Sandra Henry-Stocker

Author Archives: Sandra Henry-Stocker

4 vulnerabilities and exposures affect Intel-based systems; Red Hat responds

Four vulnerabilities were publicly disclosed related to Intel microprocessors. These vulnerabilities allow unprivileged attackers to bypass restrictions to gain read access to privileged memory. They include these common vulnerabilities and exposures (CVEs): CVE-2018-12126 - a flaw that could lead to information disclosure from the processor store buffer CVE-2018-12127 - an exploit of the microprocessor load operations that can provide data to an attacker about CPU registers and operations in the CPU pipeline CVE-2018-12130 - the most serious of the three issues and involved the implementation of the microprocessor fill buffers and can expose data within that buffer CVE-2019-11091 - a flaw in the implementation of the "fill buffer," a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache [ Also read: Linux hardening: a 15-step checklist for a secure Linux server ] Red Hat customers should update their systems Security updates will degrade system performance, but Red Hat strongly suggests that customers update their systems whether or not they believe themselves to be at risk.To read this article in full, please click here

4 vulnerabilities and exposures affect Intel-based systems; Red Hat responds

Four vulnerabilities were publicly disclosed related to Intel microprocessors. These vulnerabilities allow unprivileged attackers to bypass restrictions to gain read access to privileged memory. They include these common vulnerabilities and exposures (CVEs): CVE-2018-12126 - a flaw that could lead to information disclosure from the processor store buffer CVE-2018-12127 - an exploit of the microprocessor load operations that can provide data to an attacker about CPU registers and operations in the CPU pipeline CVE-2018-12130 - the most serious of the three issues and involved the implementation of the microprocessor fill buffers and can expose data within that buffer CVE-2019-11091 - a flaw in the implementation of the "fill buffer," a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache [ Also read: Linux hardening: a 15-step checklist for a secure Linux server ] Red Hat customers should update their systems Security updates will degrade system performance, but Red Hat strongly suggests that customers update their systems whether or not they believe themselves to be at risk.To read this article in full, please click here

When to be concerned about memory levels on Linux

Running out of memory on a Linux system is generally not a sign that there's a serious problem. Why? Because a healthy Linux system will cache disk activity in memory, basically gobbling memory that isn't being used, which is a very good thing.In other words, it doesn't allow memory to go to waste. It uses the spare memory to increase disk access speed, and it does this without taking memory away from running applications. This memory caching, as you might well imagine, is hundreds of times faster than working directly with the hard-disk drives (HDD) and significantly faster than solid-state drives. Full or near full memory normally means that a system is running as efficiently as it can — not that it's running into problems.To read this article in full, please click here

Red Hat Summit 2019: RHEL 8 arrives

Red Hat Summit 2019 is off to an exciting start. The conference, running from today until Thursday in Boston, is already tickling attendees’ fancies by announcing some very exciting developments.The first is Red Hat Enterprise Linux (RHEL) 8 — available now for everything from bare-metal servers and Linux containers to public and private clouds. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] RHEL 8 introduces Application Streams, which allow languages, frameworks, and developer tools to be updated frequently without impacting the core resources that have made Red Hat Enterprise Linux an enterprise benchmark. This feature brings quick developer innovation and production stability into the OS.To read this article in full, please click here

Looking into Linux modules

What are Linux modules? Kernel modules are chunks of code that are loaded and unloaded into the kernel as needed, thus extending the functionality of the kernel without requiring a reboot. In fact, unless users inquire about modules using commands like lsmod, they won't likely know that anything has changed.One important thing to understand is that there are lots of modules that will be in use on your Linux system at all times and that a lot of details are available if you're tempted to dive into the details.One of the prime ways that lsmod is used is to examine modules when a system isn't working properly. However, most of the time, modules load as needed and users don't need to be aware of how they are working.To read this article in full, please click here

How to identify same-content files on Linux

In a recent post, we looked at how to identify and locate files that are hard links (i.e., that point to the same disk content and share inodes). In this post, we'll check out commands for finding files that have the same content, but are not otherwise connected.Hard links are helpful because they allow files to exist in multiple places in the file system while not taking up any additional disk space. Copies of files, on the other hand, sometimes represent a big waste of disk space and run some risk of causing some confusion if you want to make updates. In this post, we're going to look at multiple ways to identify these files.To read this article in full, please click here

