Linux Blimp

Chromium is an open source and portable web browser application that provides users with some of the latest and greatest web technologies and functionality. It is the project on which the well-known Google Chrome software is based on. It is a platform-independent application that has been successfully tested under Linux, Mac OS X and Microsoft Windows operating systems.

An open-source version of Google Chrome

By default, it runs on both 32-bit and 64-bit architectures, but it’s not distributed as binary packages like Google Chrome. Because of this, it is not so popular among novice users who tend to download and install the Google Chrome web browser instead. The truth is, that except for Google’s brand, click-through licensing terms, auto-update mechanism, usage-tracking, and bundling of the Adobe Flash Player plugin, they are the same application.

Google Chome is based on Chromium

It is also a known fact that most new computers users never heard of Chromium, not to mention the fact that Google Chrome, which they use and love so much, is based on this open source and actively developed project. Because of this, we want to remind everyone who wants to have the latest features and new functionality implemented in their Google Chrome web browser, that they should use Chromium instead.

Offers Google Chrome’s default functionality

Because we have already reviewed the Google Chrome web browser, we can’t describe here all the features of the Chromium application, as it provides almost the same functionality. For example, users will be able to search Google directly from the address bar, browser the web incognito, and access their most visited websites from the new tab page.

We recommend to use Mozilla Firefox

Just like Google Chrome, the Chromium web browser includes the sync service for backing up all of your passwords, bookmarks, browsing history, web apps, add-ons, themes, opened tabs and autofill data across multiple devices. Unfortunately, being exactly like the Google Chrome browser, Chromium also proved to be a poor product for our web needs, and we feel obliged to recommend Mozilla Firefox instead.

Source

Published: October 29, 2018

Source

Over the last few years the way you moved applications from your data center to the cloud was lift-and-shift, refactor, or migrate to containers. The latter has gotten a kick in the pants as cloud-native techniques such as serverless computing and microservices have joined forces with containers.

Still unsure what I’m talking about? Chris Aniszczyk, executive director of the Open Container Initiative (OCI) and the Cloud Native Computing Foundation (CNCF), explained: “Cloud-native computing uses an open-source software stack to deploy applications as microservices, [each part packaged] into its own container, and dynamically orchestrate those containers to optimize resource utilization.”

You can find proof this methodology is taking off in the latest CNCF survey. This survey of primarily enterprise or DevOps professionals found that “production usage of CNCF projects has grown more than 200 percent on average since December 2017, and evaluation has jumped 372 percent.”

Source

mod_auth_token is a apache module that can be used to sign URLs, using this it can create time based urls that expire after a certain amount of time. It will prevent hot linking as the URLs will expire. This is particularly useful with video and image sharing.

To get started you will need to have an Apache installation already present. If you need to set this up please set Compile Apache 2.4 From Source.

Install mod_auth_token:

First ssh into the server and get the required packages:

cd /usr/src; wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/mod-auth-token/mod_auth_token-1.0.5.tar.gz

Un-compress the archive:

tar xfvz mod_auth_token-1.0.5.tar.gz

Go into the directory

cd mod_auth_token-1.0.5

Configure it:

./buildconf && ./configure

Install It:

make && make install

Restart Apache to make sure it loads without a error:

service httpd restart

Make sure the module is loaded:

# httpd -M 2>&1|grep auth_token
auth_token_module (shared)

You should see auth_token_module in the results

Configure Apache for mod_auth_token

You will need to edit the apache configuration and add the following to the domain you want protected by mod_auth_token:

<Location /download/>
# Secret key, can be anything random
AuthTokenSecret “randomstring”
# directory to protect
AuthTokenPrefix /protected/
# Timeout length, this is in seconds
AuthTokenTimeout 300
# limit requsts by IP
AuthTokenLimitByIp off
</Location>

