Archive for the ‘Security’ Category

sudo apt update
sudo apt install git
cd
rm -rf spectre-meltdown-checker
git clone https://github.com/speed47/spectre-meltdown-checker.git
cd spectre-meltdown-checker
chmod +x spectre-meltdown-checker.sh
sudo ./spectre-meltdown-checker.sh

grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched :)" || echo "unpatched :("
grep cpu_insecure /proc/cpuinfo && echo "patched :)" || echo "unpatched :("
dmesg | grep "Kernel/User page tables isolation: enabled" && echo "patched :)" || echo "unpatched :("
uname -a
Advertisements
#############################################################################################################################
# Procedure for installing ReactOS in stand-alone HVM in Qubes OS 3.2
#############################################################################################################################
# Prerequisites: Qubes OS 3.2, PC with at least 4 GB of RAM
#############################################################################################################################
# In dom0, first create a stand-alone HVM called reactos using this command:
qvm-create -H -m 1024 --label=blue reactos
#############################################################################################################################
# Inside AppVM <name_of_AppVM> in Qubes OS 3.2, download following compressed ReactOS installation iso file to /tmp directory:
cd /tmp; wget https://iso.reactos.org/bootcd/reactos-bootcd-0.4.8-dev-99-g23bc0b5-x86-gcc-lin-dbg.7z
# decompress .7z file using unp or another tool that can decompress 7zip files:
unp /tmp/reactos-bootcd-0.4.8-dev-99-g23bc0b5-x86-gcc-lin-dbg.7z
mv /tmp/reactos-bootcd-0.4.8-dev-99-g23bc0b5-x86-gcc-lin-dbg.iso /tmp/reactos.iso
#############################################################################################################################
# in dom0, run this command, replacing <name_of_AppVM> with actual name of AppVM where ReactOS .iso image was downloaded:
qvm-start reactOS --cdrom <name_of_AppVM>:/tmp/reactos.iso
# Keep VESA display resolution at 800x600x32 during install to avoid boot issues later on
# Make sure to select the optimal keyboard layout settings for your country and keyboard
#############################################################################################################################
# To increase the security of the ReactOS HVM, apply following firewall settings to the reactos HVM:
# Deny all network access,except for DNS queries, https via tcp and http via tcp
#############################################################################################################################
# !!! Do NOT manually install any Windows PV drivers from xenproject.org, as it will cause boot errors in the ReactOS HVM !!!
#############################################################################################################################
# Issues:
############################################################################################################################# 
# Sound output not working
# Mouse tracking issue where mouse pointer position is not synchronized with Dom0 mouse pointer
# Excessive CPU usage when using newest Opera web browser, but Youtube works using Opera and 4 virtual CPU cores
# Mozilla Firefox crashes when trying to access Youtube website (severe bug)
# Install of Windows PV drivers from xenproject.org within reactos HVM -> causes boot errors in ReactOS HVM -> so don't do it
# Choosing a lower RAM setting than 1024 MB for the ReactOS HVM or choosing a screen resolution higher than 800x600x32 
# during install may cause ReactOS to fail to boot or show any icons on the desktop
# Only attempt to increase screen resolution via ReactOS control panel (not any other way) after install is finished
# Etc...
#############################################################################################################################
# enable new Quad9 (9.9.9.9) DNS and DNSSEC service 
# in Ubuntu 17.10 64-bit using a bash shell script
sudo apt purge unbound
LogTime=$(date '+%Y-%m-%d_%Hh%Mm%Ss')
cp /etc/resolv.conf $HOME/resolv.conf_$LogTime
cp /etc/nsswitch.conf $HOME/nsswitch.conf_$LogTime
cp /etc/systemd/resolved.conf $HOME/resolved.conf_$LogTime

sudo service resolvconf stop
sudo update-rc.d resolvconf remove
cp /etc/resolv.conf /tmp/resolv.conf
grep -v nameserver /tmp/resolv.conf > /tmp/resolv.conf.1
echo 'nameserver 9.9.9.9' >> /tmp/resolv.conf.1
sudo cp /tmp/resolv.conf.1 /etc/resolv.conf
sudo service resolvconf start

# enable systemd caching DNS resolver
rm /tmp/nsswitch.conf
rm /tmp/nsswitch.conf.1
cp /etc/nsswitch.conf /tmp/nsswitch.conf
grep -v hosts /tmp/nsswitch.conf > /tmp/nsswitch.conf.1
# dns must be mentioned in next line, or else wget does not work
echo 'hosts: files mdns4_minimal [NOTFOUND=return] resolv dns myhostname mymachines' >> /tmp/nsswitch.conf.1
sudo cp /tmp/nsswitch.conf.1 /etc/nsswitch.conf

# set DNS server to 9.9.9.9
rm /tmp/resolved.conf
rm /tmp/resolved.conf.1
cp /etc/systemd/resolved.conf /tmp/resolved.conf
grep -v DNS /tmp/resolved.conf > /tmp/resolved.conf.1
# enable new Quad9 (9.9.9.9) DNS and DNSSEC service
# https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/
echo 'DNS=9.9.9.9' >> /tmp/resolved.conf.1
echo 'DNSSEC=yes' >> /tmp/resolved.conf.1
sudo cp /tmp/resolved.conf.1 /etc/systemd/resolved.conf
sudo systemd-resolve --flush-caches
sudo systemctl restart systemd-resolved
sudo systemd-resolve --flush-caches
sudo systemd-resolve --status

