Red Hat has released a new patch for OpenSSL which fixes some serious security vulnerabilities, particularly with SSL enabled websites. There’s currently an attack method that hackers are using on vulnerable systems called DROWN. You can read more about it here – https://drownattack.com/
I would suggest updating the OpenSSL package on your web servers, and disabling older and vulnerable SSL connection types (SSLv2 and SSLv3).
Recommended course of action:
• Update OpenSSL. Red Hat and CentOS 5 and 6 packages available as of March 1
• Check Apache, Nginx, and Postfix settings to ensure that SSLv2 and SSLv3 are disabled
Red Hat has released a very important patch for a new glibc vulnerability which affects all servers and services running on Red Hat or CentOS 6 and 7. This patch should be applied as soon as possible.
This patch is rated as “Critical”, which is the highest rating Red Hat gives. Here is Red Hat’s definition of a “Critical” rating – “This rating is given to flaws that could be easily exploited by a remote unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction.”
To properly patch, a full yum upgrade of each server is required along with a reboot.
I am also including a link to an email sent out by a CentOS lead developer which explains the severity of this vulnerability – https://lists.centos.org/pipermail/centos/2016-February/157859.html
Red Hat Security Advisory – https://rhn.redhat.com/errata/RHSA-2016-0175.html
CentOS 6.7 has been released! Read the Release Notes here.
“No Red Hat products are affected by the CVE-2015-1793 flaw. No actions need to be performed to fix or mitigate this issue in any way.” This would also include CentOS 4/5/6/7.
More info from Red Hat here.
When trying to install CentOS or Red Hat Linux, you may come upon this error message – “Disks sda, sdb contains BIOS RAID metadata, but are not part of any recognized BIOS RAID sets. Ignoring disks sda, sdb”. This may be due to an existing or previously existing RAID configuration typically found in on-board RAID and configured in the BIOS.
1. Restart your system.
2. Go into your BIOS Setup and make sure your SATA type is set to AHCI and not RAID.
3. Boot into CentOS or Red Hat “Rescue Mode” from your boot media.
4. Enter into the shell.
5. Type the following commands:
dmraid -r -E /dev/sda
dmraid -r -E /dev/sdb
Details on a serious bug in the Bash shell found on most Linux and Unix systems was made public today. Red Hat published a detailed article about the issue today.
To patch your Red Hat systems (RHEL, CentOS, Fedora, etc.) you can simply perform the follows commands:
yum clean all
yum upgrade bash
There is no requirement to restart any services or reboot any system.
RedHat has released an updated OpenSSL package to fix the Heartbleed bug in RedHat/CentOS 6.x systems. This bug does not affect RedHat/CentOS 5.x systems.
You can read about this release here.
First, you should clean Yum to ensure that you are receiving the latest updates
yum clean all
Install the new OpenSSL package
yum install openssl
You should see the following package being installed
You will want to make sure that all SSL-enabled services are restarted on your server. For example, Apache HTTP Server, Postfix.
You can check which services are using the the old OpenSSL libraries by running the following:
lsof -n | grep ssl | grep DEL
Research data on the Operation Windigo Linux Malware and how to detect and clean infected systems – http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
This will allow you to run a command for any user, including those that don’t have set shells. This is particularly useful for testing a command as the Apache user.
The syntax is as follows:
su -s $SHELL $USER -c “$COMMAND“
su -s /bin/sh apache -c "/usr/bin/php /var/www/html/myphpfile.php"