How to identify duplicate files on Linux

Identifying files that share disk space relies on making use of the fact that the files share the same inode — the data structure that stores all the information about a file except its name and content. If two or more files have different names and file system locations, yet share an inode, they also share content, ownership, permissions, etc.These files are often referred to as "hard links" — unlike symbolic links that simply point to other files by containing their names. Symbolic links are easy to pick out in a file listing by the "l" in the first position and -> symbol that refers to the file being referenced.$ ls -l my* -rw-r--r-- 4 shs shs 228 Apr 12 19:37 myfile lrwxrwxrwx 1 shs shs 6 Apr 15 11:18 myref -> myfile -rw-r--r-- 4 shs shs 228 Apr 12 19:37 mytwin Identifying hard links in a single directory is not as obvious, but it is still quite easy. If you list the files using the ls -i command and sort them by inode number, you can pick out the hard links fairly easily. In this type of ls output, the first column shows the inode numbers.To read Continue reading

Working with variables on Linux

A lot of important values are stored on Linux systems in what we call “variables,” but there are actually several types of variables and some interesting commands that can help you work with them. In a previous post, we looked at environment variables and where they are defined. In this post, we're going to look at variables that are used on the command line and within scripts.User variables While it's quite easy to set up a variable on the command line, there are a few interesting tricks. To set up a variable, all you need to do is something like this:To read this article in full, please click here

How to quickly deploy, run Linux applications as unikernels

Building and deploying lightweight apps is becoming an easier and more reliable process with the emergence of unikernels. While limited in functionality, unikernals offer many advantages in terms of speed and security.What are unikernels? A unikernel is a very specialized single-address-space machine image that is similar to the kind of cloud applications that have come to dominate so much of the internet, but they are considerably smaller and are single-purpose. They are lightweight, providing only the resources needed. They load very quickly and are considerably more secure -- having a very limited attack surface. Any drivers, I/O routines and support libraries that are required are included in the single executable. The resultant virtual image can then be booted and run without anything else being present. And they will often run 10 to 20 times faster than a container.To read this article in full, please click here

How to quickly deploy, run Linux applications as unikernels

Building and deploying lightweight apps is becoming an easier and more reliable process with the emergence of unikernels. While limited in functionality, unikernals offer many advantages in terms of speed and security.What are unikernels? A unikernel is a very specialized single-address-space machine image that is similar to the kind of cloud applications that have come to dominate so much of the internet, but they are considerably smaller and are single-purpose. They are lightweight, providing only the resources needed. They load very quickly and are considerably more secure -- having a very limited attack surface. Any drivers, I/O routines and support libraries that are required are included in the single executable. The resultant virtual image can then be booted and run without anything else being present. And they will often run 10 to 20 times faster than a container.To read this article in full, please click here

How to manage your Linux environment

The configuration of your user account on a Linux system simplifies your use of the system in a multitude of ways. You can run commands without knowing where they're located. You can reuse previously run commands without worrying how the system is keeping track of them. You can look at your email, view man pages, and get back to your home directory easily no matter where you might have wandered off to in the file system. And, when needed, you can tweak your account settings so that it works even more to your liking.Linux environment settings come from a series of files — some are system-wide (meaning they affect all user accounts) and some are configured in files that are sitting in your home directory. The system-wide settings take effect when you log in and local ones take effect right afterwards, so the changes that you make in your account will override system-wide settings. For bash users, these files include these system files:To read this article in full, please click here

Tips for using the Ip command to print from Linux systems

The lp command on Linux systems offers a range of printing options that allow you to print documents using a variety of options. In this post, we take a look at some that offer interesting possibilities.The recent Printing from the Linux command line post covers printing in double-sided and portrait mode. In this post, we'll look at printing: Multiple pages per sheet Specific pages or page ranges Pages with borders Multiple copies [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] How to print multiple pages per sheet With lp, you can print as many as 16 pages of a document on one side of a single sheet of paper. To specify the number of pages to print on a page, use the  lp -o number-up=# command (e.g.,  lp -o number-up=16 mydoc). If your document doesn't contain as many pages as you've requested in the layout, that's OK. The page will simply have an empty area.To read this article in full, please click here

Printing from the Linux command line

Printing from the Linux command line is easy. You use the lp command to request a print, and lpq to see what print jobs are in the queue, but things get a little more complicated when you want to print double-sided or use portrait mode. And there are lots of other things you might want to do — such as printing multiple copies of a document or canceling a print job. Let's check out some options for getting your printouts to look just the way you want them to when you're printing from the command line.Displaying printer settings To view your printer settings from the command line, use the lpoptions command. The output should look something like this:To read this article in full, please click here

