Linux 再爆 root 帐号提权漏洞

 Linux/Unix相关  没有评论 »
12月 102010
 

系统安全高手Dan Rosenberg 发布了一段 C 程序, 这段200多行的程序利用了 Linux Econet 协议的3个安全漏洞,可以导致本地帐号对系统进行拒绝服务或特权提升,也就是说一个普通用户可以通过运行这段程序后轻松获得 root shell,以下在 update 过的 Ubuntu 10.04 Server LTS 上测试通过:

$ sudo apt-get update
$ sudo apt-get upgrade

$ uname -r
2.6.32-21-server

$ gcc full-nelson.c -o full-nelson
$ ./full-nelson[*] Resolving kernel addresses…
[+] Resolved econet_ioctl to 0xffffffffa0131510
[+] Resolved econet_ops to 0xffffffffa0131600
[+] Resolved commit_creds to 0xffffffff8108b820
[+] Resolved prepare_kernel_cred to 0xffffffff8108bc00
[*] Calculating target…
[*] Failed to set Econet address.
[*] Triggering payload…
[*] Got root!#

由于 RHEL/CentOS 默认不支持 Econet 协议,所以测试没有通过:
# yum update

$ uname -r
2.6.18-194.26.1.el5

$ gcc full-nelson.c -o full-nelson
$ ./full-nelson
[*] Failed to open file descriptors.

如果在企业环境用 Ubuntu 的话可能会比较杯具了 Continue reading »

Guide to OpenVas on Ubuntu 9.04

 Linux/Unix相关  没有评论 »
9月 182010
 

26. JUN, 2009 CATEGORIES: TOOLS BY ADMIN VIEW COMMENTS

This guide is the second in a 3 part series. Part 1 covers the Installation of Nessus 4 on the Jaunty Jackalope – Ubuntu 9.04. Part 2 is the installation of OpenVas 2 on Ubuntu 9.04 and Part 3 will be a show down between the two vulnerability scanners. A full review with comparison scan results from a number of sample systems. Nessus is a commercial product from Tenable while OpenVas is an open source product that branched from the original Nessus open source project releasing version 1.0 in August 2008.

This guide will cover the installation of the following OpenVas components on Ubuntu 9.04 (Jaunty Jackalope). While specific to 64bit, other versions of Ubuntu should have no trouble with the following steps. Continue reading »

Upgrade for Ubuntu Servers from 8.04LTS to 10.04LTS

 Linux/Unix相关  没有评论 »
5月 112010
 

Network Upgrade for Ubuntu Servers (Recommended)

1. Install update-manager-core if it is not already installed:
sudo apt-get install update-manager-core

2. edit /etc/update-manager/release-upgrades and set Prompt=lts
# default behavior for the release upgrader
#

[DEFAULT]
# default prompting behavior, valid options:
# never – never prompt for a new distribution version
# normal – prompt if a new version of the distribution is available
# lts – prompt only if a LTS version of the distribution is available
Prompt=lts
Continue reading »

Ubuntu 7.10 Server 安装基于postfix的邮件系统

 Email 邮件系统  没有评论 »
4月 042010
 

首先安装好 apache2 ,php,phpmyadmin等基本服务。

1.sudo apt-get install apache2 libapache2-mod-php5 php5 php5-gd mysql-server php5-mysql phpmyadmin

哈哈,一气呵成。

以我安装mail.ipbfans.org的邮件服务为例,先安装软件:

sudo apt-get install postfix postfix-mysql courier-authdaemon courier-authlib-mysql courier-imap courier-imap-ssl courier-pop courier-pop-ssl sasl2-bin libsasl2-2 libsasl2-modules libsasl2-modules-sql

安装过程中需要回答以下问题:

Create directories for web-based administration ? 否
General type of mail configuration: Internet Site
System mail name: <你的主机名>
其中ubuntu会根据你输入的这个主机名来生成ssl证书。安装完毕以后可以用以下命令测试postfix的安装: Continue reading »

FreeBSD make mirror server configuration

 Linux/Unix相关  没有评论 »
3月 222008
 

# edit /etc/make. conf


MASTER_SITE_BACKUP?=ftp://ftp.freebsdchina.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/ \
ftp://ftp.cn.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/ \
ftp://ftp.tw.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/ \
ftp://ftp.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP}

原来下面两个域名指向同一个ip,添加其中一个就可以了.(更新:发现在第一个域名下找不到的文件,在第二个域名下竟然说找到了.所以还是两个都加上)
61.129.66.49 ftp://ftp.freebsdchina.org
61.126.66.49 ftp://ftp.cn.freebsd.org