I found this on redhat.com the other day….

It is now possible to limit yum to install security updates only. To do so, simply install the yum-security plugin and run the following command:

yum update –security

Hopefully this will allow fedora users to have the option of running a “stable” install

This is interesting….

ITN - Man arrested for stealing broadband

A man who was spotted in the street using his laptop to access an unsecured wireless connection has been arrested.

The 39-year-old man was seen sitting on a wall outside a home in Chiswick, west London, by two community support officers.
Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act

When questioned he admitted using the owner’s unsecured wireless internet connection without permission and was arrested on suspicion of stealing a wireless broadband connection.

I found this by accident, but thought it was useful to take a note as my regular expression knowledge is basic to say the least…


function ValidateEmail($e,$v=-1) {
global $verbose;
/*
Return codes:
0: appears to be a valid email
1: didn't match pattern of a valid email
*/
if ($v==-1) { $v=$verbose; }
if (!preg_match("/^[a-z0-9.+-_]+@([a-z0-9-]+(.[a-z0-9-]+)+)$/i”, $e, $grab)) {
return 1;
}
return 0;
}


Usage is simple….


if(!(empty($_POST['email']))){
$email = ValidateEmail($_POST['email'],$v=-1);
}
// check E-Mail Syntax
if ($email == 1) {
echo “Incorrect Email Address Submitted.
“;
}


Thanks Shane Marriott

I saw this on planet fedora and thought I’d post it,

GNOME Password Generator is now back as a Fedora package.

Reference: Debarshi’s den - gnome-password-generator@fedoraproject.org

It’ll be nice to have an alternative to this perfect password generator as we’re not always online are we

One of the interesting things about ASA’s is the fact that it supports running two OSPF Processes. This was a great decision by cisco, if a business has two different OSPF domains the chances are they are owned by two separate parts of the business, so where would be a better place to put a firewall?

The holy grail of computing is security and performance, it’s all well and good having the most secure system in the world, but if it’s rubbish at doing the job it’s supposed to do then you’ve kinda missed the point. Tools like psad and denyhosts provide excellent security, but to do so actively use resource. Let’s take the example of a mail server, if some unsociable person starts heavily scanning your machine, and the above two applications slow down the delivery of mail, your users won’t be happy. That’s where “nice” comes into effect; nice allows you to add priorities to the applications that are important to you. Now I hear what you’re saying, psad and denyhosts are so light how could they possibly consume resource ? So let’s look at a real world example….

I’ve posted about the popularity or wordpress having a negative effect before. Here I pointed out only days after a security bug being patched by the WP Team, an exploit was freely available….. the up-shot being that we’ve only days to respond and patch our blogs (this could be a real problem should we dare to take a holiday ! )

The thing is, the problem appears to be getting worse, now plug-in exploits [1] [2] [3] are being posted, this is worse because many of us use a lot of plug-ins and without some kind of updating mechanism it’s difficult to stay onto of patching.

Whilst doing some routine maintenance, I noticed that I never published the rkhunter rpm I built, the software is officially supported at rootkit.nl but for ease I wanted a yum available rpm

Following a request I’ve rebuilt a later tripwire rpm (2.4.1.1); I think at this point it would be prudent to point out that the rpms found here are not maintained, and I do not offer any kind of support - you use them at your own risk - but you’re welcome to make requests !

tripwire-2.4.1.1-1.i386.rpm

My Yum repo has also been updated, config file here

If you look after a remote linux box, the chances are you use SSH, in order to connect to it you may even have to leave PORT 22 open to the whole Internet !

There are some basic security steps that you can do to protect SSH, such as block the root user from logging in, and force users to use STRONG authentication.

Just Found this,

heise Security - News - Fooling Cisco’s NAC network access control

Security experts at the Black Hat conference in Amsterdam have demonstrated how Cisco’s NAC network access control can be fooled. In a live demonstration using a modified Trust Agent, Michael Thumann and Dror-John Röcher from ERNW were able to gain full access to an NAC protected network using a computer which did not comply with network policies.

Although it was obvious that hackers would target the the Trust Agent, it’s interesting to read a sucess story.

Following yesterdays security announcement for wordpress, a freely available exploit has been published on milw0rm. What this means is… if you haven’t upgraded DO IT NOW, as the amount of attacks will go up very quickly.

If you look through the exploit you can see that it takes advantage of existing user accounts, so a further security option can be to disable the “anyone can register” option… within wordpress admin, click options -> general and “untick” the box. (If it is on and you don’t need it)

I think it’s safe to say, if you can’t get something to work then the manual is rubbish or the user is stupid, with setting up snmp v3 on linux, the user is me, so the fault is probably lies there.

SNMPv3 moves away from the community string idea from older version, and into a username & password combo. The correct tool for creating users is snmpusm, but no matter how many times I read the man page I can’t work it out. I get that you copy a user from the initial user, but how do you create the initial user ? If I try on my box I just get an “snmp timeout” error.

It’s been a while since I’ve been up close & personal with a nokia firewall , but recently I’ve needed to play.

The first thing I noticed was that the console cable has changed, now let’s not focus too much on the design floor where by you can’t actually get your fingers in properly to release the cable, but at least they got rid of the db9 type, serial thing that kept breaking.

The good news is, looking at the cable colours you can see that the cables are roll over cables - exactly the same as cisco use - great ! One less thing to carry around in the laptop bag

November was a slow posting month, the reason being that I’m working on a rather time consuming project, one of the areas I’ve had to focus on again is Linux Security.

Security goes on and on forever, you can do as much or as little as you deem necessary, too much will consume resources*, too little opens you up to attack; this article talks about some steps I take, be advised tho’ this will generate a load of e-mails, and if you’re not going to read them why bother implementing them.