Category Archives: Uncategorized

Add default Gateway on different subnet FreeBSD / Linux

Hello

two days a go i got new VPS (FreeBSD 11) , the IP was  “213.202.XxX.XX.x/32” subnet and my GW i was given was in a different subnet “89.16X.XxX.1”.

So here is how to add 213.202.XxX.XX.x/32 and a different GW on your Linux / BSD host:

##first add your gateway with subnet , then add the default

## on FreeBSD :

#route add 89.16X.XxX.1/32 -iface em0 

#route add default 89.16X.XxX.1

## on Linux :

#route add 89.16X.XxX.1/32 dev eth0
#route add default gw 89.16X.XxX.1

Leap Second 2016 may cause Linux to freeze

Leap Second 2016 may cause Linux to freeze :

A leap second will again be inserted at the end of June 30, 2016 at 23:59:60 UTC. Previously, on 30 June, 2012 a leap second was added.

what is it ?

Leap seconds are a periodic one-second adjustment of Coordinated Universal Time(UTC) in order to keep a system’s time of day close to the mean solar time. However, the Earth’s rotation speed varies in response to climatic and geological events, and due to this, UTC leap seconds are irregularly spaced and unpredictable.

So this leap second can  cause your linux kernel deadlock or make database crash .

Just for your information , FreeBSD and Unix are safe as 23:59:60 does not exist in Unix’s implementation of UTC then the linux kernel inserts the leap second by stepping the system clock back by one second on the first clock update after 0:00 UTC

How to fix it :

This problem is solved by either applying Operating System (Linux) patches, resetting the date or rebooting the system. The resolution is dependent on your level of Linux and your environment. Please consult your Linux provider for details of the solution appropriate for your system.

who can i resolve it ?:

  1. Check the Linux kernel version. In theory only 2.6.22 and newer levels should be affected:
    All: uname -r
  2. Switch to root or log in as root at the console
  3. Check to see if NTP is running:
    RHEL: service ntpd status
    SLES: /etc/init.d/ntp status
  4. If NTP is running, disable it:
    RHEL: service ntpd stop
    SLES: /etc/init.d/ntp stop
  5. Set the system clock to the current time:
    All sntp -P no -r pool.ntp.org
    Or: ntpdate 0.us.pool.ntp.org
  6. If NTP was running, reenable it:
    RHEL: service ntpd start
    SLES: /etc/init.d/ntp start

By Hossein Mehrara

مشکل امنیتی کرنل لینوکس Copy-on-Write (COW) و نحوه رفع اشکال CVE-2016-5195

مشکل امنیتی کرنل لینوکس   Copy-on-Write (COW) و نحوه رفع اشکال

 

مشکل به اینصورت هست که کاربر عادی میتونه با این اکسپلوید و با استفاده از مپینگ سیستم  دسترسی مدیر ارشد پیداکنه :

CVE-2016-5195

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

آیا سیستم من مشکل دارد؟

کافیه این اسکریپت رئ اجرا کنید :

#vi  rh-cve-2016-5195_1.sh

now insert :

#!/bin/bash
# Version: 1.1

RED=”\033[1;31m”
YELLOW=”\033[1;33m”
GREEN=”\033[1;32m”
BOLD=”\033[1m”
RESET=”\033[0m”

SAFE_KERNEL=”SAFE_KERNEL”
SAFE_KPATCH=”SAFE_KPATCH”
MITIGATED=”MITIGATED”
VULNERABLE=”VULNERABLE”

MITIGATION_ON=’CVE-2016-5195 mitigation loaded’
MITIGATION_OFF=’CVE-2016-5195 mitigation unloaded’

