Saturday, 22 October 2016

Dirty COW exploit and Automatic Security Updates

The announcement this week of the Dirty COW (CVE-2016-5195), a privilege escalation vulnerability in the Linux Kernel reminded me to check my Ubuntu systems to ensure I had Automatic Security Updates activated.

This ancient bug has came to light now as, there is code in the wild using the vuneralbility that makes patching the Kernel a necessity. Systems that use the Linux OS need patching. This includes Android devices.

My home server and workstation already had Automatic Security Updates activated but, my Kodi Media Center did not.

I first wanted to check if I had been patched
zgrep -ie "\(CVE-2016-2108\|CVE-2016-2107\)" /usr/share/doc/libssl1.0.0/changelog.Debian.gz

Should respond
Debian
* Fix CVE-2016-2107
* Fix CVE-2016-2108

Ubuntu
- debian/patches/CVE-2016-2107.patch: check that there are enough
- CVE-2016-2107
- debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is
- debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
- CVE-2016-2108

If your Android device prompts you for a System Update, don't ignore it, run it.

Automatic Security Updates
To check if your Debian / Ubuntu system has Automatic Security Updates is installed, you can manually run it with verbose.
sudo apt-get update
sudo unattended-upgrades -v

If this gives an error then, it is not installed so execute
sudo dpkg-reconfigure --priority=low unattended-upgrades

Once installed, check that
cat /etc/apt/apt.conf.d/20auto-upgrades

This should result in
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

If not, edit the file and set APT::Periodic::Unattended-Upgrade to "1".

References:
https://dirtycow.ninja/
https://help.ubuntu.com/community/AutomaticSecurityUpdates

Saturday, 25 June 2016

Using sed to search and replace text in files within a directory

I needed to edit all files within a directory, replacing an ip address '10.0.7.52' with 'localhost'.

sed is a very powerful command line tool. All the help web pages look intimidating so, it took me a long time to appreciate and understand the basics of it.

The basic usage is:
sed [options] commands [file-to-edit]


I used:
sed -i -e 's/10\.0\.7\.52/localhost/g' *


-i option is used to edit in place on filename.

-e option indicates a command to run.

s is the command used to replace the found expression "10.0.7.52" with "localhost". The command and the two 'words' are separated by forward slashes.

g stands for "global", meaning to do this for the whole line. If you leave off the g and "10.0.7.52" appears twice on the same line, only the first "10.0.7.52" is changed to "localhost".

The backslashes are to escape the following character (the dot) otherwise, it would be interpreted as wildcard for a single character and not, as a dot in the ip address.

Finally, the asterisk states to run this on all files in the current directory.

Removing columns in a csv file

Sometimes I get supplied a large comma separated (.CSV) file from a client with erroneous data columns (fields) in it. Most people would say, open it in M$ Excel, highlight the columns you don't want and delete. What if the file is too large to open in M$ Excel? Well, Linux offers the awk command as the fastest solution.

For example, let's assume you have a comma delimited CSV file in your Home directory called myfile.csv and you want to display the first and third column

awk -F, '{OFS=",";print $1,$3}' < ~/myfile.csv

To actually strip out the first and third column from this file, to another file, you pipe the result.

awk -F, '{OFS=",";print $1,$3}' < ~/myfile.csv > ~/mynewfile.csv


You can select as many columns you would like to keep by, adding its column number, pre-pended with a dollar sign.

awk -F, '{OFS=",";print $1,$3,$4,$6}' < ~/myfile.csv > ~/mynewfile.csv


sfdisk: cannot open /dev/sdb read-write

I have Marius's excelent mdadm Cheat Sheet bookmarked (http://www.ducea.com/2009/03/08/mdadm-cheat-sheet/). Well, it is really a crib sheet. A great reference of mdadm, used to manage and monitor software RAID devices.

However, I had a problem with the following (on kubuntu) when trying to copy the partitions from a current drive (sda), to a new drive (sdb).

sfdisk -d /dev/sda | sfdisk /dev/sdb

/dev/sdb: Permission denied

sfdisk: cannot open /dev/sdb read-write


Simply add 'sudo' to both statements for this to work.

sudo sfdisk -d /dev/sda | sudo sfdisk /dev/sdb