-
Looney Tunables: ld.so library local privilege escalation (CVE-2023-4911)
Recently, Qualsys discovered a vulnerability (a buffer overflow) in the dynamic loader’s processing of the GLIBC_TUNABLES environment variable. Which can result in an escalation from local user access to root. This has been labeled as CVE-2023-4911 Running package updates on your server will address this.
-
Worried about privacy on public meeting apps? Try Big Blue Button
Recently its come to light that Zoom were keeping video footage of meetings in their T&C. The Software Freedom Conservency calls on its members to eschew Zoom and instead use Open Source (and self-hosted) alternatives. If you are a company and want something a little more secure, that works easily with a nice web interface,…
-
Jailkit chroots with SFTP and interactive SSH logins
Linux has privileged users and non-privileged users. Privileged users (like root) have a user id less than 1000 and typically have super abilities like being able to listen on low number ports (like the port 80 and 443 for web servers). Privilege separation is a good thing. It is recommended when running websites that the…
-
CentOS Stream, RockyLinux and Alma Linux
Recently CentOS8 reached its supported end-of-life for security updates. For a number of reasons there will effectively be no more stable releases of CentOS 8 or later. Instead developers are being encouraged to look at CentOS Stream as a future proof option for elX based platforms. This is quite similar to how Gentoo and more…
-
Unknown Password Change – diagnostics
Often numerous people have access to an account, developers, owners, system administrators. Occasionally they do things, they maybe shouldn’t – like changing the password – leaving all other people in the loop out. When this happens its always good to make sure that you know who changed that password – because if it was not…
-
LCA2019 round up
Every year the staff at Rimu look forward to the latest Linux.conf.au conference. Some of us go in person, some watch online, but we all love it, and love to catch up with whats going on. This year it was in Christchurch and Juan and I (Liz) went down to attend in person. CULTURE Christchurch…
-
Spectre and Meltdown article roundup
Our team is working on the best approach to secure our customers’ systems against the recently reported Spectre and Meltdown vulnerabilities. Our first step is to understand the problem and its mitigations. This post provides a roundup of discussions and work on the topic with a focus on mitigation for the Xen hypervisor. The vulnerabilities…
-
Using Ansible to manage your VPSs – Part One
Ansible is a system to automate the updating of server configurations and other administration tasks. In this post I’ll explain what’s necessary to get started with Ansible, creating a configuration structure, telling Ansble about your hosts and running ad-hock commands on multiple hosts. Ansible is useful when you have 3 or more VPSs and need…
-
LXD containers now available for Ubuntu
The latest Ubuntu LTS release, Xenial 16.04 , comes with support for a container system called LXD. LXD builds on the existing LXC container system, allowing for more convenient management of those containers. In this post I show how you can test out LXD containers on a Rimu VPS running Ubuntu 16.04. I assume you…
-
Install ownCloud on a Rimu VPS
Owncloud is a popular file storage and synchronization system, with many additional features available for it. It’s a self-hosted alternative to systems like dropbox, but with owncloud your files are stored on your own servers. This allows you to meet requirements to keep data in a certain jurisdiction, for example, or it might give you…