Restart Apache again:

service httpd restart

To test that it is working create a php file to generate a URL

<?PHP

$secret = “randomstring”; // AuthTokenSecret
$directory = “/[protected/”; // AuthTokenPrefix
$hexTime = dechex(time()); // Time in Hexadecimal
$url = “http://www.example.com”; // Replace this with the domain
$filename = “/$filename”; // Filename

$token = md5($secret . $filename. $hexTime);

$url = $domainname . $protectedPath . $token. “/” . $hexTime . $filename;
print $url;

?>

Go ahead and run that php script and it will output the URL, if you are able to access it. The module is working correctly. You can read more about mod_auth_token on code.google.com

Source

Last updated October 23, 2018

If you’ve been waiting for a stable (and longterm) Kernel release now, Kernel 4.19 is here. As mentioned on the Linux Kernel’s mailing list webpage, it is not a big Kernel release – but it is meant to be a longterm release. Which means that this release will be supported for a few years at least.

Probably you are aware of the changes in the Linux Code of Conduct and Linus Torvalds taking a break to work on his behavior towards other developers. We have some good news about it along with the new Kernel release as well.

Greg KH, who was handling the kernel maintenance indicated that Linus Torvalds is coming back to lead the Linux Kernel:

“And with that, Linus, I’m handing the kernel tree back to you. You can
have the joy of dealing with the merge window :)”

What Kernel 4.19 is all about?

He also mentioned about the Linux Kernel 4.19 changes as an overview of what it actually is:

“While it was not the largest kernel release every by number of commits, it was larger than the last 3 releases, which is a non-trivial thing to do. After the original -rc1 bumps, things settled down on the code side and it looks like stuff came nicely together to make a solid kernel for everyone to use for a while. And given that this is going to be one of the “Long Term” kernels I end up maintaining for a few years, that’s good news for everyone.

A small trickle of good bugfixes came in this week, showing that waiting an extra week was a wise choice. However odds are that linux-next is just bursting so the next -rc1 merge window is going to be bigger than “normal“, if there is such a thing as “normal” for our rate of development.”

Let’s list the major new features in this new release:

• Alternate mode driver for USB Type-C/DisplayPort Type-C support
• Support for Nintendo guitar and drum accessories
• Better support for Intel’s Low Power Subsystem (LPSS)
• Plenty of 64-bit ARM improvements
• Support for Qualcomm Adreno 600 series hardware
• Initial support for Intel Icelake graphics
• DRM improvements
• Improved power management
• Touchscreen improvement
• Initial support for the 802.11ax WLAN
• Various Filesystem improvements

For the complete changelog details, you should check out OMG Ubuntu or the official announcement.

Greg on the recent issues in the Linux community over the ‘Code of Conduct’

Greg also utilized the opportunity of this Kernel release to shed some light on the recent issue on Linux code of conduct – by explaining how we can improve the community:

“These past few months has been a tough one for our community, as it is our community that is fighting from within itself, with prodding from others outside of it. Don’t fall into the cycle of arguing about those “others” in the “Judean People’s Front” when we are the “We’re the People’s Front of Judea!” That is the trap that countless communities have fallen into over the centuries. We all share the same goal, let us neverloose sight of that.

So here is my plea to everyone out there. Let’s take a day or two off, rest, relax with friends by sharing a meal, recharge, and then get back to work, to help continue to create a system that the world has never seen the likes of, together.”

What do you think about the latest Linux Kernel release?