How to configure a static IP address on Linux

IP addresses on Linux systems are often assigned automatically by Dynamic Host Configuration Protocol (DHCP) servers. These are referred to as "dynamic addresses" and may change any time the system is rebooted. When a system is a server or will be remotely administered, however, it is generally more convenient for these systems to have static addresses, providing stable and consistent connections with users and applications.Fortunately, the steps required to change a Linux system's IP address from dynamic to static are fairly easy, though they will be a little different depending on the distribution you are using. In this post, we'll look at how this task is managed on both Red Hat (RHEL) and Ubuntu systems.To read this article in full, please click here

Cryptocurrency miners exploit Docker flaw

According to Imperva research, a container flaw reported last month (CVE-2019-5736) in Docker's remote API has already been taken advantage of by hundreds of attackers.Imperva claims that they were able to locate 3,822 Docker hosts with the remote API (port 2735) publicly exposed. Of these, approximately 400 were accessible, and most of these were running a cryptocurrency miner for a lesser-known form of cryptocurrency called Monero. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] Monero (ticker symbol XMR) is an open-source cryptocurrency that was created in April 2014. It focuses on fungibility (individual units are essentially interchangeable), privacy, and decentralization. It also takes advantage of an obfuscated public ledger. That means anyone can broadcast or send transactions, but outside observers cannot tell the source, amount, or destination of the funds.To read this article in full, please click here

Cryptocurrency miners exploit Docker flaw

According to Imperva research, a container flaw reported last month (CVE-2019-5736) in Docker's remote API has already been taken advantage of by hundreds of attackers.Imperva claims that they were able to locate 3,822 Docker hosts with the remote API (port 2735) publicly exposed. Of these, approximately 400 were accessible, and most of these were running a cryptocurrency miner for a lesser-known form of cryptocurrency called Monero. [ Two-Minute Linux Tips: Learn how to master a host of Linux commands in these 2-minute video tutorials ] Monero (ticker symbol XMR) is an open-source cryptocurrency that was created in April 2014. It focuses on fungibility (individual units are essentially interchangeable), privacy, and decentralization. It also takes advantage of an obfuscated public ledger. That means anyone can broadcast or send transactions, but outside observers cannot tell the source, amount, or destination of the funds.To read this article in full, please click here

Linux security: Cmd provides visibility, control over user activity

There's a new Linux security tool you should be aware of — Cmd (pronounced "see em dee") dramatically modifies the kind of control that can be exercised over Linux users. It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems.Provided by a company of the same name, Cmd focuses on cloud usage. Given the increasing number of applications being migrated into cloud environments that rely on Linux, gaps in the available tools make it difficult to adequately enforce required security. However, Cmd can also be used to manage and protect on-premises systems.To read this article in full, please click here

Linux security: Cmd provides visibility, control over user activity

There's a new Linux security tool you should be aware of — Cmd (pronounced "see em dee") dramatically modifies the kind of control that can be exercised over Linux users. It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems.Provided by a company of the same name, Cmd focuses on cloud usage. Given the increasing number of applications being migrated into cloud environments that rely on Linux, gaps in the available tools make it difficult to adequately enforce required security. However, Cmd can also be used to manage and protect on-premises systems.To read this article in full, please click here

Linux security: Cmd provides visibility, control over user activity

There's a new Linux security tool you should be aware of — Cmd (pronounced "see em dee") dramatically modifies the kind of control that can be exercised over Linux users. It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems.Provided by a company of the same name, Cmd focuses on cloud usage. Given the increasing number of applications being migrated into cloud environments that rely on Linux, gaps in the available tools make it difficult to adequately enforce required security. However, Cmd can also be used to manage and protect on-premises systems.To read this article in full, please click here

Linux security: Cmd provides visibility, control over user activity

There's a new Linux security tool you should be aware of — Cmd (pronounced "see em dee") dramatically modifies the kind of control that can be exercised over Linux users. It reaches way beyond the traditional configuration of user privileges and takes an active role in monitoring and controlling the commands that users are able to run on Linux systems.Provided by a company of the same name, Cmd focuses on cloud usage. Given the increasing number of applications being migrated into cloud environments that rely on Linux, gaps in the available tools make it difficult to adequately enforce required security. However, Cmd can also be used to manage and protect on-premises systems.To read this article in full, please click here

1 2 3 11