# It is probably also necessary to manually set
# the DNS server to 9.9.9.9 in the router's configuration
# and in the NetworkManager GUI

# test DNSSEC validation using dig command-line tool and using DNS server 9.9.9.9:
# see: https://docs.menandmice.com/display/MM/How+to+test+DNSSEC+validation
dig pir.org +dnssec +multi
cd
sudo apt update
sudo apt install cmake build-essential
sudo apt install checkinstall git
sudo apt remove hashcat
sudo apt build-dep hashcat
sudo rm -rf hashcat/
git clone https://github.com/hashcat/hashcat.git
cd hashcat
git submodule update --init
sudo make
sudo checkinstall
hashcat --version
# hashcat version should be v3.5.0 or newer
#compile and install newest version of openssl in Ubuntu 14.04 LTS
cd
sudo DEBIAN_FRONTEND=noninteractive apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get --yes --force-yes install checkinstall build-essential
sudo DEBIAN_FRONTEND=noninteractive apt-get --yes --force-yes build-dep openssl
sudo rm -rf ~/openssl
git clone https://github.com/openssl/openssl.git
cd openssl
sudo ./config
sudo make
sudo make test
sudo checkinstall
sudo rm -rf ~/openssl
sudo mv /usr/bin/c_rehash /usr/bin/c_rehashBACKUP
sudo mv /usr/bin/openssl /usr/bin/opensslBACKUP
sudo ln -s /usr/local/bin/c_rehash /usr/bin/c_rehash
sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
openssl version
apt-cache show openssl

Dear Mac OS X and GNU/Linux users,

It is highly recommended to update the bash shell program to protect against the Shellshock vulnerability.

Update on October 8, 2014: working patch for vulnerability CVE-2014-6277 for Ubuntu 14.04 LTS users is now available via a PPA repository (ppa:ubuntu-security-proposed/ppa).

More info here:

https://www.cert.gov.uk/resources/alerts/update-bash-vulnerability-aka-shellshock/

http://security.stackexchange.com/questions/68202/how-to-patch-bash-on-osx-in-wake-of-shellshock

http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6271

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6277

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7186

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7187

https://securityblog.redhat.com/

I presume this will also affect home routers running a modified version of GNU/Linux, if the router has bash installed…

Stock Android users are unaffected (for the time being), because the stock version of Android uses mksh instead of bash according to this link:

https://www.mirbsd.org/mksh.htm

Non-jailbroken iPhones/iPads and non-rooted Android devices are not vulnerable to Shellshock.

However, jailbroken Android devices running Cydia or Cyanogen may have a vulnerable version of bash installed!

https://blog.fortinet.com/post/are-ios-and-android-vulnerable-to-the-shellshock-bug

Ubuntu 14.04 LTS users:

Here is the code to run in a Terminal to see if your installed version of bash is vulnerable or not:

wget https://shellshocker.net/shellshock_test.sh ; bash shellshock_test.sh

 

Example of Terminal output:

$ sudo add-apt-repository ppa:ubuntu-security-proposed/ppa

$ sudo apt-get update

$ sudo apt-get dist-upgrade

Fetched 1,531 kB in 10s (152 kB/s)

The following packages will be upgraded:
bash
1 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 576 kB of archives. After unpacking 0 B will be used.
Do you want to continue? [Y/n/?]
Get: 1 http://ppa.launchpad.net/ubuntu-security-proposed/ppa/ubuntu/ trusty/main bash amd64 4.3-7ubuntu1.5 [576 kB]
Fetched 576 kB in 0s (980 kB/s)
(Reading database … 331726 files and directories currently installed.)
Preparing to unpack …/bash_4.3-7ubuntu1.5_amd64.deb …
Unpacking bash (4.3-7ubuntu1.5) over (4.3-7ubuntu1.4) …
Processing triggers for man-db (2.6.7.1-1ubuntu1) …
Processing triggers for menu (2.1.46ubuntu1) …
Processing triggers for install-info (5.2.0.dfsg.1-2) …
Setting up bash (4.3-7ubuntu1.5) …
update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode
Processing triggers for menu (2.1.46ubuntu1) …

Current status: 0 updates [-1].
$ wget https://shellshocker.net/shellshock_test.sh ; bash shellshock_test.sh
–2014-10-08 09:30:50– https://shellshocker.net/shellshock_test.sh
Resolving shellshocker.net (shellshocker.net)… 162.159.243.171, 162.159.244.171, 2400:cb00:2048:1::a29f:f3ab, …
Connecting to shellshocker.net (shellshocker.net)|162.159.243.171|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 2533 (2.5K) [application/octet-stream]
Saving to: ‘shellshock_test.sh.7’

100%[=================================================================================================================================================================>] 2,533 –.-K/s in 0s

2014-10-08 09:30:51 (177 MB/s) – ‘shellshock_test.sh.7’ saved [2533/2533]

CVE-2014-6271 (original shellshock): not vulnerable
CVE-2014-6277 (segfault): not vulnerable
CVE-2014-6278 (Florian’s patch): not vulnerable
CVE-2014-7169 (taviso bug): not vulnerable
CVE-2014-7186 (redir_stack bug): not vulnerable
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable