Author Archives: meme

shellshock bash horror and Apache

Also referred to as CVE-2014-6271, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187, the now infamous shellshock flaw refers to Bash being able to blindly run commands inside specially crafted environment variables.

Just run env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
OR
env var='() {(a)=>\' bash -c "echo vulnerable"; cat echo.
If in the output you find the word vulnerable, then you are.

A few of the identified attack vectors are:

ForceCommand of OpenSSH;

Apache with mod_cgi or mod_cgid;

DHCP invoking shell scripts to configure clients;

And possibly many other.

What I want to focus on here is Apache and mod_cgi, because that seems the most exposed vector of attack and because nobody actually mentions the dependencies for this attack to be successful.

As a note, at the moment there is conflicting information on whether this affects mod_php with exec functions enabled. Quoting from securityblog.redhat.com: PHP scripts executed with mod_php are not affected even if they spawn subshells.
But I haven’t tested this myself as of yet.

In order to make this work under mod_cgi you would need to meet the following conditions:

a script which spawns a shell, like #!/bin/bash or by using popen(), exec, shell_exec etc;

that same script parsed by mod_cgi (by default it executes only extensions with .cgi, as defined by AddHandler cgi-script .cgi);

have the script publicly discoverable – possibly through Google dorking for /bin/bash.

how to permanently protect against openssl vulnerabilities

crontab -l # fuu openssl 10 0 * * * yum -y update openssl openssl-devel gnutls > /dev/null 2>&1

*also needs restarting apache/nginx/php-fpm

blocked because of many connection errors-Haproxy-MySQL

Host ‘somehost’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’

The cache contains information about errors that occur during the connection process. Some errors are considered “blocking.” If too many of these occur successively from a given host without a successful connection, the server blocks further connections from that host. The max_connect_errors system variable determines the number of permitted errors before blocking occurs.

MariaDB and Galera on AWS Amazon Linux

Using the repo from MariaDB to install Galera on an Amazon Linux machine (which is derived from CentOS) will most probably yield an error, due to the changes made to this OS fork.
Continue reading →

galera my.cnf

[mysqld] user = root port = 3306 datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql #log_error = /var/log/mysql/error.log #log_slow_queries = /var/log/mysql/mysql-slow.log #long_query_time = 3 #log-queries-not-using-indexes skip-name-resolve bind-address = 0.0.0.0 max_connections = 400 max_allowed_packet = 16M myisam-recover = BACKUP wsrep_provider = /usr/lib64/galera/libgalera_smm.so wsrep_cluster_name = "galera-cluster" wsrep_node_name = "node1-192.168.0.1" wsrep_cluster_address = "gcomm://192.168.0.2,192.168.0.3" wsrep_provider_options = "gcache.dir=/var/lib/mysql;gcache.size=512M;gcache.mem_size=256M" wsrep_replicate_myisam = ON wsrep_slave_threads = 4 wsrep_sst_method=xtrabackup wsrep_sst_auth=root:password #thread_concurrency = 10 #log-bin = mysql-bin binlog_format = ROW #must be set #expire_logs_days = 2 #max_binlog_size = 512M #skip-host-cache # query_cache_type = 0 #according to the doc, query cache should not be used #query_cache_size = 0 #query_cache_limit = 32M #query_cache_min_res_unit = 128 #thread_stack = 256K #thread_cache_size = 350 #table_open_cache = 30000 #key_buffer_size = 128M #sort_buffer_size = 512K #myisam_sort_buffer_size = 512K #read_buffer_size = 256K #read_rnd_buffer_size = 512K #join_buffer_size = 1M #bulk_insert_buffer_size = 16M #myisam_sort_buffer_size = 8M #tmp_table_size = 64M #max_heap_table_size = 64M ## #innodb_buffer_pool_size = 2G #innodb_additional_mem_pool_size=20M #innodb_buffer_pool_instances = 4 innodb_flush_log_at_trx_commit=2 #must be set #innodb_flush_method=O_DIRECT #innodb_read_io_threads = 4 #innodb_write_io_threads = 4 #innodb_thread_concurrency = 4 #innodb_log_file_size = 5M #innodb_log_buffer_size = 32M #innodb_file_per_table = 1 #innodb_stats_on_metadata = 0 #innodb_open_files = 400 #innodb_io_capacity = 400 innodb_autoinc_lock_mode = 2 #must be set