Critical OpenSSL security exploit (aka Heartbleed)

Important: Critical OpenSSL security exploit

A serious vulnerability has been discovered in OpenSSL (the most popular SSL module used on Linux based servers). This exploit allows a third party to steal information that would otherwise be secured and encrypted with the SSL/TLS protocol.

If you have a virtual server (VPS) or dedicated server you urgently need to apply the latest OpenSSL patches. Instructions below –

cPanel/WHM:

  1. Login to WebHostManager
  2. Go to cPanel in the left hand menu
  3. Click Upgrade to Latest Version
  4. Follow upgrade instructions
  5. Go to Software in the left hand menu
  6. Click Update System Software
  7. Follow upgrade instructions

SW-Soft Plesk

  1. Login to the Plesk Control Panel
  2. Go to to Settings
  3. Run the Plesk Updater

For the CentOS operating system:

  1. SSH in as root
  2. Run the command ‘yum update’ from the command line
  3. Yum will update the at-risk packages

For Ubuntu or Debian operating system:

  1. SSH in as root
  2. Run the command ‘apt-get update && apt-get upgrade’

If you need assistance patching your systems consider contacting a technical services company such as Aorta Consulting.

Sysdig – Linux System Troubleshooting Tool

Sysdig is an open source Linux system troubleshooting tool which allows you to capture system state and activity from a running Linux instance, then save, filter and analyze it. It includes strace, tcpdump, lsof and a number of other utilities all compiled into one Swiss-army style tool.

Sysdig is designed to simplify system level troubleshooting, in-particular distributed, virtualized and cloud-based environments. Sysdig captures system calls and other system level events using a linux kernel facility called tracepoints, which means much less overhead than strace. It then “packetizes” this information, so that you can save it into trace files and filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing.

For installation instructions please click here.

Caching Name Server for CentOS 6.x

A caching only DNS server caches DNS query results for the domain name being queried. These chache are stored for pre specified time known as the TTL ( time-to-live). A caching only name server will find the answer to name queries and remember the answer the next time you need it. This will shorten the waiting time the next time significantly, especially if you’re on a slow connection.

Step 1: Install the BIND Packages using Yum

Install bind packages using below command. In CentOS the caching-nameserver package has been included with bind package.

# yum install bind bind-chroot
Step 2: Copy default bind configuration File

Copy bind configuration file from bind sample files using below command. Change the path of files as per version you have installed.

cd /var/named/chroot/etc
cp /usr/share/doc/bind-9.9.2/sample/etc/named.conf  .
cp /usr/share/doc/bind-9.9.2/sample/etc/named.rfc1912.zones  .
Step 3: Make changes in Configuration File

Edit bind configuration file in your favorite editor and make necessory changes as per below settings or use below configuration.

// /var/named/chroot/etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; any; };
        listen-on-v6 port 53 { ::1; };
         Continue reading "Caching Name Server for CentOS 6.x"

Install Dell OpenManage on CentOS 6.4x

I have updated my Dell OpenManage installer script to address several compatibility issues with Dell PowerEdge G12+ systems. The following Dell OpenManage Server Administrator (OMSA) installation script is suitable for RedHat 6.4x and CentOS 6.4x systems

1. Login to your server via SSH.
2. Change directories to your source store:

# cd /usr/src

3. Create the install script:

# nano -w dominstaller.sh

4. Cut and paste the following text:

#!/bin/bash
#
# Dell OpenManage Installer (DOMI)
# Revision: June 25th 2013 md3v.com
#
HOST=`hostname`
D=`date '+%d%m%y'`
echo
echo "Dell OpenIPMI & OpenManage Automatic Installer"
echo "Revision: July 25nd 2013 md3v.com"
echo
read -p "Press [Enter] key to begin the installation or [CTRL+C] to exit."
echo
echo "Installing OpenIPMI..."
echo
yum -y install OpenIPMI
echo Continue reading "Install Dell OpenManage on CentOS 6.4x"

Remotely wipe a Linux based server

There may come a time when you need to remotely wipe a Linux based server. Maybe your server has been compromised, is no longer required in production or, for security reasons, you simply need to make sure that the server is fully erased and no longer recoverable.

Note: This process is specifically designed for headless servers, e.g. server which do not have a locally (or remotely – think KVM) screen, keyboard or mouse. There are other options available for locally accessible servers which a DBAN (or similar solution) can be ran on.

Step 1: SSH into the server then type:

# dd if=/dev/zero of=/dev/sdaX

To check the correct hard disk device to wipe use:

#df -h

The DD command will copy zeros over the whole disk, rendering any existing data useless.

Step 2: Wait approximately ~10 minutes (more for good (or worse?) measure) after which time run:

# echo 1 > /proc/sys/kernel/sysrq
# echo o > /proc/sysrq-trigger

These commands will initiate a full power off of the server.

For click here for more information on the sysrp command and here for information on the sysrp-trigger command.