How to install Numix GTK Theme and Icons on Ubuntu 14.10 | Ubuntu Tutorial and How To

How to install Numix GTK Theme and Icons on Ubuntu 14.10 | Ubuntu Tutorial and How To:



'via Blog this'

13.10 - Chrome won't start from the launcher - Ask Ubuntu

13.10 - Chrome won't start from the launcher - Ask Ubuntu:

For me in 14.10 using 39.0.2171.36 beta (64-bit), a Chrome extension, Google Mail Checker Plus Classic, had created a google-chrome.desktop entry in ~/.local/share/applications.

I renamed this to google-chrome.mailchecker.desktop, logged out and then in, and my launcher worked again.
'via Blog this'

Ubuntu 14.10 Install VirtualBox Guest Additions

I've had reasonable results with Ubuntu running under VirtualBox by using the repository VirtualBox Guest utilities.

Install Synaptic from a terminal using:

$ sudo apt-get install synaptic

Once installed, run synaptic using:

$ sudo synaptic

Search for the package virtualbox-guest-utils and select it for installation. It will a few other packages for installation, and after a reboot it will be fine.

You can get some more up to date utils by installing from the ISO image, but this requires installing some pre-requisites first.

You can find that info here:

http://virtualboxes.org/doc/installing-guest-additions-on-ubuntu/

I haven't tested this for a while, but you need the following pre-requisite packages:

• build-essential
• module-assistant

You also need to prepare the system to build modules using:

$ sudo m-a prepare

You can also avoid rebuilding modules manually by installing dkms.

Ubuntu 14.10 Fast TSC Calibration Failed

This seems to be a fairly cosmetic issue, and I found a partial answer here:

https://stackoverflow.com/questions/18055593/fast-tsc-calibration-failed

For me, the timer output type was acpi_pm:

$ cat /sys/devices/system/clocksource/clocksource0/available_clocksource
acpi_pm

I edited /etc/default/grub using:

$ sudo vi /etc/default/grub

I changed:

GRUB_CMDLINE_LINUX=""

To:

GRUB_CMDLINE_LINUX="clocksource=acpi_pm" 

I then regenerated the grub.cfg using:

$ sudo grub-mkconfig -o /boot/grub/grub.cfg

After a reboot all was good.

Ubuntu 14.10 Desktop Released

Get it here:
http://www.ubuntu.com/download/alternative-downloads

Release notes:
https://wiki.ubuntu.com/UtopicUnicorn/ReleaseNotes

LibreOffice 4.3.2 Released

Get it here:
https://www.libreoffice.org/download/libreoffice-fresh/?type=win-x86&version=&lang=en-GB

Release notes:
https://www.libreoffice.org/download/release-notes/

LibreOffice 4.3.2 (2014-09-25) - Fresh Branch

This is the third release from the 4.3 branch of LibreOffice which contains new features and program enhancements. As such, the version is stable and is suitable for all users. This version may contain a few annoying bugs which will be fixed in the next bugfix versions to come.

General notes on features and enhancements are contained in this release. For a detailed list, please check our complete release notes here.

The following notes apply:

• This release is bit-identical to 4.3.2 Release Candidate 2 — you don't need to download or reinstall if you have that version already.
• This version still contains a few annoying bugs, as listed here.
• quickstarter on windows has been removed.

General notes/notes from the 4.3 line:

• Mac version doesn't bundle the MediaWiki extension.
• The distribution for Windows is an international build, so you can choose the user interface language that you prefer.
• Help content is available via an online service, or alternatively as a separate install.
• Our Windows binaries are digitally signed by The Document Foundation.
• For Windows users that have Apache OpenOffice installed, we advise uninstalling that beforehand. The two programs register the same file type associations and will conflict when the Quickstart feature is installed and enabled.
• If you run Linux, the GCJ Java variant has known issues with LibreOffice; we advise to use OpenJDK instead.
• Some menu entries have changed or been added. If something appears to be missing, that may be due to the use of customized menu settings from your previous LibreOffice installation.

3PAR Users Group › View topic - How to Unexport a VVol from one host at a time.

