Linux

How to prevent unprivileged users from viewing dmesg command output on Linux – nixCraft

https://www.cyberciti.biz/faq/how-to-prevent-unprivileged-users-from-viewing-dmesg-command-output-on-linux/ One can use dmesg command see or control the kernel ring buffer.  The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses.  There is an option that prevents unprivileged users from reading the syslog. sudo sysctl -w kernel.dmesg_restrict=1

New level of automation with Ansible – RHD Blog

https://developers.redhat.com/blog/2017/06/07/new-level-of-automation-with-ansible/?sc_cid=7016000000127ECAAY Ansible is a simple agent-less automation tool that has changed the world for the better. It has many use cases and wide adoption. This article is going to demonstrate Ansible. The intention of this article is not to teach you the basics of Ansible, but to motivate you to learn it. Shell has been the comfort zone of

​Why you must patch the new Linux sudo security hole | ZDNet

http://www.zdnet.com/article/why-you-must-patch-the-new-linux-sudo-security-hole/ Ironically, only the most secure Linux server setups are vulnerable to this newly discovered hole. If you want your Linux server to be really secure, you defend it with SELinux. Many sysadmins don’t bother because SELinux can be difficult to set up. This makes the newly discovered Linux security hole — with the sudo command that only hits

Thin Client Market Embraces Raspberry Pi | Linux.com

https://www.linux.com/news/event/open-source-summit-na/2017/5/thin-client-market-embraces-raspberry-pi Is the Raspberry Pi ready to take over the low-end thin client market? This week, NComputing unveiled the RX-HDX, its second Raspberry Pi based thin client. In addition, ViewSonic announced a software upgrade for the Pi-based SC-T25 thin client that it announced last year. The future of thin clients — low-cost, remotely managed virtual client

It’s not just Windows anymore: Samba has a major SMB bug | ZDNet

http://www.zdnet.com/article/its-not-just-windows-anymore-samba-has-a-major-smb-bug/ The other week, Microsoft got its security teeth kicked in when an old SMB security hole was exploited by the WannaCry ransomware attack. This week, it’s the turn of Samba, the popular open-source SMB server. Like the WannaCry security hole, the good news is the Samba file-sharing bug has already been fixed. The bad news is you

An introduction to Linux’s EXT4 filesystem | Opensource.com

https://opensource.com/article/17/5/introduction-ext4-filesystem?sc_cid=7016000000127ECAAY The EXT4 filesystem primarily improves performance, reliability, and capacity. To improve reliability, metadata and journal checksums were added. To meet various mission-critical requirements, the filesystem timestamps were improved with the addition of intervals down to nanoseconds. The addition of two high-order bits in the timestamp field defers the Year 2038 problem until 2446—for EXT4 filesystems, at least.

Fight ransomware: Run Windows in Linux as a virtual machine

http://www.pcworld.com/article/3197628/linux/fight-ransomware-by-running-windows-in-linux-as-a-virtual-machine.html Running Windows as a virtual machine in Linux may seems like unnecessary work until something like the Wannacry ransomware scare comes along.  Despite its headaches, desktop Linux rarely is the target of malware. (When it is, it can generally present a smaller attack surface.)  And if you need to run applications in Windows, run

It takes more than a Circuit Breaker to create a resilient application – RHD Blog

https://developers.redhat.com/blog/2017/05/16/it-takes-more-than-a-circuit-breaker-to-create-a-resilient-application/?sc_cid=7016000000127ECAAY Topics such as application resiliency, self-healing, antifragility are area of interest for many. This article is trying to distinguish, define, and visualize these concepts, and create solutions with these characteristics. So what does a typical resiliency pitch look like: use timeouts, isolate in bulkheads, and of course apply the circuit breaker pattern. I agree with all

Managing passwords and security on your Linux server | Opensource.com

https://opensource.com/business/16/6/managing-passwords-security-linux?sc_cid=7016000000127ECAAY Managing password and security related issues in Linux is important, but there are some simple steps you can take to make your system more secure.  We’ve seen that there can be a large number of attempts to log on to a publicly accessible system. So, what can we do? There are a few things