Skip to main content

Posts

Solution and Step to fix CVE-2019-5736 Vulnerability - Docker

Recently a new vulnerability has been discovered in the the internet market having target to Docker services. What is this Vulnerability: In short, Docker service uses another service called as runc which is container run time to spawn and run containers. which simply means if docker task is to create docker images then runc task would be running them and attaching a process to container. So as per the recent discovery by the maintainers of runc, the code of this service was having some bug which can be used by attackers to gain the root level of access of the host machine on which docker containers are running. How it can be Exploited: This vulnerability can be exploited in two ways (1) if the docker images are in use is vulnerable making the containers build from it vulnerable also (2) if somehow attacker got the access of containers and then trying to exploit using the bug present in runc and trying to get root privileges. Solution to Fix Vulnerability: Ce...

Know Your GIT Server

If you are a developer you might be familiar with version control in your dev life. Even if you are system admin working on Windows/Linux/Unix then also you may come across version control. For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com                The point is if you know it its Good :) but if you do not know there is no need to worry. I will try to explain it to you as easy as possible.                                                                       What is Version Control A version control (VC) is a system which keeps an eye on your files (which you provide to him) over a period of time for all changes you are doing like updating, deleting etc and making a data for all these changes you are...

Sweet32 - Vulnerbility

Recently there was another Vulnerability grab My attention which was related to DES and Tripple DES (3DES) , Any men in the middle can exploit this vulnerability by capturing large amount of encrypted data and thus recover plain text sensitive data. Severity : Medium CVE Number : CVE-2016-2183 For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com Remediation : You need to disable any ciphers starting with DES and 3DES supported by Server by any service present on server for example Apache Nginx etc   Important Point to Remember : 1 :   Normally old browser don't supports DES and 3DES ciphers. It is very important to note that in many cases, a software update (back-ported version provided by Operating System vendor ) won't be enough to resolve this issue. Usually software update doesn't overwrite manually tweaked configuration files, which means, DES/3DES can be still available, even if the software up...

Linux Bug - Dirty COW

Recently World of Linux come across yet another bug which is haunting the nix users all over the world. This bug has given a name COW and its associated CVE number is CVE-2016-5195. Its kind of funny how this bug get their names, this too grab my attention when i first heard about it as COW ! i laughed out like what ? :) For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com Background : later when I started reading about this bug in details got to know how this bug got his name, which nothing but a " copy-on-write " technique which Linux kernel uses to maintain the private read -only memory mapping and this technique have some flaws in it since 2007 woohooo that was way long back. In other words if i have to say is this bugs allow a server to become completely compromised through local privilege escalation. This vulnerability is specific to the Linux Kernel, and exploiting this vulnerability does require a local system user...

Optimization of Redis

In this Post, I am going to cover how to optimized REDIS  (recently i was reading this random blog giving more clear insight on what is redis and what the use of it in real world) instances as per our requirement. if you are not aware about REDIS at all, you can refer to my previous post where i have covered How To install REDIS on Centos/Redhat servers which goes here . How To Create Multiple instances of REDIS which goes here . What is the Best Standard method to configure REDIS which goes here . So, Lets see how to optimize our redis server. few points you need to keep in mind that which are important while doing optimization and we are going to learn more about shortly. For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com Remove any errors you are seeing under redis logs Check the amount of cache size your site is using for each port Set proper eviction policy for redis keys Set proper kernel Settings t...

Standard Configuration file for Redis

In my earlier post i have covered how to run multiple instances of redis also showed through a video how it can done. In this post, I am going to cover best suitable redis (recently i come across this beautiful blog simplifying the concept of redis and its uses in real world) configuration file structure to have to minimize confusion to identify which ports belong to which cache. for example if you are having several ports configured for redis, how you will determine which port is associated with which redis cache.So in our case i.e redis with Magento, we normally used 3 types of cache Cache (magneto configuration files cache)  Full Page Cache Session Cache  So, to avoid confusion among the ports and its associated cache, i would recommend to use following data in your redis configuration for each port respectively as shown.   For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com 1) Create a file with name redis-base.conf ...

Multiple instances of redis

In the last post I have covered how to install redis server on Centos/Rhel using rpm method and yum method and some troubleshooting skills. In this post i am going to cover how to install and configure redis to run with multiple ports.                                                                           But why we need more ports ? If you have read my earlier post , you already know that by default redis runs on single port 6379, which any one can use it for small website to cache the data. But for heavy website like magento we need to use additional ports along with 6379 to serve different cache from different ports. Like in Magento there is simple cache which is normally stored under /var/cache directory. Then there is Full Page Cache which is stored under /var/full_page_cache...