FUN WITH LINUX

Improving suricatas configuration-parser

10 December 2017

I worked the last weeks on suricatas configuration-parser and fixed a couple of minor bugs. Some of them made it to the new suricata 4.0.3 release.

Read more..
Bash-Insulter: insults you after typing a wrong command

17 November 2017

If you type in a wrong command, bash-insulter will insult you badly.

Read more..
How I fixed a bug in my favourite media player

9 November 2017

A few weeks ago I started cmus to read in all my music and it crashed badly. I wondered how this could happen and started to investigate. So I figured out that it crashed with a segfault. After compiling it with debugging-symbols and running it with gdb I located the bug in the libcue-library and I also found out the reason why: libcue doesn’t handle unicode-files and one of my cue-files was unicode encodeded. So libcue started to detect a lot of “bad characters” before it segfaulted. The following lines of code leaded to a memory corruption:

Read more..
Third Anniversary

7 November 2017

Even if I was a little bit lazy and did not write much lately, I am very proud to announce the third anniversary of this blog.

Read more..
Managing MaraDNS with Ansible

28 August 2017

I wrote a role for managing MaraDNS with Ansible.

Requirements

  • Ansible 2.1+ (might ork with prior versions too)
  • Debian-based Linux-distribution
Read more..
check_mk-rbl - A check_mk-plugin that monitors public ipv4 addresses

20 August 2017

Check_MK is a great monitoring tool. One of it’s strengths actually is, that it can automatically detect services and monitors it. I always monitored all public ip-addresses of my servers if they are listed on any dns-blacklist. I  had to add new public ip’s manually, so I reached out for a new solution. I found a nice little plugin in a GitHub-repository of HeinleinSupport. The plugin waIs great, but I missed two things. First, it checks all Ipv4-addresses of a server,  including private addresses and second it uses hardcoded dnsrbl-server. So I modified the script so that it checks only public addresses and it can use an ini-file, if it exists(otherwhise it still uses hardcoded dns-servers). My modified version check_mk-rbl is available on github.

Read more..
OpenElec: CVE-2017-6445 revisited

25 June 2017

A few months ago I published a vulnerability in OpenElecs updater. I successfully hacked remotely OpenElec version 6.x.x and 7.x.x . OpenElec 8 is available for a while and reached version 8.0.4. So I tested the bug against this version and it’s still open. An attacker who is Man-In-The-Middle can remotely compromise Openelec-Updates and plant a reverse-shell on the target.

Read more..
Debian Stretch released

18 June 2017

On Saturday the Debian Project announced the release of Debian 9 “Stretch”. This means that Jessie will be oldstable and Wheezy won’t recieve any updates anymore. So it’s time to dist-upgrade.

Read more..
Using the new statx() system-call

4 June 2017

In the Linux Kernel 4.11 a new system-call statx() was introduced. The old stat() system-call is used to get meta-data(like size, permissions aso.) of files and directories. Stat() lacks functionallity for remote filesystems and collects all the information of a file at once which might lead to slow operations. Statx() is a new implementation of stat. The caller can request specific information(like just the size of a file) to speed up the call. If the filesystem is a remote filesystem, it is possible to let statx() first sync with the remote-server before requesting the information(or just be fine with the cached infos). Another nice feature is that statx() can also be used to get extra fileattributes like: “is the file encrypted or compressed?”.

Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti