Yeah, I’m horrible at keeping up with these things. Of course, life intervenes all the time. Anyway, I’d like to replace this site with something of my own, however, we’ll see how well that goes, lol. Well, check back from time to time, there may be something new here, eventually …
Server Solution: Archlinux
So a few months ago I acquired a new computer and slated the current PC (here and here) I was using at the time for my new server. My old server (as seen in the second link, the tower in the middle) had been running Fedora 9 ever since it’s release, now, that’s an outdated server! I wasn’t too thrilled about this, at all, and in the interim, I had manually installed several packages alongside the system’s. This was done to stay up-to-date with security and bug fixes. As one can imagine, this became a tedious, manual process.
After about a month or two of acquiring my new PC (and being lazy) I finally took the step to make the switch. This was a very tedious process as it involved backing up data on the old server, however, I previously had a nightly backup solution in place on the old server. Migrating data was easy and flawless. The most time consuming part of the entire process was selecting a Linux distribution that would fit my needs and requirements.
I set out and diligently researched multiple distributions and finally chose Archlinux. Why did I not stick with Fedora? Well, that’s simple, I was fed up with their release cycle, besides it’s primarily aimed at Desktop users. Yes, I could’ve kept upgrades down to a minimum and/or used yum, however, there are issues with both of those scenarios.
So Archlinux it was. It took me sometime to get familiar with the system (it doesn’t differ that much from most *nix distros). However, I had to learn a completely new (but very familiar) packaging system. After working some minor issues I encountered, I was on my way to achieving greatness 
I’ve come to love Archlinux as a server solution. Majority of the third party software I utilize (web server, php, mysql, etc) are all now maintained via pacman (a bit like rpm) and, if there’s a third party software that’s not available via one of the repos, there’s the AUR (Archlinux User Repository). People contribute to the AUR often and to be honest, creating your own package is not that complicated and is fairly straight-forward.
One of the things I love about Arch is the mere fact that it’s a rolling release distribution, where you install once and simply upgrade via the package manager. Now, kernel updates are a bit different, however, there is always ksplice, I’ll get into ksplice in another post as it’s out of the scope of this article. Also, package updates happen frequently, meaning that when, say Apache releases a new version, Arch doesn’t hesitate (to an extent, testing and etc are involved before pushing out a package) to push out the upgrade.
Well, that’s enough ranting about Arch, look for more posts for cover specific topics for Arch.
Brief Update
Well it’s a been a while since I’ve last posted anything, sorry about that. I doubt there are many followers, if any at all. The statistics reveal very low numbers, however, it doesn’t bother me one bit. If I had more time to manage this blog and actually keep it up-to-date, I would.
But we all know that real life comes into play regarding time management. We all have priorities, responsibilities, girlfriends, jobs and bills. Unfortunately, our hobbies suffer significant neglect and it’s sad at times. However, we are all lazy to an extent and I feel that has an impact as well
Anyway, enough ranting .. time to post some real information
Echelon4 Migration complete
It is now complete. All the details are available here.
Please note that both addresses for the IRC server work, irc.nixsecurity.org and nixsec.echelon4.net will do. Thanks to extern for all of his hard work!
Unrealircd 3.2.8.1 might contain a backdoor! IRC administrator be aware.
It seems that the Unreal team had some mirrored files replaced with a backdoored version of their IRC daemon. If you run an IRC server, please be sure to read the article and fix this as soon as possible.
Good thing that the Unreal team provided help to fix the problem, here it is: (direct link here)
Some versions of Unreal3.2.8.1.tar.gz contain a backdoor
by Syzop on Sat Jun 12, 2010 9:17 am
Hi all,
This is very embarrassing…
We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it.
This backdoor allows a person to execute ANY command with the privileges of the user running the ircd. The backdoor can be executed regardless of any user
restrictions (so even if you have passworded server or hub that doesn’t allow any users in).It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now.
Obviously, this is a very serious issue, and we’re taking precautions so this will never happen again, and if it somehow does that it will be noticed quickly.
We will also re-implement PGP/GPG signing of releases. Even though in practice (very) few people verify files, it will still be useful for those people who do.Safe versions
==============The Windows (SSL and non-ssl) versions are NOT affected.
CVS is also not affected.
3.2.8 and any earlier versions are not affected.
Any Unreal3.2.8.1.tar.gz downloaded BEFORE November 10 2009 should be safe, but you should really double-check, see next.
How to check if you’re running the backdoored version
======================================================
Two ways:One is to check if the Unreal3.2.8.1.tar.gz you have is good or bad by running ‘md5sum Unreal3.2.8.1.tar.gz’ on it.
Backdoored version (BAD) is: 752e46f2d873c1679fa99de3f52a274d
Official version (GOOD) is: 7b741e94e867c0a7370553fd01506c66The other way is to run this command in your Unreal3.2 directory:
grep DEBUG3_DOLOG_SYSTEM include/struct.h
If it outputs two lines, then you’re running the backdoored/trojanized version.