VULNERABLE_VERSIONS=(
# RHEL5
“2.6.18-8.1.1.el5”
“2.6.18-8.1.3.el5”
“2.6.18-8.1.4.el5”
“2.6.18-8.1.6.el5”
“2.6.18-8.1.8.el5”
“2.6.18-8.1.10.el5”
“2.6.18-8.1.14.el5”
“2.6.18-8.1.15.el5”
“2.6.18-53.el5”
“2.6.18-53.1.4.el5”
“2.6.18-53.1.6.el5”
“2.6.18-53.1.13.el5”
“2.6.18-53.1.14.el5”
“2.6.18-53.1.19.el5”
“2.6.18-53.1.21.el5”
“2.6.18-92.el5”
“2.6.18-92.1.1.el5”
“2.6.18-92.1.6.el5”
“2.6.18-92.1.10.el5”
“2.6.18-92.1.13.el5”
“2.6.18-92.1.18.el5”
“2.6.18-92.1.22.el5”
“2.6.18-92.1.24.el5”
“2.6.18-92.1.26.el5”
“2.6.18-92.1.27.el5”
“2.6.18-92.1.28.el5”
“2.6.18-92.1.29.el5”
“2.6.18-92.1.32.el5”
“2.6.18-92.1.35.el5”
“2.6.18-92.1.38.el5”
“2.6.18-128.el5”
“2.6.18-128.1.1.el5”
“2.6.18-128.1.6.el5”
“2.6.18-128.1.10.el5”
“2.6.18-128.1.14.el5”
“2.6.18-128.1.16.el5”
“2.6.18-128.2.1.el5”
“2.6.18-128.4.1.el5”
“2.6.18-128.4.1.el5”
“2.6.18-128.7.1.el5”
“2.6.18-128.8.1.el5”
“2.6.18-128.11.1.el5”
“2.6.18-128.12.1.el5”
“2.6.18-128.14.1.el5”
“2.6.18-128.16.1.el5”
“2.6.18-128.17.1.el5”
“2.6.18-128.18.1.el5”
“2.6.18-128.23.1.el5”
“2.6.18-128.23.2.el5”
“2.6.18-128.25.1.el5”
“2.6.18-128.26.1.el5”
“2.6.18-128.27.1.el5”
“2.6.18-128.29.1.el5”
“2.6.18-128.30.1.el5”
“2.6.18-128.31.1.el5”
“2.6.18-128.32.1.el5”
“2.6.18-128.35.1.el5”
“2.6.18-128.36.1.el5”
“2.6.18-128.37.1.el5”
“2.6.18-128.38.1.el5”
“2.6.18-128.39.1.el5”
“2.6.18-128.40.1.el5”
“2.6.18-128.41.1.el5”
“2.6.18-164.el5”
“2.6.18-164.2.1.el5”
“2.6.18-164.6.1.el5”
“2.6.18-164.9.1.el5”
“2.6.18-164.10.1.el5”
“2.6.18-164.11.1.el5”
“2.6.18-164.15.1.el5”
“2.6.18-164.17.1.el5”
“2.6.18-164.19.1.el5”
“2.6.18-164.21.1.el5”
“2.6.18-164.25.1.el5”
“2.6.18-164.25.2.el5”
“2.6.18-164.28.1.el5”
“2.6.18-164.30.1.el5”
“2.6.18-164.32.1.el5”
“2.6.18-164.34.1.el5”
“2.6.18-164.36.1.el5”
“2.6.18-164.37.1.el5”
“2.6.18-164.38.1.el5”
“2.6.18-194.el5”
“2.6.18-194.3.1.el5”
“2.6.18-194.8.1.el5”
“2.6.18-194.11.1.el5”
“2.6.18-194.11.3.el5”
“2.6.18-194.11.4.el5”
“2.6.18-194.17.1.el5”
“2.6.18-194.17.4.el5”
“2.6.18-194.26.1.el5”
“2.6.18-194.32.1.el5”
“2.6.18-238.el5”
“2.6.18-238.1.1.el5”
“2.6.18-238.5.1.el5”
“2.6.18-238.9.1.el5”
“2.6.18-238.12.1.el5”
“2.6.18-238.19.1.el5”
“2.6.18-238.21.1.el5”
“2.6.18-238.27.1.el5”
“2.6.18-238.28.1.el5”
“2.6.18-238.31.1.el5”
“2.6.18-238.33.1.el5”
“2.6.18-238.35.1.el5”
“2.6.18-238.37.1.el5”
“2.6.18-238.39.1.el5”
“2.6.18-238.40.1.el5”
“2.6.18-238.44.1.el5”
“2.6.18-238.45.1.el5”
“2.6.18-238.47.1.el5”
“2.6.18-238.48.1.el5”
“2.6.18-238.49.1.el5”
“2.6.18-238.50.1.el5”
“2.6.18-238.51.1.el5”
“2.6.18-238.52.1.el5”
“2.6.18-238.53.1.el5”
“2.6.18-238.54.1.el5”
“2.6.18-238.55.1.el5”
“2.6.18-238.56.1.el5”
“2.6.18-274.el5”
“2.6.18-274.3.1.el5”
“2.6.18-274.7.1.el5”
“2.6.18-274.12.1.el5”
“2.6.18-274.17.1.el5”
“2.6.18-274.18.1.el5”
“2.6.18-308.el5”
“2.6.18-308.1.1.el5”
“2.6.18-308.4.1.el5”
“2.6.18-308.8.1.el5”
“2.6.18-308.8.2.el5”
“2.6.18-308.11.1.el5”
“2.6.18-308.13.1.el5”
“2.6.18-308.16.1.el5”
“2.6.18-308.20.1.el5”
“2.6.18-308.24.1.el5”
“2.6.18-348.el5”
“2.6.18-348.1.1.el5”
“2.6.18-348.2.1.el5”
“2.6.18-348.3.1.el5”
“2.6.18-348.4.1.el5”
“2.6.18-348.6.1.el5”
“2.6.18-348.12.1.el5”
“2.6.18-348.16.1.el5”
“2.6.18-348.18.1.el5”
“2.6.18-348.19.1.el5”
“2.6.18-348.21.1.el5”
“2.6.18-348.22.1.el5”
“2.6.18-348.23.1.el5”
“2.6.18-348.25.1.el5”
“2.6.18-348.27.1.el5”
“2.6.18-348.28.1.el5”
“2.6.18-348.29.1.el5”
“2.6.18-348.30.1.el5”
“2.6.18-348.31.2.el5”
“2.6.18-371.el5”
“2.6.18-371.1.2.el5”
“2.6.18-371.3.1.el5”
“2.6.18-371.4.1.el5”
“2.6.18-371.6.1.el5”
“2.6.18-371.8.1.el5”
“2.6.18-371.9.1.el5”
“2.6.18-371.11.1.el5”
“2.6.18-371.12.1.el5”
“2.6.18-398.el5”
“2.6.18-400.el5”
“2.6.18-400.1.1.el5”
“2.6.18-402.el5”
“2.6.18-404.el5”
“2.6.18-406.el5”
“2.6.18-407.el5”
“2.6.18-408.el5”
“2.6.18-409.el5”
“2.6.18-410.el5”
“2.6.18-411.el5”
“2.6.18-412.el5”

