Fedora and Red Hat servers compromised – CentOS unaffected

Let’s start with an item that dominated the coverage on many Linux web sites – the security breach of Fedora and Red Hat servers. This is what happened: “Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline. One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key.” The fact that it took Fedora more than a week to publish a report on the problem was heavily criticised by some media (see this article by ITWire). However, the simple truth is that as soon as Fedora discovered the breach, they have stopped providing software updates, they mobilised their resources to deal with the situation and, once they analysed the extent of the problem, published a report about it. That’s pretty much what I would expect from any distribution – nothing more and nothing less. The incident also confirms another fact: there is no such thing as “100% secure” and similar issues are bound to happen from time to time (one of the Debian servers was also hit by a security compromise in July 2006). While it is regrettable that a server of a major Linux project gets broken into, there is no doubt that Fedora has dealt with the situation in a highly efficient, competent and responsible manner.

As far as the users of Red Hat Enterprise Linux are concerned, the company sent out the following security alert (RHSA-2008-0855) to its customers: “Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action. … In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them.” But those customers who use Red Hat Network to update their products are not affected by the issue: “Our processes and efforts to date indicate that packages obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are not at risk.”

Next, it was the turn of CentOS, a distribution that is effectively a clone of Red Hat Enterprise Linux (RHEL) and which uses RHEL packages for their own security updates. Karanbir Singh in CentOS position on systems intrusion at Red Hat: “We take security issues very seriously, and as soon as we were made aware of the situation I undertook a complete audit of the entire CentOS 4/5 build and signing infrastructure. We can now assure everyone that no compromise has taken place anywhere within the CentOS infrastructure. Our entire set-up is located behind multiple firewalls, and only accessible from a very small number of places, by only a few people. Also included in this audit were all entry points to the build services, signing machines, primary release machines and connectivity between all these hosts. … Finally, while we feel confident that there is no possibility of this compromise having been passed onto the CentOS user base, we still encourage users to verify their packages independently using whatever resources they might have available.”

[Hahaha... Source: Distrowatch]

Gentoo Linux 2008.0 released

The 2008.0 final release is out! Code-named “It’s got what plants crave,” this release contains numerous new features including an updated installer, improved hardware support, a complete rework of profiles, and a move to Xfce instead of GNOME on the LiveCD. LiveDVDs are not available for x86 or amd64, although they may become available in the future. The 2008.0 release also includes updated versions of many packages already available in your ebuild tree.

[more]

Optimize your Internet connection (TCP) and maximize your bandwidth in Linux

Simply modify your sysctl file and poof!

sudo gedit /etc/sysctl.conf

copy and past the following code at the last line on your sysctl file

# increase TCP max buffer size setable using setsockopt()
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
 
# increase Linux autotuning TCP buffer limits
# min, default, and max number of bytes to use
# set max to at least 4MB, or higher if you use very high BDP paths
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
 
# don't cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
 
# recommended to increase this for 1000 BT or higher
net.core.netdev_max_backlog = 2500
 
# for 10 GigE, use this, uncomment below
# net.core.netdev_max_backlog = 30000
# Turn off timestamps if you're on a gigabit or very busy network
# Having it off is one less thing the IP stack needs to work on
#net.ipv4.tcp_timestamps = 0
# disable tcp selective acknowledgements.
net.ipv4.tcp_sack = 0
 
#enable window scaling
net.ipv4.tcp_window_scaling = 1

tada… now run the following command

sudo sysctl -p

Windows Mobile 5/6 Synchronization on Linux

“ActiveSync is a synchronisation program developed by Microsoft. It allows a mobile device to be synchronized with either a desktop PC, or a server running Microsoft Exchange Server, PostPath Email and Collaboration Server, Kerio MailServer, Zimbra or Z-Push.” (Wikipedia, 2008)

But how to synchronize your Windows Mobile device in Linux? The solution for ActiveSync alternative on Linux is SynCE. The purpose of the SynCE project is to provide a means of communication with a Windows Mobile device from a computer running Linux, *BSD or other unixes using USB or Bluetooth. One can then use one’s computer to browse files, install applications and synchronize contacts, calendar and tasks with their PIM application of choice.

