3 years, 9 months
Keyboard problems.
by George R Goffe
Hi,
I'm running Fedora 27 x86_64 (rawhide) and have noticed a problem in text windows with Firefox.
The problem exists in both the FF released version AND the FF beta version. It could be Firefox.
The problem exists with KDE and WindowMaker as the desktop manager.
What I'm seeing:
I have the caps lock key mapped to the ctrl key so when I type ALL caps I have to hold down the shift key. When I try to insert a space between words I have to release the shift key, otherwise the space is ignored. This used to work but since I reinstalled this system the keyboard is acting strangely. This behavior plus certain other letters seem to want to generate a cedilla or an accent grave or accent acute or an umlaut. There are a few other characters that behave similarly. Coincidentally I started getting messages about python forcing "PYTHONCOERCECLOCALE=0". Maybe this is not related to this problem, I can't tell. Could this be a LOCALE issue?
I can't tell if this is a bug or just a UFU (User Foul Up). Any thoughts/hints/tips/suggestions would be gratefully accepted.
Thanks,
George...
3 years, 9 months
Thunderbird Issues
by ProPAAS DBA
Hi All;
I'm running Fedora 25, the latest update also updated Thunderbird to
version 52.2.0
Since then I am seeing lots of weird/broken behavior, I have multiple
accounts and sometimes when I open thunderbird I see the folders in an
account and other times I see the account name ad no folders (not even
the INBOX). I seem to be unable to use many folders offline even with
the flag checked for offline use.
Anyone know of any work arounds? Maye I should downgrade thunderbird?
Can someone point me towards how to downgrade a single package?
Thanks in advance
3 years, 9 months
Fedora 25: cxacru module (ADSL Modem USB) fail to load its firmware
at boot time
by Dario Lesca
I have migrate my home server from Fedora 11 to Fedora 25 with a new
installation.
All work fine except the load firmware of the cxacru module (ADSL Modem
USB) at boot time, after a poweroff and unplug/plug the AC power cable.
If I try reload the modules manually when the server is started I get
the same error and the firmware is not loaded.
If I disconnect and reconnect modem USB when the server is on, the
cxacru module load its firmware without problem and I can load the ppp
interface property .
This is log message at boot time:
> giu 28 09:11:18 igloo.home.solinos.it kernel: rt61pci 0000:05:00.0 wlp5s0: renamed from wlan0
> giu 28 09:11:18 igloo.home.solinos.it crda[811]: setting regulatory domain to IT based on timezone (Europe/Rome)
> giu 28 09:11:19 igloo.home.solinos.it systemd[1]: Found device /dev/fedora/multimedia.
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: receive of cm 0x90 failed (-104)
> giu 28 09:11:19 igloo.home.solinos.it kernel: usbcore: registered new interface driver cxacru
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: found firmware cxacru-fw.bin
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: loading firmware
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: Firmware upload failed: -32
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: send of cm 0x90 failed (-32)
> giu 28 09:11:19 igloo.home.solinos.it systemd[1]: Found device /dev/fedora/temp.
> giu 28 09:11:19 igloo.home.solinos.it systemd[1]: Found device /dev/mapper/fedora-var.
> giu 28 09:11:19 igloo.home.solinos.it systemd[1]: Found device /dev/mapper/fedora-home.
> giu 28 09:11:19 igloo.home.solinos.it systemd[1]: Found device /dev/fedora/lv_virt.