Source

ModSecurity is an open source monitoring system for web applications. It has powerful rule sets that allow you to protect applications from attacks. View the project for more details. It provides a ton of features such as:

More than 16,000 specific rules, broken out into the following attack categories:
* SQL injection
* Cross-site Scripting (XSS)
* Local File Include
* Remote File Include

User option for application specific rules, covering the same vulnerability classes for applications such as:
* WordPress
* cPanel
* osCommerce
* Joomla

Install ModSecurity

To get started you will need to have Apache installed. If you do not yet, please see Compile Apache 2.4 From Source

Install the required dependencies:

yum install -y libxml libxml-devel

Get the software package:

cd /usr/src; wget https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.1/modsecurity-2.9.1.tar.gz

Un-compress the archive:

tar xfvz modsecurity-2.9.1.tar.gz

Go in to the directory:

cd modsecurity-2.9.1

Configure it:

./configureInstall:make && make install

You will need to edit /etc/httpd/conf/httpd.conf and load the module:

LoadModule security2_module lib/apache/mod_security2.so

For each domain you want to enable it for add the following:

SecEngine On

Restart Apache to load it:

service httpd restart

Verify it is loading in Apache:

httpd -M 2>&1|grep security

You should see the following returned:

security2_module (shared)

Configure ModSecurity

Get a starting ruleset. View the github project for more details.

Download the ruleset:

cd /usr/src;wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.0.0.tar.gz

Un-compress the archive:

tar xfvz v3.0.0.tar.gz

Make a configuration directory

mkdir /etc/httpd/conf/modsecurity.d

Enter the directory:

cd owasp-modsecurity-crs-3.0.0

Move the rules directory into place:

mv rules/ /etc/httpd/conf/modsecurity.d

Move and rename the main configuration:

mv crs-setup.conf.example /etc/httpd/conf/modsecurity.d/crs-setup.conf

Review crs-setup.conf and remove comments for any applicable lines.

Edit /etc/httpd/conf/httpd.conf once again and add the following:

<IfModule security2_module>
Include /etc/httpd/conf/modsecurity.d/crs-setup.conf
Include /etc/httpd/conf/modsecurity.d/rules/*.conf
</IfModule>

Restart Apache once more to load the base configuration. That is it for the base installation. There are numerous ways you can configure it to protect your server from web based attacks and proactively monitor your server.

May 4, 2017LinuxAdmin.io

Source

An “incorrect command-line parameter validation” vulnerability in X.Org server makes it possible to escalate privileges as well as overwrite files. The problem affects Linux and BSD distributions using the open source X Window System implementation.

The vulnerability has been present for a couple of years, but has been brought to light by security researcher Narendra Shinde. Unpatched system can be exploited by non-root users if X server is running with elevated privileges.

See also:

• Linux-friendly company System76 shares more open source Thelio computer details
• System76 releases Ubuntu-based Pop!_OS 18.10 Linux distribution
• Linus Torvalds is back in charge as Linux kernel 4.19 is released

A security advisory posted to the X.Org mailing list explains that: “Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is running with elevated privileges (ie when Xorg is installed with the setuid bit set and started by a non-root user)”.

The vulnerability has been assigned CVE-2018-14665, and Bleeping Computer — saying it is “trivial to exploit” — explains how it works:

Privilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the X.org server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option.

Although the exploit is not a major security issue in itself, in combination with other exploits it could prove highly problematic. The X.Org mailing list post says:

The commit https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7 which first appeared in xorg-server 1.19.0 introduced a regression in the security checks performed for potentially dangerous options, enabling the vulnerabilities listed above.

Overwriting /etc/shadow with -logfile can also lead to privilege elevation since it’s possible to control some part of the written log file, for example using the -fp option to set the font search path (which is logged) and thus inject a line that will be considered as valid by some systems.

A patch was added to the xserver repository on this week, but X.Org adds:

If a patched version of the X server is not available, X.Org recommends to remove the setuid bit (ie chmod 755) of the installed Xorg binary. Note that this can cause issues if people are starting the X window system using the ‘startx’, ‘xinit’ commands or variations thereof.

X.Org recommends the use of a display manager to start X sessions, which does not require Xorg to be installed setuid.

Source

Last updated October 28, 2018

IBM and Red Hat have inked the deal. IBM is acquiring Red Hat for approximately $34 billion in order to become the number one hybrid cloud provider in the world.

