Wikileaks released a document about an attack against CentOS / Rhel.
Here's the text, there are some docs there also.
29 June, 2017
Today, June 29th 2017, WikiLeaks publishes documents from the
OutlawCountry project of the CIA that targets computers running the
Linux operating system. OutlawCountry allows for the redirection of all
outbound network traffic on the target computer to CIA controlled
machines for ex- and infiltration purposes. The malware consists of a
kernel module that creates a hidden netfilter table on a Linux target;
with knowledge of the table name, an operator can create rules that
take precedence over existing netfilter/iptables rules and are
concealed from an user or even system administrator.
The installation and persistence method of the malware is not described
in detail in the document; an operator will have to rely on the
available CIA exploits and backdoors to inject the kernel module into a
target operating system. OutlawCountry v1.0 contains one kernel module
for 64-bit CentOS/RHEL 6.x; this module will only work with default
kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT
rules to the PREROUTING chain.
My first take is that this doesn't represent a very serious threat. Do
I'm trying to write a service file for a daemon and having some
problems. I believe the issue is with the ability to give the process
write and read access to parts of the filesystem which appear to
somehow be restricted.
The daemon is the Avira virus scanner, which runs under amavisd-new.
The daemon's home directory is
/usr/local/savapi-sdk-linux_glibc24_x86_64, and it needs write access
in the modules directory.
The daemon can run as root or as the amavis user. It drops its
privileges to the amavis user after starting anyway.
Here is what I have so far:
# cat /etc/systemd/system/savapi.service
Description=Avira Antivirus SDK
I've specified "RequiresMountsFor", which I understood could be used
to provide access to parts of the filesystem. I've also disabled
PrivateTmp and PrivateDevices.
The ExecStart script just spawns the savapi daemon:
./savapi --config=savapi.conf &
When I attempt to start the service, journalctl -xe shows me:
Validation failed for option 'ModulesDir' with value
'/usr/local/savapi-sdk-linux_glibc24_x86_64/modules'. Path cannot be
accessed (no write permission).
ModulesDir is /usr/local/savapi-sdk-linux_glibc24_x86_64/modules
When I run the script manually as root or as the amavis user, it runs
I think the problem is that I don't understand how systemd processes
access the filesystem and the restrictions on permissions.
Any ideas greatly appreciated.
I'm running Fedora 27 x86_64 (rawhide) and have noticed a problem in text windows with Firefox.
The problem exists in both the FF released version AND the FF beta version. It could be Firefox.
The problem exists with KDE and WindowMaker as the desktop manager.
What I'm seeing:
I have the caps lock key mapped to the ctrl key so when I type ALL caps I have to hold down the shift key. When I try to insert a space between words I have to release the shift key, otherwise the space is ignored. This used to work but since I reinstalled this system the keyboard is acting strangely. This behavior plus certain other letters seem to want to generate a cedilla or an accent grave or accent acute or an umlaut. There are a few other characters that behave similarly. Coincidentally I started getting messages about python forcing "PYTHONCOERCECLOCALE=0". Maybe this is not related to this problem, I can't tell. Could this be a LOCALE issue?
I can't tell if this is a bug or just a UFU (User Foul Up). Any thoughts/hints/tips/suggestions would be gratefully accepted.
I'm running Fedora 25, the latest update also updated Thunderbird to
Since then I am seeing lots of weird/broken behavior, I have multiple
accounts and sometimes when I open thunderbird I see the folders in an
account and other times I see the account name ad no folders (not even
the INBOX). I seem to be unable to use many folders offline even with
the flag checked for offline use.
Anyone know of any work arounds? Maye I should downgrade thunderbird?
Can someone point me towards how to downgrade a single package?
Thanks in advance
I have migrate my home server from Fedora 11 to Fedora 25 with a new
All work fine except the load firmware of the cxacru module (ADSL Modem
USB) at boot time, after a poweroff and unplug/plug the AC power cable.
If I try reload the modules manually when the server is started I get
the same error and the firmware is not loaded.
If I disconnect and reconnect modem USB when the server is on, the
cxacru module load its firmware without problem and I can load the ppp
interface property .
This is log message at boot time:
> giu 28 09:11:18 igloo.home.solinos.it kernel: rt61pci 0000:05:00.0 wlp5s0: renamed from wlan0
> giu 28 09:11:18 igloo.home.solinos.it crda: setting regulatory domain to IT based on timezone (Europe/Rome)
> giu 28 09:11:19 igloo.home.solinos.it systemd: Found device /dev/fedora/multimedia.
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: receive of cm 0x90 failed (-104)
> giu 28 09:11:19 igloo.home.solinos.it kernel: usbcore: registered new interface driver cxacru
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: found firmware cxacru-fw.bin
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: loading firmware
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: Firmware upload failed: -32
> giu 28 09:11:19 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: send of cm 0x90 failed (-32)
> giu 28 09:11:19 igloo.home.solinos.it systemd: Found device /dev/fedora/temp.
> giu 28 09:11:19 igloo.home.solinos.it systemd: Found device /dev/mapper/fedora-var.