> giu 28 09:11:20 igloo.home.solinos.it lvm[775]: 9 logical volume(s) in volume group "fedora" now active
>
This is log message when all work fine:
> giu 28 12:12:57 igloo.home.solinos.it kernel: usbcore: registered new interface driver cxacru
> giu 28 12:12:57 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: found firmware cxacru-fw.bin
> giu 28 12:12:57 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: loading firmware
> giu 28 12:12:58 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: starting device
> giu 28 12:12:59 igloo.home.solinos.it NetworkManager[1055]: <info> [1498644779.6061] manager: (cxacru0): new ADSL device (/org/freedesktop/NetworkManager/Devices/4)
> giu 28 12:12:59 igloo.home.solinos.it NetworkManager[1055]: <info> [1498644779.6064] device (cxacru0): state change: unmanaged -> unavailable (reason 'managed') [10 20 2]
> giu 28 12:12:59 igloo.home.solinos.it kernel: cxacru0: ADSL USB MODEM (usb-0000:00:1d.0-1.1) 00:04:ed:54:e2:53
> giu 28 12:12:59 igloo.home.solinos.it kernel: ATM dev 0: ADSL state: running
> giu 28 12:12:59 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: down
> giu 28 12:13:03 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: attempting to activate
> giu 28 12:13:05 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: down
> giu 28 12:13:07 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: attempting to activate
> giu 28 12:13:09 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: down
> giu 28 12:13:11 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: attempting to activate
> giu 28 12:13:19 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: training
> giu 28 12:13:21 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: channel analysis
> giu 28 12:13:26 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: up (800 kb/s down | 320 kb/s up)
> giu 28 12:13:29 igloo.home.solinos.it NetworkManager[1055]: <info> [1498644809.6502] device (cxacru0): link connected
> giu 28 12:13:29 igloo.home.solinos.it NetworkManager[1055]: <info> [1498644809.6505] device (cxacru0): state change: unavailable -> disconnected (reason 'carrier-changed') [20 30 40]
I have do a script to run after boot in order to load cxacru module and ppp0 interface.
But I must unplug and reattach manually the usb cable before run this script
There is some way (command line) to simulate unplug/plug of Modem USB?
Someone have some suggest?
Many thanks
--
Dario Lesca
(inviato dal mio Linux Fedora 25 Workstation)
3 years, 9 months
Re: Off topic: Does anybody know how to read a .ptx (E-Transcript)
document file?
by vendor@billoblog.com
On 2017-06-27 11:02, fred roller wrote:
> This link will get you the win10 .iso image to burn, should be free of
> charge.
>
> https://www.microsoft.com/en-us/software-download/windows10ISO
>
> Virtual software on Fedora is free of charge. For simple programs you
> should not need a stand alone system. If, however, you do need a full
> system then there are plenty of refirbs for cheap.
>
> -- Fred
Cool! I just downloaded and installed it. It installed without a hitch
with Virtualbox, though Microsoft insisted I create an account -- which
I've never done before. I didn't know that Win 10 was free from
Microsoft.
It's funny, I started using Linux back 20 years ago or so. Back then,
you always had to have a copy of Windows on your box because there was
always *something* that wouldn't work or run or whatever. Over the
years, I've slowly used Windows less and less, and this last time I
installed, I didn't bother making my machine dual boot -- I never "have"
to go to Windows, except for font issues in presentations and such for
compatibility at meetings. My brother-in-law was having problems with
his laptop the other day and asked me to help him.
It was running Windows 10. I turned it on and could hardly recognize
it. I didn't know where anything was. It took me over two hours of
reading tutorials and doing searches to make enough sense of things and
get him going (after all, tasks are tasks no matter what your OS is...)
. And even then I still don't know how to do a number of system things
that I used to be able to do as late as Windows 7. I told myself I
really ought to get a book on Windows 10 administration and get on the
ball, but my eyes just glazed over. I thought systemd was adding too
much complexity and too many layers of BS. It's got nothing on
Microsoft. Windows 10 seems pretty opaque to me.
But there it is, sitting in a window. Thanks for the link.
billo
3 years, 9 months
virtualbox and kernel 4.11.3-202.fc25.x86_64
by François Patte
Bonjour,
I installed the last kernel (4.11.3-202.fc25.x86_64) today and there are
no more virtualbox modules for this kernel:
kmod-VirtualBox-5.1.20-1.fc25.x86_64 is empty and so systemd complains
at boot time that virtualbox modules cannot be loaded....
What is this issue?
Thank you.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 8394 5849
http://www.math-info.univ-paris5.fr/~patte
3 years, 9 months
