Xanda's Blog !~!

Fedora and Red Hat servers compromised – CentOS unaffected

Aug
25

Let’s start with an item that dominated the coverage on many Linux web sites – the security breach of Fedora and Red Hat servers. This is what happened: “Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline. One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key.” The fact that it took Fedora more than a week to publish a report on the problem was heavily criticised by some media (see this article by ITWire). However, the simple truth is that as soon as Fedora discovered the breach, they have stopped providing software updates, they mobilised their resources to deal with the situation and, once they analysed the extent of the problem, published a report about it. That’s pretty much what I would expect from any distribution – nothing more and nothing less. The incident also confirms another fact: there is no such thing as “100% secure” and similar issues are bound to happen from time to time (one of the Debian servers was also hit by a security compromise in July 2006). While it is regrettable that a server of a major Linux project gets broken into, there is no doubt that Fedora has dealt with the situation in a highly efficient, competent and responsible manner.

As far as the users of Red Hat Enterprise Linux are concerned, the company sent out the following security alert (RHSA-2008-0855) to its customers: “Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action. … In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them.” But those customers who use Red Hat Network to update their products are not affected by the issue: “Our processes and efforts to date indicate that packages obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are not at risk.”

Next, it was the turn of CentOS, a distribution that is effectively a clone of Red Hat Enterprise Linux (RHEL) and which uses RHEL packages for their own security updates. Karanbir Singh in CentOS position on systems intrusion at Red Hat: “We take security issues very seriously, and as soon as we were made aware of the situation I undertook a complete audit of the entire CentOS 4/5 build and signing infrastructure. We can now assure everyone that no compromise has taken place anywhere within the CentOS infrastructure. Our entire set-up is located behind multiple firewalls, and only accessible from a very small number of places, by only a few people. Also included in this audit were all entry points to the build services, signing machines, primary release machines and connectivity between all these hosts. … Finally, while we feel confident that there is no possibility of this compromise having been passed onto the CentOS user base, we still encourage users to verify their packages independently using whatever resources they might have available.”

[Hahaha… Source: Distrowatch]

Gentoo Linux 2008.0 released

Jul
07

The 2008.0 final release is out! Code-named “It’s got what plants crave,” this release contains numerous new features including an updated installer, improved hardware support, a complete rework of profiles, and a move to Xfce instead of GNOME on the LiveCD. LiveDVDs are not available for x86 or amd64, although they may become available in the future. The 2008.0 release also includes updated versions of many packages already available in your ebuild tree.

[more]

Optimize your Internet connection (TCP) and maximize your bandwidth in Linux

May
17

Simply modify your sysctl file and poof!

sudo gedit /etc/sysctl.conf

copy and past the following code at the last line on your sysctl file

# increase TCP max buffer size setable using setsockopt()
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
 
# increase Linux autotuning TCP buffer limits
# min, default, and max number of bytes to use
# set max to at least 4MB, or higher if you use very high BDP paths
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
 
# don't cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
 
# recommended to increase this for 1000 BT or higher
net.core.netdev_max_backlog = 2500
 
# for 10 GigE, use this, uncomment below
# net.core.netdev_max_backlog = 30000
# Turn off timestamps if you're on a gigabit or very busy network
# Having it off is one less thing the IP stack needs to work on
#net.ipv4.tcp_timestamps = 0
# disable tcp selective acknowledgements.
net.ipv4.tcp_sack = 0
 
#enable window scaling
net.ipv4.tcp_window_scaling = 1

tada… now run the following command

sudo sysctl -p

Windows Mobile 5/6 Synchronization on Linux

May
10

“ActiveSync is a synchronisation program developed by Microsoft. It allows a mobile device to be synchronized with either a desktop PC, or a server running Microsoft Exchange Server, PostPath Email and Collaboration Server, Kerio MailServer, Zimbra or Z-Push.” (Wikipedia, 2008)

But how to synchronize your Windows Mobile device in Linux? The solution for ActiveSync alternative on Linux is SynCE. The purpose of the SynCE project is to provide a means of communication with a Windows Mobile device from a computer running Linux, *BSD or other unixes using USB or Bluetooth. One can then use one’s computer to browse files, install applications and synchronize contacts, calendar and tasks with their PIM application of choice.

Lets setup it on our machine. This tutorial is working on Ubuntu 8.04 (Hardy).

First add SynCE repository to your sources.list

echo "deb http://ppa.launchpad.net/synce/ubuntu hardy main" | sudo tee -a /etc/apt/sources.list
echo "deb-src http://ppa.launchpad.net/synce/ubuntu hardy main" | sudo tee -a /etc/apt/sources.list

Now update your packages list

sudo apt-get update

As i mention before, Ubuntu 8.04 is a mistake. Ubuntu generic kernel might have some problems with USB driver. So here is the solution. First unload the old module

sudo rmmod rndis_host cdc_ether usbnet

Now, remove it

sudo rm /lib/modules/`uname -r`/kernel/drivers/net/usb/{rndis_host,cdc_ether,usbnet}.ko

Compile the new USB driver: usb-rndis-source and cdbs

sudo apt-get install usb-rndis-source cdbs
sudo module-assistant auto-install usb-rndis

Fixed! Now back to SynCE story… We need to install several libraries which are odccm, librra0-tools and librapi2-tools

sudo apt-get install odccm librra0-tools librapi2-tools

Now connect your device and run the following command

synce-pls

IF you can see the lisft of files on your device, your device is successfully connected to your Linux machine.

BUT if it returns you the following error message, you need to install SynCE-GNOME or SynCE-KPM to provide a password prompt on device connect.

. WARNING **: synce_info_from_odccm: Failed to get a connection for <device_name>: Not authenticated, you need to call !ProvidePassword with the correct password. pls: Could not find configuration at path '(Default)'

To start sync your device, you need OpenSync.

sudo apt-get install multisync-tools opensync-plugin-evolution opensync-plugin-synce

Wee..! Your device is ready to sync. Please refer to OpenSync page for tutorial on how to use OpenSync

For the official guide, please visit http://www.synce.org

Xanara Rescue CD – Alpha 1.0

Feb
14

Xanara Rescue CD – Alpha 1.0 has released.

Xanara is a Recovery Live CD based on Ubuntu Linux 6.06 LTS. It is a live Linux distribution that aims specifically at recovery and repair operations on Windows machines but is equally usable for Linux recovery issues after a crash. It provides an easy way to carry out administration tasks on the computer such as creating and editing the partitions of the hard disk. It contains a lot of system utilities. By just booting the CDROM, the users can straight away perform the recovery process without any installations. The kernel supports most of the important file systems even the latest and rarely used like Reiser4, JFS and ext4.

Xanara can perform normal rescue operations like other rescue Linux distributions but it is equipped with 3 brand new applications which are Backup on LAN, Real Server Backup and MySQL Backup.

Alpha 1.0 version still containĀ  a lot of bugs and the 3 brand new rescue applications are not yet installed.