Category Archives: Linux

Tails, the OS used by Edward Snowden

Linux, , , ,

When NSA whistle-blower Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. But this month, we learned that Snowden used another technology to keep his communications out of the NSA’s prying eyes. It’s called Tails. And naturally, nobody knows exactly who created it.

Tails is a kind of computer-in-a-box. You install it on a DVD or USB drive, boot up the computer from the drive and, voila, you’re pretty close to anonymous on the internet. At its heart, Tails is a version of the Linux operating system optimized for anonymity. It comes with several privacy and encryption tools, most notably Tor, an application that anonymizes a user’s internet traffic by routing it through a network of computers run by volunteers around the world.

Read more at: http://www.wired.com/2014/04/tails/

 

 

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:

  • use the Internet anonymously and circumvent censorship;
    all connections to the Internet are forced to go through the Tor network;
  • leave no trace on the computer you are using unless you ask it explicitly;
  • use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

KVM – Witsbits

Linux, ,

Witsbits enables you to set up your servers with virtualization and deploy virtual machines faster than ever before. It’s a complete virtualization solution with a self-upgrading hypervisor and cloud-based centralized management, reducing time spent on maintenance to a fraction of what other solutions require. The self-configuring hypervisor comes as a Live CD, delivering the fastest time-to-deployment by removing the need for spending time on installation and configuration.

Read more at http://www.linux-kvm.org/page/Management_Tools

THE FASTEST PATH TO CLOUD MANAGEMENT

Your bare-metal servers will be ready to host virtual machines within 10 minutes. You will never have to upgrade your servers. You don’t have to install centralized management.

http://witsbits.com/

Hardware Requirements

Processor

You can use any 64bit x86 PC with 2GB of RAM and a CPU with virtualization extensions (Intel® VT-x or AMD-V™).

Info: Most CPUs has virtualization extensions, for details see Intel‘s and AMD‘s respective lists of virtualization capable processors.

Info: You may successfully use a CPU that lacks virtualization extensions with Witsbits to host Linux VMs. It will work, but with reduced performance. Windows VMs will however not work without enabled virtualization extensions.

Storage

For local storage devices you need a hard drive of at least 20GB. Alternatively you may use NFS for completely diskless servers. Or any combination of the two.

Network

The following network ports are required to be open in firewall for outgoing traffic: 443/TCP and 873/TCP.

5 Sets to secure you against OpenSSL the Heartbleed Bug

Linux,

 

“Leaked secret keys allows the attacker to decrypt any past and future traffic”
http://heartbleed.com/

Protect your Server Against the Heartbleed OpenSSL Vulnerability

Linux,

Update your System

PLEASE NOTICE: Backup all your system before big updates!

Ubuntu and Debian

sudo apt-get update
sudo apt-get dist-upgrade

CentOS and Fedora

yum update

 

Checking your Version Numbers

Debian and Ubuntu Releases and Fix Versions

dpkg -l | grep "openssl"
  • Ubuntu 10.04: Unaffected (Shipped with older version prior to vulnerability)
  • Ubuntu 12.04: 1.0.1-4ubuntu5.12
  • Ubuntu 12.10: 1.0.1c-3ubuntu2.7
  • Ubuntu 13.04: SUPPORT END OF LIFE REACHED, SHOULD UPGRADE
  • Ubuntu 13.10: 1.0.1e-3ubuntu1.2
  • Debian 6 (Squeeze): Unaffected (Shipped with older version prior to vulnerability)
  • Debian 7 (Wheezy): 1.0.1e-2+deb7u6
  • Debian testing (Jessie): 1.0.1g-1
  • Debian unstable (Sid): 1.0.1g-1

If you are using Ubuntu 13.04 its HIGHLY RECOMMENDED for you to upgrade your version.
PLEASE NOTICE: Backup all your system before big updates!
Check for your OpenSSL version
dpkg -l | grep “openssl”

Check for your Ubuntu version
lsb_release -a

root@localhost:~# dpkg -l | grep "openssl"
ii libcurl4-openssl-dev 7.29.0-1ubuntu3.4 amd64 development files and documentation for libcurl (OpenSSL flavour)
ii libgnutls-openssl27:amd64 2.12.23-1ubuntu1.1 amd64 GNU TLS library - OpenSSL wrapper
ii openssl 1.0.1c-4ubuntu8.2 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools
root@localhost:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 13.04
Release: 13.04
Codename: raring

CentOS and Fedora Releases and Fix Versions

rpm -q -a | grep "openssl"
  • CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
  • CentOS 6: openssl-1.0.1e-16.el6.5.7
  • Fedora 17: Unaffected (Shipped with older version prior to vulnerability)
  • Fedora 19: openssl-1.0.1e-37.fc19.1If your OpenSSL Fedora version number doesn’t ends in .1 you are vulnerable!

 

Check for your OpenSSL version
rpm -q -a | grep “openssl”

Check for your Ubuntu version
cat /etc/redhat-release

[root@stream4 ~]# rpm -q -a | grep "openssl"
openssl-1.0.1e-16.el6_5.4.x86_64
[root@stream4 ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

 

Revoking and Reissuing your SSL Certs/Keys

  • regenerate your certificate using a new private key
  • create new key and then create the certificate or send CSR to certificate authority issuer to create the new certificate
  • replace the old certificate and start using the new ones.

 

Continue reading Protect your Server Against the Heartbleed OpenSSL Vulnerability

OpenSSL Security Advisory [07 Apr 2014] – TLS heartbeat read overrun

Linux, ,

 

OpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <[email protected]> and Bodo Moeller <[email protected]> for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

How to test server speed in your console/terminal

Linux, ,

This is how!

wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py
chmod +x speedtest-cli
./speedtest-cli

This are what results might look like

[root@stream4 ~]# ./speedtest-cli
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Fundacao para a Ciencia e a Tecnologia (193.137.171.XX)...
Selecting best server based on ping...
Hosted by Vodafone PT (Porto) [56.28 km]: 12.239 ms
Testing download speed........................................
Download: 80.28 Mbit/s
Testing upload speed..................................................
Upload: 80.26 Mbit/s