> giu 28 09:11:19 igloo.home.solinos.it systemd: Found device /dev/mapper/fedora-home.
> giu 28 09:11:19 igloo.home.solinos.it systemd: Found device /dev/fedora/lv_virt.
> giu 28 09:11:20 igloo.home.solinos.it lvm: 9 logical volume(s) in volume group "fedora" now active
This is log message when all work fine:
> giu 28 12:12:57 igloo.home.solinos.it kernel: usbcore: registered new interface driver cxacru
> giu 28 12:12:57 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: found firmware cxacru-fw.bin
> giu 28 12:12:57 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: loading firmware
> giu 28 12:12:58 igloo.home.solinos.it kernel: cxacru 2-1.1:1.0: starting device
> giu 28 12:12:59 igloo.home.solinos.it NetworkManager: <info> [1498644779.6061] manager: (cxacru0): new ADSL device (/org/freedesktop/NetworkManager/Devices/4)
> giu 28 12:12:59 igloo.home.solinos.it NetworkManager: <info> [1498644779.6064] device (cxacru0): state change: unmanaged -> unavailable (reason 'managed') [10 20 2]
> giu 28 12:12:59 igloo.home.solinos.it kernel: cxacru0: ADSL USB MODEM (usb-0000:00:1d.0-1.1) 00:04:ed:54:e2:53
> giu 28 12:12:59 igloo.home.solinos.it kernel: ATM dev 0: ADSL state: running
> giu 28 12:12:59 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: down
> giu 28 12:13:03 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: attempting to activate
> giu 28 12:13:05 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: down
> giu 28 12:13:07 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: attempting to activate
> giu 28 12:13:09 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: down
> giu 28 12:13:11 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: attempting to activate
> giu 28 12:13:19 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: training
> giu 28 12:13:21 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: channel analysis
> giu 28 12:13:26 igloo.home.solinos.it kernel: ATM dev 0: ADSL line: up (800 kb/s down | 320 kb/s up)
> giu 28 12:13:29 igloo.home.solinos.it NetworkManager: <info> [1498644809.6502] device (cxacru0): link connected
> giu 28 12:13:29 igloo.home.solinos.it NetworkManager: <info> [1498644809.6505] device (cxacru0): state change: unavailable -> disconnected (reason 'carrier-changed') [20 30 40]
I have do a script to run after boot in order to load cxacru module and ppp0 interface.
But I must unplug and reattach manually the usb cable before run this script
There is some way (command line) to simulate unplug/plug of Modem USB?
Someone have some suggest?
(inviato dal mio Linux Fedora 25 Workstation)
On 2017-06-27 11:02, fred roller wrote:
> This link will get you the win10 .iso image to burn, should be free of
> Virtual software on Fedora is free of charge. For simple programs you
> should not need a stand alone system. If, however, you do need a full
> system then there are plenty of refirbs for cheap.
> -- Fred
Cool! I just downloaded and installed it. It installed without a hitch
with Virtualbox, though Microsoft insisted I create an account -- which
I've never done before. I didn't know that Win 10 was free from
It's funny, I started using Linux back 20 years ago or so. Back then,
you always had to have a copy of Windows on your box because there was
always *something* that wouldn't work or run or whatever. Over the
years, I've slowly used Windows less and less, and this last time I
installed, I didn't bother making my machine dual boot -- I never "have"
to go to Windows, except for font issues in presentations and such for
compatibility at meetings. My brother-in-law was having problems with
his laptop the other day and asked me to help him.
It was running Windows 10. I turned it on and could hardly recognize
it. I didn't know where anything was. It took me over two hours of
reading tutorials and doing searches to make enough sense of things and
get him going (after all, tasks are tasks no matter what your OS is...)
. And even then I still don't know how to do a number of system things
that I used to be able to do as late as Windows 7. I told myself I
really ought to get a book on Windows 10 administration and get on the
ball, but my eyes just glazed over. I thought systemd was adding too
much complexity and too many layers of BS. It's got nothing on
Microsoft. Windows 10 seems pretty opaque to me.
But there it is, sitting in a window. Thanks for the link.
Sorry to bother the fedora list, but I'm not sure where to ask. I have
a trial transcript in .ptx format I need to look at. Does anybody know
of any tool in Fedora/Linux that can read these?
i'm embarrassed to be asking this, but is there a command that lists
only the installed dnf plugins?
Robert P. J. Day Ottawa, Ontario, CANADA
I did nearly the same as here
by the way this
ExecStart=/sbin/runuser -l USER -c "/usr/bin/vncserver %i -geometry
ExecStart=/usr/bin/vncserver %i -geometry 1280x1024
because the 'runuser'-variant doesn't work at all, no connection
possible from VNCviewer;
or is there also something missing in the SELinux policies?
the -geometry parameter is ignored, I only get a display of 1024x768
when connecting with VNCviewer from other machine ...
I installed the last kernel (4.11.3-202.fc25.x86_64) today and there are
no more virtualbox modules for this kernel:
kmod-VirtualBox-5.1.20-1.fc25.x86_64 is empty and so systemd complains
at boot time that virtualbox modules cannot be loaded....
What is this issue?
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 8394 5849