If you think open source projects doesn’t make money, it’s time to think again. A few months back Microsoft bought GitHub for $7.5 billion. SUSE Enterprise Linux was sold for $2.5 billion. Today IBM announced that it is buying Red Hat for approximately $34 billion.

Red Hat, the first billion dollar open source company is one of the strongest players in the containers and the cloud game. IBM has been lagging behind the likes of Microsoft and Google in the trillion dollar cloud market. So to strengthen their position in this field, IBM is acquiring Red Hat.

IBM will acquire all of the issued and outstanding common shares of Red Hat for $190.00 per share in cash, which is approximately $34 billion.

The deal was facilitated by JPMorgan from IBM side and Guggenheim Partners from Red Hat side.

Red Hat will join IBM’s Hybrid Cloud team as a distinct unit. It will continue to be led by Jim Whitehurst and the current Red Hat management team.

“The acquisition of Red Hat is a game-changer. It changes everything about the cloud market. IBM will become the world’s #1 hybrid cloud provider, offering companies the only open cloud solution that will unlock the full value of the cloud for their businesses.”

Ginni Rometty, IBM Chairman, President and Chief Executive Officer

Red Hat is obviously excited about the deal:

Joining forces with IBM will provide us with a greater level of scale, resources and capabilities to accelerate the impact of open source as the basis for digital transformation and bring Red Hat to an even wider audience – all while preserving our unique culture and unwavering commitment to open source innovation

Jim Whitehurst, President and CEO, Red Hat

As per the announcement, “IBM will remain committed to Red Hat’s open governance, open source contributions, participation in the open source community and development model, and fostering its widespread developer ecosystem. In addition, IBM and Red Hat will remain committed to the continued freedom of open source, via such efforts as Patent Promise, GPL Cooperation Commitment, the Open Invention Network and the LOT Network.”

This deal makes IBM the number one player in the cloud market. It will be interesting to see if other players Microsoft and Google make similar moves.

SUSE has already been sold to EQT and Debian is a community owned project so that leaves Ubuntu. Can Ubuntu be the next acquisition target, perhaps by Microsoft? Only time will tell.

What are your views on IBM-Red Hat deal? Will it impact the open source projects by Red Hat? Do you see the recent trend of acquisition of Open Source companies as a ‘threat to the open source culture’? So share your views in the comment section.

Source

Ubuntu Server is a Debian-based distribution crafted to perfection and engineered to define the unwritten laws of server-oriented systems.

Availability, supported platforms, boot options

The project is distributed as multiple ISO images that can be written to USB flash drives or CD discs. These bootable medium can be later used to turn personal computers into powerful and unstoppable server systems.

Among the supported hardware platforms, we can mention 32-bit (i386), 64-bit (amd64), 64-bit Mac (amd64 for Macintosh systems), PowerPC (PPC), as well as PowerPC64 (PPC64) Little Endian.

From the boot prompt, users can install the Ubuntu Server operating system on a single machine, as well as on multiple server systems simultaneously, using Canonical’s MAAS (Metal as a Service) project.

In addition, you can use the ISO images to rescue a broken operating system, boot an existing OS installed on the first disk drive, run a memory diagnostic test, as well as to check the disc for defects (only if using a CD media).

Straightforward installation procedure

Installing Ubuntu Server on a single machine, using the first option on the boot installer is quite easy and straightforward, as you will need to select your favorite language for the installation process, select your location, configure the keyboard, set up the network, add a new user, and configure the home directory.

In addition, you must partition the disk drive(s), configure the package manager, set up tasksel to automatically or manually install updates, as well as to manage the system with Canonical’s Landscape service, and choose which server packages to install.

Bottom line

In conclusion, Ubuntu Server is an astonishing product that provides users with one of the best and easy to install server operating systems that use the stable and reliable base of the award winning Debian GNU/Linux distribution.

Source

Oct 27, 2018, 18:00

Source