Lets setup it on our machine. This tutorial is working on Ubuntu 8.04 (Hardy).

First add SynCE repository to your sources.list

echo "deb http://ppa.launchpad.net/synce/ubuntu hardy main" | sudo tee -a /etc/apt/sources.list
echo "deb-src http://ppa.launchpad.net/synce/ubuntu hardy main" | sudo tee -a /etc/apt/sources.list

Now update your packages list

sudo apt-get update

As i mention before, Ubuntu 8.04 is a mistake. Ubuntu generic kernel might have some problems with USB driver. So here is the solution. First unload the old module

sudo rmmod rndis_host cdc_ether usbnet

Now, remove it

sudo rm /lib/modules/`uname -r`/kernel/drivers/net/usb/{rndis_host,cdc_ether,usbnet}.ko

Compile the new USB driver: usb-rndis-source and cdbs

sudo apt-get install usb-rndis-source cdbs
sudo module-assistant auto-install usb-rndis

Fixed! Now back to SynCE story… We need to install several libraries which are odccm, librra0-tools and librapi2-tools

sudo apt-get install odccm librra0-tools librapi2-tools

Now connect your device and run the following command

synce-pls

IF you can see the lisft of files on your device, your device is successfully connected to your Linux machine.

BUT if it returns you the following error message, you need to install SynCE-GNOME or SynCE-KPM to provide a password prompt on device connect.

. WARNING **: synce_info_from_odccm: Failed to get a connection for <device_name>: Not authenticated, you need to call !ProvidePassword with the correct password. pls: Could not find configuration at path '(Default)'

To start sync your device, you need OpenSync.

sudo apt-get install multisync-tools opensync-plugin-evolution opensync-plugin-synce

Wee..! Your device is ready to sync. Please refer to OpenSync page for tutorial on how to use OpenSync

For the official guide, please visit http://www.synce.org

Entropy – New Package Management Toolkit for Gentoo-based Distribution

Entropy is described as a package management system that combines the best of Portage, Yum and APT to provide a fast, intuitive and trouble-free solution for Sabayon Linux users. It consists of several tools. The text-mode client called “Equo” was already available in a previous Sabayon Linux release, but the graphical client called “Spritz” is expected to make its first appearance only in version 3.5. Other tools that make up the Entropy kit include “Reagent” and “Activator”, which are server applications.

Equo works in a fashion similar to “apt-get” or “yum” when used in a terminal window. One can update the package database with “equo update” and install a new package with “equo install <package-name>”. There are also commands for managing package repositories, searching for packages or manipulating the installed package database. Just as with Yum, the Equo package database is powered by SQLite, but it also includes a number of interesting features; as an example, one can install multiple packages inside an archive with a single command or convert Sabayon packages so that they become compatible with Gentoo Linux.

Spritz is work in progress. Not much information is available at this time, but the package is already available in the Sabayon Linux repository. A number of screenshots were recently published on the Planet Sabayon blog, showing the user interface, search function and various dialogs that provide package information.


The Spritz package manager (more screenshots available here)

Fabio Erculiani, the founder of Sabayon Linux explains the reasons behind starting Entropy: “I’ve been busy for about 13 months working on it and now we are very close to have something that could really change the way users see a Gentoo-based distribution – the Entropy stack. There are still some secondary things missing, like the package masking interface and the Gentoo Linux Security Advisories (GLSA) interface. Non-free licenses will also pop-up and require users to accept their terms. Another cool thing is that I already implemented an “equo security” interface with the promise of creating an official team and a web page dedicated to security within the next 12 months.”

[Source: Distrowatch]

Go to top