Wednesday, January 18, 2017

SMB Security Best Practices by US-Cert

Taken from  SMB Security Best Practices

US-CERT recommends that users and administrators consider:
  • disabling SMB v1 and
  • blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547 (link is external) and 204279 (link is external)

Monday, January 16, 2017

Unable to spin down CD-ROM

I have an interesting issues today. My CD-ROM fail to spin down and there is a faulty disk inside the CD-ROM.

Inside the /var/log/messages
Buffer I/O error on device sr0, logical block 0 Error

There is no way you can un-mount the CDROM by the tradtional umount /dev/sr0. If you do a
# ps -afe|grep sr0
user1   11061  9280  0 12:43 pts/0 /sbin/blkid -o udev -p -u noraid /dev/sr0

To do a quick resolve, you can kill the process ID associated with /sbin/blkid -o udev -u noraid /dev/sr0
# kill -9 11061

The CD-ROM should stop spinning

Tuesday, January 3, 2017

Creating a Local Directory Repository to act like a local media for CentOS 6

Just say you wants a local Directory Repository to act like a local media. This happens when you wish to do yum local install from a directory of RPMs only instead of pulling directly from Internet repository.

1. At /etc/yum.repos.d/, create a local repo, something like

# vim /etc/yum.repos.d/local.repo

2. Inside the /etc/yum.repos.d/local.repo,

[myrepo]
name=My Local Repo
baseurl=file:///home/user1/RPM
enabled=1
gpgcheck=0

One more thing you may want to know is that the RPMs from the CentOS Disks including repomd.xml be copied into /home/user1/RPM

3. Disabled the rest of the Repo. For example,
# yum-config-manager --disable rpmforge

4. The Yum will pull from the enabled Repository only.

Saturday, December 31, 2016

Security Alert - Switcher Android Trojan Targets Wireless Routers

The Switcher Android Trojan uses infected Android devices to attack wireless routers by performing brute force attacks on the routers’ admin web interfaces. If the attacks succeed, Switcher hijacks the Domain Name Server (DNS) by changing the IP addresses of the DNS servers in the router settings and then reroutes all DNS queries to the attackers’ servers.  As a result, Switcher is able to redirect all connected users to malicious IP addresses when they enter legitimate domain addresses, thereby exposing them to a broad range of attacks including phishing and malware infection.

There is currently no indication of Switcher infection in Singapore. However, Singapore users should nevertheless adopt the necessary preventive measures to avoid potential infection.

References
  1. "Switcher" Android Trojan Hacks Routers, Hijacks Traffic

Tuesday, December 20, 2016

Compiling glibc-2.14 on CentOS 6

Step 1: Download glibc-2.14 from GNU Site
# wget http://ftp.gnu.org/gnu/glibc/glibc-2.14.tar.gz

Step 2: Untar and Preparation
# tar zxvf glibc-2.14.tar.gz
# cd glibc-2.14
# mkdir build
# cd build

Step 3: Compile and install
# ../configure --prefix=/usr/local/glibc-2.14
# make -j8
# make install