[월:] 2016년 03월

No Image

USN-2933-1: Exim vulnerabilities

2016-03-15 KENNETH 0

USN-2933-1: Exim vulnerabilities Ubuntu Security Notice USN-2933-1 15th March, 2016 exim4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Exim. Software description exim4 – Exim is a mail transport agent Details It was discovered that Exim incorrectly filtered environment variables whenused with the perl_startup configuration option. If the perl_startup optionwas enabled, a local attacker could use this issue to escalate theirprivileges to the root user. This issue has been fixed by having Exim cleanthe complete execution environment by default on startup, including anysubprocesses such as transports that call other programs. This change inbehaviour may break existing installations and can be adjusted by using twonew configuration options, keep_environment and add_environment.(CVE-2016-1531) Patrick William discovered that Exim incorrectly expanded mathematicalcomparisons twice. A local attacker [ more… ]

No Image

Announcing UDP Load Balancing in NGINX and NGINX Plus

2016-03-15 KENNETH 0

Announcing UDP Load Balancing in NGINX and NGINX Plus We are proud to announce the addition of an exciting new capability to open source NGINX and our application delivery platform, NGINX Plus – UDP load balancing. The new capability builds on our existing TCP and HTTP capabilities, making NGINX a powerful, easy-to-use, and consistent frontend for an even wider range of Internet applications and devices. We’re excited to extend the load balancing capabilities that power more than half of the world’s busiest applications to a new set of users building the Internet of Things (IoT). Why Add Support for UDP Load Balancing? Most Internet applications depend on HTTP for network communication. Advanced protocols like SOAP and REST are built on the foundation of HTTP, which can take advantage of a number of rich extensions – security using TLS, compression using Gzip, and most recently, performance [ more… ]

Dynamic Modules Development

2016-03-15 KENNETH 0

Dynamic Modules Development The following is adapted from a presentation given by Ruslan Ermilov at nginx.conf 2015, held in San Francisco in September. You can view the video of the talk on YouTube. Table of Contents 0:00 Introduction 2:39 Module Growth 3:22 Core Modules 4:30 Event Modules 4:58 HTTP, Stream and Mail Modules 5:47 More Modules 7:11 Static Modules 8:05 Fears and Excuses 9:57 The Demand for Dynamic Loading 11:12 Benefits of Dynamic Loading 12:12 Working Prototype 12:45 Building Dynamic Modules 13:15 Building Dynamic Modules – Example 14:04 Building Third Party Modules Dynamically 14:22 Loading Modules 15:36 Gory Details 17:29 More Gory Details 19:44 For Module Developers 21:05 Who is Involved 22:50 Questions and Answers 0:00 Introduction My name is Ruslan, but I don’t mind if you call me Ruslam. I’m a developer for NGINX. I’ve been with the company [ more… ]

No Image

FortiGate configure manage ip on CLI

2016-03-15 KENNETH 0

Using the CLI to configure Transparent mode Start a terminal emulation program (HyperTerminal) on the management computer. Use these settings: Baud Rate (bps) : 9600 Data bits : 8 Parity : None Stop bits : 1 Flow Control : None At the Login: prompt, type admin and press Enter twice (no password required). Change from NAT/Route mode to Transparent mode. Configure the Management config system settings set opmode transparent set manageip <mng_ip>/<netmask> set gateway <gateway_ip> end Configure the dns config system dns set primary <dns-server_ip> set secondary <dns-server_ip> end  

No Image

firewalld 기반의 접근제어 사용하기

2016-03-15 KENNETH 1

환경 OS : CentOS-7 전통적인 iptables 를 기반으로 하지만.. firewalld 라는 패키지로 관리함… 그냥 iptables 를 사용하던가.. firewall-cmd 를 사용하던가.. 편한대로 사용하면 됨   설정파일 설정 경로 : /etc/firewalld firewall-cmd를 이용해서 일반적인 설정을 하게 되면 /etc/firewalld/zones/public.xml 에 저장됨… 설치후 별다른 추가 설정을 하지 않았다면 firewall-cmd –get-default-zone 명령어를 실행 한 결과는 ”public”으로 출력될 것이다.   기본 사용법 환경 : 터미널 기반 명령어 : firewall-cmd   조건 : 20,22,80포트(TCP)를 허용 룰 추가 firewall-cmd –add-port=21/tcp firewall-cmd –add-port=22/tcp firewall-cmd –add-port=80/tcp 룰 삭제 firewall-cmd –remove-port=21/tcp firewall-cmd –remove-port=22/tcp firewall-cmd –remove-port=80/tcp   조건 : 8000 ~ 9000 까지의 포트(TCP)를 허용 firewall-cmd –add-port=8000-9000/tcp firewall-cmd –remove-port=8000-9000/tcp   조건 : 192.168.0.0/255.255.255.0 대역을 허용 firewall-cmd –add-source=192.168.0.0/24 firewall-cmd –remove-source=192.168.0.0/24   조건 : 192.168.3.100 아이피를 허용 firewall-cmd –add-source=192.168.3.100 firewall-cmd –remove-source=192.168.3.100   조건 : 192.168.5.100 아이피를 차단 firewall-cmd –add-rich-rule=’rule family=”ipv4″ source address=192.168.5.100 reject’ firewall-cmd –remove-rich-rule=’rule family=”ipv4″ source address=192.168.5.100 reject’ firewall-cmd –add-rich-rule=’rule family=”ipv4″ source address=192.168.5.100 [ more… ]