Archive for November, 2003

A severe vulnerability was discovered in GnuPG

Friday, November 28th, 2003

From GnuPG site

A severe problem with ElGamal sign+encrypt keys has been found. This leads to a full compromise of the private key. Fortunately those keys are not in wide use and only creatable using special options.

Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds.

Please take immediate action and revoke your ElGamal signing keys. Furthermore you should take whatever measures necessary to limit the damage done for signed or encrypted documents using that key

More information here.

Apache: Customizing error responses

Wednesday, November 19th, 2003

Apache provides the possibility to customize the HTTP error codes returned to your clients. If you hate the default error messages that Apache displays or you simply want to fit those messages to your own needs, read on…

The easiest way to start is by simply adding the following lines to your httpd.conf configuration file:

(more…)

Apache ServerTokens

Monday, November 17th, 2003

The Apache’s ServerTokens directive controls whether Server response header field which is sent back to clients, includes a description of the generic OS-type of the server as well as information about compiled-in modules.

As many worms/viruses check the Server header before attempting an exploit in order to choose the best attack available, it could be a good idea to provide the minimal information possible (the default is to provide full information). Edit your httpd.conf and add the following:

ServerTokens Prod

This will only send the string Apache in the Server header.

Note that this would not stop skilled bad guys, but would slow down those kiddies playing around.

Blocking/unblocking replies to ping

Monday, November 17th, 2003

As you probably know, ping is a tool that lets you ckeck the reachability of another host, in other words it lets you verify that a particular IP address exists and can accept requests.

ping sends ICMP (Internet Control Message Protocol) messages encapsulated into IP packets to check the reachability of a given host. The basic mechanism is simple, ping sends an ICMP echo request message (type 0) and waits for an ICMP echo reply message (type 8) by the receiving host. If the destination host is unreachable you’ll get back something like this:

(more…)

Deleting “^M” characters from your text file

Friday, November 14th, 2003

Today I’ve downloaded a text file and I’ve found a lot of CTRL+M (15 octal character) garbage characters. This could be caused by a mistake when downloading the file with FTP bin mode enabled… who knows…

Anyway, our friend the tr command is here to help…

tr, as the man page tells, translates or deletes characters. If you want to delete those characters try this:

tr -d ‘\15′ < annoying_file.txt > clean_file.txt

Be careful! The above command will delete the CTRL+M characters. It’s better to substitute them by line breaks:

tr ‘\15′ ‘\12′ < annoying_file.txt > clean_file.txt

If you want to delete the original file…

tr ‘\15′ ‘\12′ < annoying_file.txt > clean_file.txt && rm annoying_file.txt

Are my interfaces in promiscuous mode?

Monday, November 10th, 2003

When a network interface is in promiscuous mode the machine can see all network packets, even those destined to another machine. Under Solaris, there is no way to determine if your box’s network interfaces are in promiscuous mode.

One of the reasons your box is in promiscuous mode is due to sniffer programs such as snoop or tcpdump. The ifstatus tool can help to see the mode of your interfaces.

How to disable automounter?

Monday, November 10th, 2003

Sometimes, for security reasons you should need to disable automounter. Automounter is controlled by the /etc/auto_* configuration files.

The easiest way to disable it is to remove /etc/auto_* and disable the /etc/rc2.d/S74autofs.

cd /etc
rm auto_*
cd /etc/rc2.d
mv S74autofs OFF_S74autofs

Starting a daemon at boot time

Monday, November 10th, 2003

Once you have installed a new package, say, MySQL you should configure Gentoo to automatically start the daemon at boot time.

(more…)