Category Archives: Linux

CRON, CRONTAB, and Cobwebs

I found myself today working on my main SYSLOG server, which runs Linux (CentOS to be exact). I needed to change some startup scripts and update my CRONTAB entries. Note…CRONTAB is the process which will automatically run commands and scripts whenever you want it to…it can handle a lot of work when you are not around.

However, it has been a long time since I last worked with CRON and CRONTAB, and I needed to clear out some old cobwebs in the brain and refresh my memory on how all of this worked. I found a really good webpage that had some great explanations and examples for CRON and CRONTAB, and I was able to quickly get my changes completed and tested.

Check it out when you have a chance:  https://www.pantz.org/software/cron/croninfo.html

And remember, if you need to test your SYSLOG server, check out SYSLOGGEN.

Enjoy!

GLIBC getaddrinfo Vulnerability in Linux Systems

A pair of Google researchers recently released a vulnerability report on the GLIBC function “getaddrinfo”, which if exploited, could crash the system or even give a hacker command line control. (Yikes!!) MANY Linux systems are vulnerable to this so please patch your systems quickly. GLIBC packages affected by this are versions 2.9 and newer…2.9 was released way back in 2008, so you can see that the size of the affected systems is huge! Note…”getaddrinfo” is used by systems in resolving DNS names to an IP address. Talk about important…right??

To see what version of GLIBC you are using, simply run the command:  ldd –version

Here is an example from one of my test Linux systems at work…

Example of affected GLIBC package

Example of affected GLIBC package

As you can see, this system is running version 2.10.1 of GLIBC and needs to be patched. For CentOS (which I’m running), you can obtain a more detailed listing about GLIBC this way…

GLIBC info from my CentOS system

GLIBC info from my CentOS system

Most Linux distributors have patches ready to fix the issue, so running the appropriate update commands should take care of things. For CentOS, just run “yum update” and it will grab the fix and apply it…a reboot of your system will be required.

Related links…
Google announcement
SANS InfoSec Post

Killing Those Pesky Child Processes in Linux

Linux is awesome! It is solid and dependable, and you can do most anything you want with it. I use it everyday…for Network management purposes mainly (Nagios, MRTG, SWATCH, SYSLOG, NMAP, etc). If you have not used Linux yet, I would highly encourage you to do so. I will post a feature on Linux soon on how Linux can play a large role in helping you manage your network. But for now, lets kill some pesky child processes.

Although I use Linux a lot, I am in no way a Linux guru. I write simple scripts and hack my way through stuff. However, when I kill a process, I sometimes find one or more child processes that remain. So I researched different ways to take care of these, and there are many ways to accomplish this. For me, this works best…

To help troubleshoot an ISP issue with one of my Internet fiber links, I’m running a ping against the public IP address on a per second basis (very granular), and adding a time/date stamp to each ping reply.  Here is the script…(IP address has been changed to protect the guilty)…

Simple Ping Script with Date/Time Stamp

Simple Ping Script with Date/Time Stamp

Here is a snippet from the log file showing what the ping replies look like…

Ping results from log file

Ping results from log file

When I’m notified of a network bounce, I’m able to dig through the file and see if the Internet circuit did indeed take a hit, or was it just my Virtual Tunnel interface bouncing. Here is an example showing an outage that lasted a bit over 2 minutes…take a look at the timestamp and also the gap in the sequence numbers…

Quick circuit outage lasting a bit over 2 minutes

Quick circuit outage lasting a bit over 2 minutes

Anyway, when I kill the script, I am ending up with two child processes remaining. I found out that I need to kill the PGID (Process Group ID) to properly take care of any child processes. To find the PGID, you can run “ps -ejH”, which shows you a process tree where you can find the PGID (in column two). Then you can kill the PGID using “kill — -PGID”. Here is an example…

Finding the PGID and killing it

Finding the PGID and killing it

This works well for me. And as for Linux, give it a try.

Security – The BASH Bug Gives Us Shellshock

Oh dear…here we go again. And this one is a biggie! (If you only use Windows systems and servers, then you are probably not vulnerable to this. You can sit back and watch all us Linux/UNIX people squirm…which you don’t get to do very often!!)

A vulnerability has been found in the BASH shell, which runs on most Linux/UNIX systems. And when I say most, I mean LOTS of systems. Known as Shellshock, some believe this will end up being worse than Heartbleed. And that’s saying a lot. To stay up to date on this issue I would recommend several things…

Visit SANS Internet Storm Center at:  https://isc.sans.edu   They have a number of detailed articles concerning Shellshock and mitigation procedures.

I would also visit the main websites of whatever flavor Linux distro you are using, such as www.centos.org. They will also have updated information for mitigation and testing.

For an example, I use CentOS on several systems. Patching them was rather simple…just run “yum update bash”…

BASH update example on CentOS

BASH update example on CentOS

Note: Further testing has revealed that the initial patches have not completely solved the problem, although they have helped. Don’t just run this quick update and think you are done. Stay updated on this issue as noted above…network security is a constant vigil.