If it outputs nothing, then you’re safe and there’s nothing to do.What to do if you’re running the backdoored version
====================================================
Obviously, you only need to do this if you checked you are indeed running the backdoored version, as mentioned above.
Otherwise there’s no point in continuing, as the version on our website is (now back) the good one from April 13 2009 and nothing ‘new’.Solution:
* Re-download from http://www.unrealircd.com/
* Verify MD5 (or SHA1) checksums, see next section (!)
* Recompile and restart UnrealIRCdThe backdoor is in the core, it is not possible to ‘clean’ UnrealIRCd without a restart or through a module.
How to verify that the release is the official version
=======================================================
You can check by running ‘md5sum Unreal3.2.8.1.tar.gz’, it should output:
7b741e94e867c0a7370553fd01506c66 Unreal3.2.8.1.tar.gzFor reference, here are the md5sums for ALL proper files:
7b741e94e867c0a7370553fd01506c66 Unreal3.2.8.1.tar.gz
5a6941385cd04f19d9f4241e5c912d18 Unreal3.2.8.1.exe
a54eafa6861b6219f4f28451450cdbd3 Unreal3.2.8.1-SSL.exeThese are the EXACT same MD5sums as mentioned on April 13 2009 in the initial 3.2.8.1 announcement to the unreal-notify and unreal-users mailing list.
<http://sourceforge.net/mailarchive/forum.php?thread_name=49E341E0.3000702%40vulnscan.org&forum_name=unreal-notify>Finally
========
Again, I would like to apologize about this security breach.
We simply did not notice, but should have.
We did not check the files on all mirrors regularly, but should have.
We did not sign releases through PGP/GPG, but should have done so.This advisory (and updates to it, if any) is posted to:
http://www.unrealircd.com/txt/unrealsec … 100612.txtHope you’ll all continue to support UnrealIRCd.
So be sure to check all details! And clear your box if you have too!
UnrealIRCd Log Patch
Hey there,
Waser recently pointed out that UnrealIRCd’s log directive in the unrealircd.conf configuration file is lacking. He also pointed out that any log file configured in unrealircd.conf doesn’t save the original log file before rotating to the new one. My guess for the latter is that log rotation should be handled via the logrotate utility or some other means, however, I disagree.
I completely understand the reasoning behind this but I think it would’ve been nice to automatically save the original log file, instead of completely truncating it. I also feel that the log directive should be a bit more configurable.
Therefore this patch was conceived and I’m releasing it to the public as-is. I’ve added a new option for the log directive, savepath, and now, when log files reach their maxsize, instead of losing the original log file, it’s now saved as log-filename.log.YYYYMMDDHHMM (e.g.; ircd.log.YYYYMMDDHHMM). The original log file will be saved to either the current directory the log file resides in or, if the savepath is defined, the IRCd will attempt to save it there, however, if it can’t, it’ll be saved in the current directory the log file resides in.
There’s an example unrealircd.conf in the tarball along with a README and the necessary patches. You’ll need to recompile the IRCd once the files have been patched. Originally, I wanted to write a module but given time constraints to learn the API and find in-depth documentation, I simply modified UnrealIRCd itself.
This code is released under no license, therefore I take no responsibility/liability for any mishaps (there should be none) that this may cause. The patch is provided as-is.
However, if you find bugs, have suggestions, comments, etc, feel free to drop by irc.nixsecurity.org and join #php.
Enjoy.
Fedora 13 is out!!
Yup the new version of the popular linux distribution is out!
You can grab it on their website right away! Download it, distribute it, use it, be free!
Steam Linux Client soon to be released?
Can it be possible? Maybe. But let’s not celebrate too soon. Indeed it is a great thing, and the future of linux gaming is now so much brighter. We will need to see how it turns out.
Here is the article about that.
It is worth a read. Can’t wait to play Half-Life 2 and Portal on my Linux box!
Microsoft Refuses To Patch Rootkit-Compromised XP Machines
In the news today:
"Microsoft has revealed that its latest round of patches won’t install on XP machines if they’re infected with a rootkit. In February, a security patch left some XP users complaining of endless reboots and Blue Screens of Death. An investigation followed and Microsoft discovered the problems occurred on machines infected with the Alureon rootkit, which interacted badly with patch KB977165 for the Windows kernel. Now Microsoft is blocking PCs with the rootkit from receiving its new patches. ‘This security update includes package-detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systems,’ Microsoft cautions in the patch notes."
Openssl 1.0 released!!
For all of you who think security matters, well here it is: version 1.0 of Openssl. If you run an older version, we recommend updating your software. This is a great step forward a more stable tool (but it was already really stable) for all of us. Of course, it is free to use and enjoy.
So have fun, and update!