# RHEL6
“2.6.32-71.7.1.el6”
“2.6.32-71.14.1.el6”
“2.6.32-71.18.1.el6”
“2.6.32-71.18.2.el6”
“2.6.32-71.24.1.el6”
“2.6.32-71.29.1.el6”
“2.6.32-71.31.1.el6”
“2.6.32-71.34.1.el6”
“2.6.32-71.35.1.el6”
“2.6.32-71.36.1.el6”
“2.6.32-71.37.1.el6”
“2.6.32-71.38.1.el6”
“2.6.32-71.39.1.el6”
“2.6.32-71.40.1.el6”
“2.6.32-131.0.15.el6”
“2.6.32-131.2.1.el6”
“2.6.32-131.4.1.el6”
“2.6.32-131.6.1.el6”
“2.6.32-131.12.1.el6”
“2.6.32-131.17.1.el6”
“2.6.32-131.21.1.el6”
“2.6.32-131.22.1.el6”
“2.6.32-131.25.1.el6”
“2.6.32-131.26.1.el6”
“2.6.32-131.28.1.el6”
“2.6.32-131.29.1.el6”
“2.6.32-131.30.1.el6”
“2.6.32-131.30.2.el6”
“2.6.32-131.33.1.el6”
“2.6.32-131.35.1.el6”
“2.6.32-131.36.1.el6”
“2.6.32-131.37.1.el6”
“2.6.32-131.38.1.el6”
“2.6.32-131.39.1.el6”
“2.6.32-220.el6”
“2.6.32-220.2.1.el6”
“2.6.32-220.4.1.el6”
“2.6.32-220.4.2.el6”
“2.6.32-220.4.7.bgq.el6”
“2.6.32-220.7.1.el6”
“2.6.32-220.7.3.p7ih.el6”
“2.6.32-220.7.4.p7ih.el6”
“2.6.32-220.7.6.p7ih.el6”
“2.6.32-220.7.7.p7ih.el6”
“2.6.32-220.13.1.el6”
“2.6.32-220.17.1.el6”
“2.6.32-220.23.1.el6”
“2.6.32-220.24.1.el6”
“2.6.32-220.25.1.el6”
“2.6.32-220.26.1.el6”
“2.6.32-220.28.1.el6”
“2.6.32-220.30.1.el6”
“2.6.32-220.31.1.el6”
“2.6.32-220.32.1.el6”
“2.6.32-220.34.1.el6”
“2.6.32-220.34.2.el6”
“2.6.32-220.38.1.el6”
“2.6.32-220.39.1.el6”
“2.6.32-220.41.1.el6”
“2.6.32-220.42.1.el6”
“2.6.32-220.45.1.el6”
“2.6.32-220.46.1.el6”
“2.6.32-220.48.1.el6”
“2.6.32-220.51.1.el6”
“2.6.32-220.52.1.el6”
“2.6.32-220.53.1.el6”
“2.6.32-220.54.1.el6”
“2.6.32-220.55.1.el6”
“2.6.32-220.56.1.el6”
“2.6.32-220.57.1.el6”
“2.6.32-220.58.1.el6”
“2.6.32-220.60.2.el6”
“2.6.32-220.62.1.el6”
“2.6.32-220.63.2.el6”
“2.6.32-220.64.1.el6”
“2.6.32-220.65.1.el6”
“2.6.32-220.66.1.el6”
“2.6.32-220.67.1.el6”
“2.6.32-279.el6”
“2.6.32-279.1.1.el6”
“2.6.32-279.2.1.el6”
“2.6.32-279.5.1.el6”
“2.6.32-279.5.2.el6”
“2.6.32-279.9.1.el6”
“2.6.32-279.11.1.el6”
“2.6.32-279.14.1.bgq.el6”
“2.6.32-279.14.1.el6”
“2.6.32-279.19.1.el6”
“2.6.32-279.22.1.el6”
“2.6.32-279.23.1.el6”
“2.6.32-279.25.1.el6”
“2.6.32-279.25.2.el6”
“2.6.32-279.31.1.el6”
“2.6.32-279.33.1.el6”
“2.6.32-279.34.1.el6”
“2.6.32-279.37.2.el6”
“2.6.32-279.39.1.el6”
“2.6.32-279.41.1.el6”
“2.6.32-279.42.1.el6”
“2.6.32-279.43.1.el6”
“2.6.32-279.43.2.el6”
“2.6.32-279.46.1.el6”
“2.6.32-358.el6”
“2.6.32-358.0.1.el6”
“2.6.32-358.2.1.el6”
