Profile cover photo
Profile photo
Redpill Linpro
59 followers -
We are changing the game
We are changing the game

59 followers
About
Redpill's posts

Post has attachment
"So, management wants a microsite for blog-entries ASAP, while the techs wants to use tools they are used to - markdown and git. On top of that, we have a limited spare time for implementing a new solution. In the intersection of that lies Jekyll!"

Welcome to our new techblog. Here you find tech-related entries which interests the techies (and other employees) at Redpill Linpro.

We hope you enjoy the articles! 

Post has attachment
Sneak peek at the new developer dashboard for Puppet Server.

Security tip of the week - Stay patched

An increasing number of viruses and worms is so-called ransomware.
Ransomware encrypts your data and demands money to decrypt it, and
unless you have a working backup you can usually choose between paying
the blackmailers or consider your data lost.

Keeping your systems patched with the latest security upgrades will
help in being resistant to such attacks. Making sure to make backups
is always a good idea, and remember that a backup is not valid until
you have tested restoring it.

The final factor is the human factor: Be skeptical of links and
attachments in email or elsewhere; blindly following social media
links is also a risk. Think twice before clicking!


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW68+CAAoJEJSHxCdylOvbKSAP/jGBrB46r122/1i57UnI9QPy
yCFgnLgYC6WEfZgsbMaL3IKFliGJVaQZLr82Gc6PnwbriWJAh56qPtuW4J4+dIIS
/WDR5tjtMCZdP7sZfFTDS3BroIVZsM1uKOUGkwoUiQU0KqdDQY9nt+cDo/9j3IJd
Eu3DxfgtO0aeTU6naH1HsNp3I+7BOLyqmslER/beTg+SLTsOJisFjNzdkT3eahIu
2dIbB1T5zobg7ndHUxqbh79MMiOH4AUHlFDzsseZj5OEuJC76mMuk2U4d48JDbFO
S0mNo6cIFkxoLEfFVa5TyKUF5BRTFBnPyhX+Eo28PnzEFqHM1Jf9iFZWMThYMK1Y
RYUCFlkBixoVG6Fug9ADnRRsTl3Ic3B6bZMyUhJLbtzDifkkqxaRyO10UwxP40kx
bNKKoDtfJ6U6tQM6XNt/hoOxiPdSqUTRiiGn3BSPZlrkBrJXo4jGIeXIfP77EFcp
81nmddPDBscUfaCo8RJCe/2LaiJIV/KbGnySGGCCaybpwKzI46SyuM9L2RfeUAvb
fvW6RBB4Vx1jzC6BboRICq3rU/Bl7ss3WbIqxWPK3JpNGAtY9kneJG02TbvhKbYg
4v0GloR2kP967zh+Lu89zCEOzorU3Uz7AbC568vFZ0dqjnwo7QiQiavuSQAKSdnj
3UIGiCEsaZ9g2re2Z6BL
=fMGX
----END PGP SIGNATURE----


Post has attachment
Security tip of the week - What are rootkits and botnets, and why should you care?

A botnet is a coordinated mass of infected or compromised systems that take instructions from a control center ("C&C", command and control). A botnet can have many forms, from hidden instances of Internet Explorer teaming up to DDoS a site (which is what happened to a Redpill Linpro customer a few years ago), via infected ADSL routers in peoples' homes, to fully compromised server installations where attackers have gained foothold.

Common for most botnets is that they'll enable their coordinator to perform lots of tasks at the same time, be it a synchronized HTTP attack on a site or a burst of spam submitted with compromised end-user mail credentials. An RL customer with more than 70 000 mail accounts sees this regularly, with short bursts of mail logins from 5-50 different locations all over the world within a time frame of few minutes.

Rootkits may be involved in botnets, but not necessarily. A rootkit is most often a suite of services an intruder installs on a system so he'll be able to get back in when necessary. When a vulnerable system is found, some attackers will install a rootkit but not use it just yet - in some cases the intruders will "collect" systems and not use any of them until a certain number has been prepared. Others will use the foothold sparingly, since suspicious activity might make the system owner aware of a problem.

The evidence of combinations of those two is often seen in web server logs, where an existing botnet tries to expand by launching attacks through vulnerable web code or web servers. Such an attack will often take place in phases. First, the automated botnet finds a vulnerable system that lets it run its own code. This code will often "phone home" and let the controlling person(s) know that a new system has been prepared, usually by sending an email or connect to an IRC server. In some situations the botnet does not move beyond this stage, as this will be sufficient for having the infected system take part in activities like DDoS attacks. But some will also try to gain a better foothold, by downloading more code in order to escalate privileges (e.g. from the "www-data" user to the "root" user). If successful, the botnet may install a rootkit, paving the way so that the admin may log in with root privileges at will.

More information about botnets and rootkits can be found, well, a lot of places. The US-CERT article at https://www.us-cert.gov/ncas/tips/ST06-001 is a good starting point.







Post has attachment
Last day of Puppet Fundamentals, in Solna, with instructor Anna Kennedy.
Photo

Post has attachment
Security tip of the day - New glibc vulnerability, patch your systems

A recent vulnerability in a Linux core library has been disclosed. This affects all kind of Linux installations, not only servers. If you have not already installed the updated patches, you should do it now.

Even though this vulnerability has not (yet) been given a name nor logo to make it look even more dangerous in mainstream media, this could be somewhat equal to last year's GHOST vulnerability.

More info and links to follow:
https://www.cert.se/2016/02/allvarlig-sarbarhet-upptackt-i-glibc

Post has attachment
Curious about what can happen when you contribute a module to the Puppet Forge? Report (in blog form).

Post has attachment
Get to know the magic formula for scaling CloudForms in this video from Red Hat.

Post has attachment
One barrier to participating in open source projects is not knowing how to join and get started. In this article, Sergey Bronnikov explain the "how to".

Post has attachment
Security tip of the week - Prevent, or at least know about, unauthorized privilege escalations

If you run or maintain an Internet connected service like a web server,
mail server etc, chances are that someone will try to gain unauthorized
access. While systems that are patched regularly will most often
withstand such attempts, there could be other reasons why someone
uninvited suddenly finds a way into your server.

Unauthorized access, for example someone remote being able to execute
code as your web server's user account, is bad. Unauthorized privilege
escalation, e.g. someone manipulating the web server's user account into
exploiting a system vulnerability to obtain root privileges, is even worse.

"Ninja" is a privilege escalation detection and prevention
system for GNU/Linux hosts, designed to detect and possibly prevent
unauthorized privilege escalation. Configured correctly, Ninja will
ignore privilege escalations (e.g. su and sudo) from whitelisted users
and groups, and take action on any other attempts. Ninja can log to a
file, send emails, or generate a Nagios/Icinga alarm. http://forkbomb.org/ninja/

Wait while more posts are being loaded