-
Looney Tunables: ld.so library local privilege escalation (CVE-2023-4911)
Recently, Qualsys discovered a vulnerability (a buffer overflow) in the dynamic loader’s processing of the GLIBC_TUNABLES environment variable. Which can result in an escalation from local user access to root. This has been labeled as CVE-2023-4911 Running package updates on your server will address this.
-
Introducing multi-user access for your RimuHosting account
We’ve heard your requests for a way to allow multiple team members to manage your RimuHosting services without sharing login credentials. Today, we’re excited to introduce the first version of this much-anticipated feature. Why Multi-User Access? Imagine you’re a business owner who initially set up the RimuHosting account. Now, you want to delegate day-to-day operations…
-
Jailkit chroots with SFTP and interactive SSH logins
Linux has privileged users and non-privileged users. Privileged users (like root) have a user id less than 1000 and typically have super abilities like being able to listen on low number ports (like the port 80 and 443 for web servers). Privilege separation is a good thing. It is recommended when running websites that the…
-
DNSSec
DNSSec lets domain owners give their registrar a key that permits DNS clients to verify the records they are receiving are valid ones for the zone. This check can help to protect DNS clients getting spoofed records from their ISP name servers. After you enable DNSSec you will need to add a key at your…
-
Server patch tool
Every now and then there is a security issue that has the potential to impact a large number of customers. RimuHosting has created a server patching tool that automates fixing or mitigating a number of these issues for its customers. Automated Schedule-able Web based Permits opt-out per issue Works across different Linux distros
-
PolicyKit security hole
A security problem was recently announced that affects the linux distributions that we support. This is being called “PwnKit” (a.k.a. CVE-2021-4034). Most distributions have provided updates, so now is a good time to check and load outstanding OS security updates for your VPS, using apt for Debian and Ubuntu and yum for CentOS 7 and…
-
Exploits on Webmin 1.8xx and earlier
Developers have just announced the release of Webmin 1.930. This includes some important security fixes. If you have an older Webmin version please update urgently to insure your server remains secure. In particular they described an exploit that is fairly major. Should your install be too old to update, you can fix the bug by…
-
Spectre and Meltdown article roundup
Our team is working on the best approach to secure our customers’ systems against the recently reported Spectre and Meltdown vulnerabilities. Our first step is to understand the problem and its mitigations. This post provides a roundup of discussions and work on the topic with a focus on mitigation for the Xen hypervisor. The vulnerabilities…
-
Kernel 4.14 LTS released
We have added the latest 4.14 kernel to our list of stable kernels for 64bit VPS servers. The 4.14 kernel includes a large number of performance enhancements, including … filesystem io block_mq scheduler improvements new selectable scheduler options for disk io improved cryptographic performance cgroup2 support merged
-
Letsencrypt with Zonomi and Rimuhosting name servers using hooks
SSL is good, you should use it everywhere! Letsencrypt it is a project that allows you to obtain signed certificates for free (you should consider donating though) to secure your website. Big efforts have been done to make this accessible to anyone. In order to issue SSL certificates Certificate Authorities will check that you can control…