“2.6.32-358.6.1.el6”
“2.6.32-358.6.2.el6”
“2.6.32-358.6.3.p7ih.el6”
“2.6.32-358.11.1.bgq.el6”
“2.6.32-358.11.1.el6”
“2.6.32-358.14.1.el6”
“2.6.32-358.18.1.el6”
“2.6.32-358.23.2.el6”
“2.6.32-358.28.1.el6”
“2.6.32-358.32.3.el6”
“2.6.32-358.37.1.el6”
“2.6.32-358.41.1.el6”
“2.6.32-358.44.1.el6”
“2.6.32-358.46.1.el6”
“2.6.32-358.46.2.el6”
“2.6.32-358.48.1.el6”
“2.6.32-358.49.1.el6”
“2.6.32-358.51.1.el6”
“2.6.32-358.51.2.el6”
“2.6.32-358.55.1.el6”
“2.6.32-358.56.1.el6”
“2.6.32-358.59.1.el6”
“2.6.32-358.61.1.el6”
“2.6.32-358.62.1.el6”
“2.6.32-358.65.1.el6”
“2.6.32-358.67.1.el6”
“2.6.32-358.68.1.el6”
“2.6.32-358.69.1.el6”
“2.6.32-358.70.1.el6”
“2.6.32-358.71.1.el6”
“2.6.32-358.72.1.el6”
“2.6.32-358.73.1.el6”
“2.6.32-358.111.1.openstack.el6”
“2.6.32-358.114.1.openstack.el6”
“2.6.32-358.118.1.openstack.el6”
“2.6.32-358.123.4.openstack.el6”
“2.6.32-431.el6”
“2.6.32-431.1.1.bgq.el6”
“2.6.32-431.1.2.el6”
“2.6.32-431.3.1.el6”
“2.6.32-431.5.1.el6”
“2.6.32-431.11.2.el6”
“2.6.32-431.17.1.el6”
“2.6.32-431.20.3.el6”
“2.6.32-431.20.5.el6”
“2.6.32-431.23.3.el6”
“2.6.32-431.29.2.el6”
“2.6.32-431.37.1.el6”
“2.6.32-431.40.1.el6”
“2.6.32-431.40.2.el6”
“2.6.32-431.46.2.el6”
“2.6.32-431.50.1.el6”
“2.6.32-431.53.2.el6”
“2.6.32-431.56.1.el6”
“2.6.32-431.59.1.el6”
“2.6.32-431.61.2.el6”
“2.6.32-431.64.1.el6”
“2.6.32-431.66.1.el6”
“2.6.32-431.68.1.el6”
“2.6.32-431.69.1.el6”
“2.6.32-431.70.1.el6”
“2.6.32-431.71.1.el6”
“2.6.32-431.72.1.el6”
“2.6.32-431.73.2.el6”
“2.6.32-431.74.1.el6”
“2.6.32-504.el6”
“2.6.32-504.1.3.el6”
“2.6.32-504.3.3.el6”
“2.6.32-504.8.1.el6”
“2.6.32-504.8.2.bgq.el6”
“2.6.32-504.12.2.el6”
“2.6.32-504.16.2.el6”
“2.6.32-504.23.4.el6”
“2.6.32-504.30.3.el6”
“2.6.32-504.30.5.p7ih.el6”
“2.6.32-504.33.2.el6”
“2.6.32-504.36.1.el6”
“2.6.32-504.38.1.el6”
“2.6.32-504.40.1.el6”
“2.6.32-504.43.1.el6”
“2.6.32-504.46.1.el6”
“2.6.32-504.49.1.el6”
“2.6.32-504.50.1.el6”
“2.6.32-504.51.1.el6”
“2.6.32-504.52.1.el6”
“2.6.32-573.el6”
“2.6.32-573.1.1.el6”
“2.6.32-573.3.1.el6”
“2.6.32-573.4.2.bgq.el6”
“2.6.32-573.7.1.el6”
“2.6.32-573.8.1.el6”
“2.6.32-573.12.1.el6”
“2.6.32-573.18.1.el6”
“2.6.32-573.22.1.el6”
“2.6.32-573.26.1.el6”
“2.6.32-573.30.1.el6”
“2.6.32-573.32.1.el6”
“2.6.32-573.34.1.el6”
“2.6.32-642.el6”
“2.6.32-642.1.1.el6”
“2.6.32-642.3.1.el6”
“2.6.32-642.4.2.el6”
“2.6.32-642.6.1.el6”

