I wish you a merry Christmas, beautiful holidays and a happy new year.
Last week OISF announced a new tool called suricata-update. It's a smart tool for updating suricata rules from remote sources like Emerging Threats. It's works similar to oinkmaster or pulledpork. The main advantage is that it works great with suricata, makes backup of previous rulesets and tests the rules before applying them. Yesterday it reminded me about deprecated options in my suricata-configuration because of the tests it runs(suricata -T).
I worked the last weeks on suricatas configuration-parser and fixed a couple of minor bugs. Some of them made it to the new suricata 4.0.3 release.
If you type in a wrong command, bash-insulter will insult you badly.
A few weeks ago I started cmus to read in all my music and it crashed badly. I wondered how this could happen and started to investigate. So I figured out that it crashed with a segfault. After compiling it with debugging-symbols and running it with gdb I located the bug in the libcue-library and I also found out the reason why: libcue doesn't handle unicode-files and one of my cue-files was unicode encodeded. So libcue started to detect a lot of "bad characters" before it segfaulted.
Even if I was a little bit lazy and did not write much lately, I am very proud to announce the third anniversary of this blog.
I wrote a role for managing MaraDNS with Ansible.
- Ansible 2.1+ (might ork with prior versions too)
- Debian-based Linux-distribution
ansible-galaxy install whotwagner.maradns
Check_MK is a great monitoring tool. One of it's strengths actually is, that it can automatically detect services and monitors it. I always monitored all public ip-addresses of my servers if they are listed on any dns-blacklist. I had to add new public ip's manually, so I reached out for a new solution. I found a nice little plugin in a GitHub-repository of HeinleinSupport. The plugin waIs great, but I missed two things.
A few months ago I published a vulnerability in OpenElecs updater. I successfully hacked remotely OpenElec version 6.x.x and 7.x.x . OpenElec 8 is available for a while and reached version 8.0.4. So I tested the bug against this version and it's still open. An attacker who is Man-In-The-Middle can remotely compromise Openelec-Updates and plant a reverse-shell on the target.