Security   Security – Sudo vulnerability allows privilege scalation



A 10 year old sudo related flaw has been discovered that can make unprivileged users obtain root permissions. Linux admins should patch this critical vulnerability as soon as possible.

Read more:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156

Debian

Vulnerable

$ sudoedit -s /
sudoedit: /: not a regular file

Patch

$ sudo apt update
$ sudo apt install sudo

NOT Vulnerable

$ sudoedit -s 
Read more

Security   Security – Error installing Kali: “Installation step failed”



When I was installing a Kali virtual machine, I came across an error in the “Software selection” step

After confirming the software, the installation shows an “Installation step failed” message.

After browsing through some sites and forums, apparently the problem could be related to not configuring enough space and a suggestion is configuring more than 30-40 GB. But no luck, … Read more

Windows   Windows – Error connecting RDS RemoteApp Terminal services



“The list of RemoteApp programs cannot be accessed. Verify that the management console is connected to the correct server and that you have Administrator privileges on the server, and then try again.”

Checking winrm everything seems to be correct:

c:\>  winmgmt /salvagerepository
WMI repository is consistent

c:\> winmgmt /verifyrepository
WMI repository is consistent

But after resetting the repository, the … Read more

EXCHANGE   Exchange – A reboot from a previous installation is pending



When updating Exchange you probably con come across the following error in the prerequisite analysis:

A reboot from a previous installation is pending

The way to solve it is supposed to be by rebooting the server in order to apply any previously pending installed windows updates or whatever… but it never works, at least for me.

If it is also … Read more

Linux   Linux – rsyslog: parsing and splitting message fields



Until now I hadn’t used the options and features rsyslog comes with. Let me show a simple example I have done today. This is an example log line rsyslog has received from iptables (I have configured iptables to log certain connections attempts to identify and save devices with malware):

Sep 29 15:30:39 myserver kernel: [malware3] IN=ens192 OUT=ens192 MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=10.15.13.17 
Read more

Linux   Linux – Simple DNS server using DNSmasq



This article offers a 5 min howto about configuring your own DNS server (perhaps for your company or maybe for your home network) using DNSmasq. Obviously, only the surface is covered on this post.

Given my router does not allow me to add host entries for local DNS resolution, I decided to use DNSMasq on one of my internal network … Read more

F5 BIG-IP icon   F5 BIG-IP – Vulnerability!! CVE-2020-5902 – Remote Code Execution (RCE)



Security Advisory Description

The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. (CVE-2020-5902)

Description

This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the Configuration utility, through the BIG-IP management port and/or self IPs, to execute arbitrary system commandsRead more

IRONPORT icon   Ironport – Strip DisplayName from From header



Yesterday I came across a request in which for a group of email users, the display name must be removed when sending to recipients outside the organization.

Concretely, those whose email is in format XXXX@domain.com  (where XXXX are digits) must be “anonymized”. For example:

When certain of those users sends an email to an internal recipient, the header from should … Read more

F5 BIG-IP icon   F5 BIG-IP – Dynamic RDP destination for APM



Portal access (APM) allows user access internal resources such as servers and computers via Remote Desktop (RDP). There are 3 options to to configure the destination host when configuring the RDP resource:

  • Hostname
  • IP Address
  • User defined

Problem

Hostname and IP address are a fixed destination. In case you need different destinations based on the logged user, you would … Read more

Icinga icon   Icinga – Notification template with notes support



I have just configured an Icinga2 notification template for hosts and services to replace the ugly and impractical default one.

Features

Not big things but useful in my opinion

Clear and nicely formatted layout

State based colors

State based icons

UTF Icons are included depending on the state of the host or service

Notes support

This notifications scripts can include … Read more