# RHEL7
“3.10.0-123.el7”
“3.10.0-123.1.2.el7”
“3.10.0-123.4.2.el7”
“3.10.0-123.4.4.el7”
“3.10.0-123.6.3.el7”
“3.10.0-123.8.1.el7”
“3.10.0-123.9.2.el7”
“3.10.0-123.9.3.el7”
“3.10.0-123.13.1.el7”
“3.10.0-123.13.2.el7”
“3.10.0-123.20.1.el7”
“3.10.0-229.el7”
“3.10.0-229.1.2.el7”
“3.10.0-229.4.2.el7”
“3.10.0-229.7.2.el7”
“3.10.0-229.11.1.el7”
“3.10.0-229.14.1.el7”
“3.10.0-229.20.1.el7”
“2.10.0-229.24.2.el7”
“2.10.0-229.26.2.el7”
“2.10.0-229.28.1.el7”
“2.10.0-229.30.1.el7”
“2.10.0-229.34.1.el7”
“2.10.0-229.38.1.el7”
“2.10.0-229.40.1.el7”
“2.10.0-229.42.1.el7”
“3.10.0-327.el7”
“3.10.0-327.3.1.el7”
“3.10.0-327.4.4.el7”
“3.10.0-327.4.5.el7”
“3.10.0-327.10.1.el7”
“3.10.0-327.13.1.el7”
“3.10.0-327.18.2.el7”
“3.10.0-327.22.2.el7”
“3.10.0-327.28.2.el7”
“3.10.0-327.28.3.el7”
“3.10.0-327.36.1.el7”
“3.10.0-327.36.2.el7”
“3.10.0-229.1.2.ael7b”
“3.10.0-229.4.2.ael7b”
“3.10.0-229.7.2.ael7b”
“3.10.0-229.11.1.ael7b”
“3.10.0-229.14.1.ael7b”
“3.10.0-229.20.1.ael7b”
“3.10.0-229.24.2.ael7b”
“3.10.0-229.26.2.ael7b”
“3.10.0-229.28.1.ael7b”
“3.10.0-229.30.1.ael7b”
“3.10.0-229.34.1.ael7b”
“3.10.0-229.38.1.ael7b”
“3.10.0-229.40.1.ael7b”
“3.10.0-229.42.1.ael7b”
“4.2.0-0.21.el7”

# RHEL5
“2.6.24.7-74.el5rt”
“2.6.24.7-81.el5rt”
“2.6.24.7-93.el5rt”
“2.6.24.7-101.el5rt”
“2.6.24.7-108.el5rt”
“2.6.24.7-111.el5rt”
“2.6.24.7-117.el5rt”
“2.6.24.7-126.el5rt”
“2.6.24.7-132.el5rt”
“2.6.24.7-137.el5rt”
“2.6.24.7-139.el5rt”
“2.6.24.7-146.el5rt”
“2.6.24.7-149.el5rt”
“2.6.24.7-161.el5rt”
“2.6.24.7-169.el5rt”
“2.6.33.7-rt29.45.el5rt”
“2.6.33.7-rt29.47.el5rt”
“2.6.33.7-rt29.55.el5rt”
“2.6.33.9-rt31.64.el5rt”
“2.6.33.9-rt31.67.el5rt”
“2.6.33.9-rt31.86.el5rt”

# RHEL6
“2.6.33.9-rt31.66.el6rt”
“2.6.33.9-rt31.74.el6rt”
“2.6.33.9-rt31.75.el6rt”
“2.6.33.9-rt31.79.el6rt”
“3.0.9-rt26.45.el6rt”
“3.0.9-rt26.46.el6rt”
“3.0.18-rt34.53.el6rt”
“3.0.25-rt44.57.el6rt”
“3.0.30-rt50.62.el6rt”
“3.0.36-rt57.66.el6rt”
“3.2.23-rt37.56.el6rt”
“3.2.33-rt50.66.el6rt”
“3.6.11-rt28.20.el6rt”
“3.6.11-rt30.25.el6rt”
“3.6.11.2-rt33.39.el6rt”
“3.6.11.5-rt37.55.el6rt”
“3.8.13-rt14.20.el6rt”
“3.8.13-rt14.25.el6rt”
“3.8.13-rt27.33.el6rt”
“3.8.13-rt27.34.el6rt”
“3.8.13-rt27.40.el6rt”
“2.10.0-229.rt56.144.el6rt”
“2.10.0-229.rt56.147.el6rt”
“2.10.0-229.rt56.149.el6rt”
“2.10.0-229.rt56.151.el6rt”
“2.10.0-229.rt56.153.el6rt”
“2.10.0-229.rt56.158.el6rt”
“2.10.0-229.rt56.161.el6rt”
“2.10.0-229.rt56.162.el6rt”
“2.10.0-327.rt56.170.el6rt”
“2.10.0-327.rt56.171.el6rt”
“2.10.0-327.rt56.176.el6rt”
“2.10.0-327.rt56.183.el6rt”
“2.10.0-327.rt56.190.el6rt”
“2.10.0-327.rt56.194.el6rt”
“2.10.0-327.rt56.195.el6rt”
“2.10.0-327.rt56.197.el6rt”
“3.10.33-rt32.33.el6rt”
“3.10.33-rt32.34.el6rt”
“3.10.33-rt32.43.el6rt”
“3.10.33-rt32.45.el6rt”
“3.10.33-rt32.51.el6rt”
“3.10.33-rt32.52.el6rt”
“3.10.58-rt62.58.el6rt”
“3.10.58-rt62.60.el6rt”

# RHEL7
“3.10.0-229.rt56.141.el7”
“3.10.0-229.1.2.rt56.141.2.el7_1”
“3.10.0-229.4.2.rt56.141.6.el7_1”
“3.10.0-229.7.2.rt56.141.6.el7_1”
“3.10.0-229.11.1.rt56.141.11.el7_1”
“3.10.0-229.14.1.rt56.141.13.el7_1”
“3.10.0-229.20.1.rt56.141.14.el7_1”
“3.10.0-229.rt56.141.el7”
“3.10.0-327.rt56.204.el7”
“3.10.0-327.4.5.rt56.206.el7_2”
“3.10.0-327.10.1.rt56.211.el7_2”
“3.10.0-327.13.1.rt56.216.el7_2”
“3.10.0-327.18.2.rt56.223.el7_2”
“3.10.0-327.22.2.rt56.230.el7_2”
“3.10.0-327.28.2.rt56.234.el7_2”
“3.10.0-327.28.3.rt56.235.el7”
“3.10.0-327.36.1.rt56.237.el7”
)

KPATCH_MODULE_NAMES=(
“kpatch_3_10_0_327_36_1_1_1”
“kpatch_3_10_0_327_36_2_1_1”
)

running_kernel=$( uname -r )

# Check supported platform
if [[ “$running_kernel” != *”.el”[5-7]* ]]; then
echo -e “${RED}This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.${RESET}”
exit 4
fi

# Check kernel if it is vulnerable
for tested_kernel in “${VULNERABLE_VERSIONS[@]}”; do
if [[ “$running_kernel” == *”$tested_kernel”* ]]; then
vulnerable_kernel=${running_kernel}
break
fi
done

# Check if kpatch is installed
modules=$( lsmod )
for tested_kpatch in “${KPATCH_MODULE_NAMES[@]}”; do
if [[ “$modules” == *”$tested_kpatch”* ]]; then
applied_kpatch=${tested_kpatch}
break
fi
done

# Check mitigation
mitigated=0
while read -r line; do
if [[ “$line” == *”$MITIGATION_ON”* ]]; then
mitigated=1
elif [[ “$line” == *”$MITIGATION_OFF”* ]]; then
mitigated=0
fi
done < <( dmesg )

# Result interpretation
result=${VULNERABLE}
if (( mitigated )); then
result=${MITIGATED}
fi
if [[ ! “$vulnerable_kernel” ]]; then
result=${SAFE_KERNEL}
elif [[ “$applied_kpatch” ]]; then
result=${SAFE_KPATCH}
fi

# Print result
if [[ ${result} == “$SAFE_KERNEL” ]]; then
echo -e “${GREEN}Your kernel is ${RESET}$running_kernel${GREEN} which is NOT vulnerable.${RESET}”
exit 0
elif [[ ${result} == “$SAFE_KPATCH” ]]; then
echo -e “Your kernel is $running_kernel which is normally vulnerable.”
echo -e “${GREEN}However, you have kpatch ${RESET}$applied_kpatch${GREEN} applied, which fixes the vulnerability.${RESET}”
exit 1
elif [[ ${result} == “$MITIGATED” ]]; then
echo -e “${YELLOW}Your kernel is ${RESET}$running_kernel${YELLOW} which IS vulnerable.${RESET}”
echo -e “${YELLOW}You have a partial mitigation applied.${RESET}”
echo -e “This mitigation protects against most common attack vectors which are already exploited in the wild,”
echo -e “but does not protect against all possible attack vectors.”
echo -e “Red Hat recommends that you update your kernel as soon as possible.”
exit 2
else
echo -e “${RED}Your kernel is ${RESET}$running_kernel${RED} which IS vulnerable.${RESET}”
echo -e “Red Hat recommends that you update your kernel. Alternatively, you can apply partial”
echo -e “mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .”
exit 3
fi

 

[hossein@me ~]$ bash cow.sh
Your kernel is 2.6.32-642.6.1.el6.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

 

 

 

نمایش کارت شبکه و لینک ها (اتصال و عدم اتصال) در سولاریس Solaris

 

نمایش کارت شبکه و لینک ها (اتصال و عدم اتصال) در سولاریس   Solaris

 
برای اینکار از دستور dladm استفاده میکنیم

#dladm

 
برای دیدن وصل بودن لینک و آپ و دان بودن کارت شبکه از :

# dladm show-dev

nxge0 link: down speed: 0 Mbps duplex: unknown

nxge1 link: down speed: 0 Mbps duplex: unknown

nxge2 link: up speed: 1000 Mbps duplex: full

nxge3 link: up speed: 1000 Mbps duplex: full

 

و برای نمایش حالتشون:

 

 

# dladm show-link

nxge0 type: non-vlan mtu: 1500 device: nxge0

nxge1 type: non-vlan mtu: 1500 device: nxge1

nxge2 type: non-vlan mtu: 1500 device: nxge2

nxge3 type: non-vlan mtu: 1500 device: nxge

 

 

 

Fix Network Card Naming issue “__tmpxxxx” in Linux (Redhat)

  • Fix Network Card Naming issue “__tmpxxxx” in Linux (Redhat)

After inserting some of the network interface cards (NIC) in HP servers (DL 380 G8 in my case) hosting Linux, they are shown and named as  ‘__tmpxxxx’ instead of “ ethX” .

Ethernet interface keeps changing into c even after two more reboot of the server.

 

Solution:

First we need to get their MAC:

  • ifconfig –a |grep HW

 

__tmp1428126851 Link encap:Ethernet  HWaddr 1C:C1:DE:72:4D:53
__tmp1516900339 Link encap:Ethernet  HWaddr 1C:C1:DE:72:4D:52
__tmp1854964292 Link encap:Ethernet  HWaddr 78:E7:D1:FB:B1:2F
__tmp1950613216 Link encap:Ethernet  HWaddr 78:E7:D1:FB:B1:2E
bond0     Link encap:Ethernet  HWaddr 1C:C1:DE:72:4D:50
eth0      Link encap:Ethernet  HWaddr 1C:C1:DE:72:4D:50
eth1      Link encap:Ethernet  HWaddr 68:B5:99:B4:9F:E8

  • (to find driver type) ethtool -i eth2

driver: bnx2

version: 2.0.23b

firmware-version: bc 1.9.6

bus-info: 0000:09:00.0

  • add alias “eth2” and driver type “bnx2” in conf

cat /etc/modprobe.conf

alias eth2 bnx2

 

  • (add HWADDR = xxxxxx  to config files)

vi /etc/sysconfig/network-scripts/ifcfg-eth2

DEVICE=eth2

BOOTPROTO=none

HWADDR= 1C:C1:DE:72:4D:53

.

.

 

 

  • (reboot the server) init 6

Please note to check bond config file

 

  • ifconfig | grep “eth”

 

eth0

eth1

eth2

 

Solution by : Hossein Mehrara

IP Forwarding in Solaris 10 without reboot

برای فعال / غیرفعال کردن آی پی فوراردینگ :

# routeadm -e ipv4-forwarding
-e = enable

# routeadm -d ipv4-forwarding
-d = disable

حالا واسه اینکه کامندمون اوکی شه باید یه کامند دیگه هم بزنیم

# routeadm –u

خوب حله . اوه راستی اگه بخواییدرو یه کارت شبکه خاص اینکار رو بکنید:

#ifconfig ce0 router

اگه بخواهید غیر فعال شه یه “- ” بزارید :

# ifconfig ce0 –router

حسین مهرآرا