3PAR Users Group › View topic - How to Unexport a VVol from one host at a time.:



'via Blog this'

Install CentOS 7 Into VirtualBox

1. Create VM

• 16GB Dynamic Drive
• 2 vCPU
• 2GB RAM
• PAE
• 128MB Video
• 3D Acceleration

2. Install OS

• Attach DVD Image
• Start VM
• Right-Ctrl is the default host key (to free mouse and keyboard)
• Test Media (Optional) or Install
• Choose Language 
• Software Selection - Development and Creative Workstation
• Installation Destination - Select disk and automatic partitioning
• Network and Hostname - Enable and configure required NIC and Hostname
• Begin Installation
• Set root password
• Create your non-root user (make user administrator)
• Wait :)
• Reboot
• Accept license
• Finish configuration
• Configure Kdump
• Logon

3a. Patch (GUI)

• You only need to do 3a. or 3b. not both as for all the following (a) and (b) sections.
• Need to update before compiling Guest Additions else newly downloaded software will not match existing versions
• Applications > System Tools > Software Update
• Install Updates
• Reboot

3b. Patch (CLI)

• sudo yum update
• Reboot

Sections 4 and 5 are optional - There are no RHEL\CentOS7 DKMS modules available yet, but I have left these sections in for reference.

4a. Add RPMForge repo (GUI)

• Download latest RPMforge release from http://pkgs.repoforge.org/rpmforge-release
• As of writing for x86 this is http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
• Open using Package Installer 
• Install when offered

4b. Add RPMForge repo (CLI)

• Download repo RPM using wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
• install rpm -i rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

5. Install DKMS

• sudo yum install dkms

6. Install development tools

• sudo yum groupinstall “Development Tools”
• sudo yum install kernel-devel

7. Install Guest Additions

• There appears to be a bug with building the additions from the addition CD
• Details here: https://www.virtualbox.org/ticket/12638
• Matthew Casperson has kindly made a patched version in his blog 
• Download
• Extract using bunzip2
• Extract using tar
• Install using sudo ./install.sh

Apple iOS 7.1.2 Released: Update Patches Mail Encryption Bug And Activation Lock Flaw

Apple iOS 7.1.2 Released: Update Patches Mail Encryption Bug And Activation Lock Flaw:



'via Blog this'

LVM2 file systems on Linux

1. Create a partition to hold the LVM2 file system. You can use the whole disk, but this is not recommended. You can use fdisk on disks smaller than 2TB, but will need to use parted on larger disks.
Make sure you use partition type 0x8e for LVM.

2. Create the physical volume:
sudo pvcreate /dev/sdb1
sudo pvscan 

3. Create the volume group:
sudo vgcreate volume_group_name /dev/sdb1
sudo vgdisplay volume_group_name

5. Create a 500 MB volume:
sudo lvcreate -L500 -nvolume_name volume_group_name
sudo lvdisplay volume_group_name

6. Make a file system:
sudo mkfs -t ext4 /dev/mapper/volume_group_name-volume_name

7. Create a mount point:
sudo mkdir /path_to_mount

8. Mount file system:
sudo mount /dev/mapper/volume_group_name-volume_name /path_to_mount

Post Heartbleed security advisory

https://www.openssl.org/news/secadv_20140605.txt



6 New Vulnerabilities:

OpenSSL Security Advisory [05 Jun 2014]
========================================

SSL/TLS MITM vulnerability (CVE-2014-0224)
===========================================

An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and 
modify traffic from the attacked client and server.

The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
researching this issue.  This issue was reported to OpenSSL on 1st May
2014 via JPCERT/CC.

The fix was developed by Stephen Henson of the OpenSSL core team partly based
on an original patch from KIKUCHI Masashi.

DTLS recursion flaw (CVE-2014-0221)
====================================

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.

Only applications using OpenSSL as a DTLS client are affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.  This
issue was reported to OpenSSL on 9th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

DTLS invalid fragment vulnerability (CVE-2014-0195)
====================================================

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Only applications using OpenSSL as a DTLS client or server affected.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

Thanks to Jüri Aedla for reporting this issue.  This issue was
reported to OpenSSL on 23rd April 2014 via HP ZDI.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
=================================================================

A flaw in the do_ssl3_write function can allow remote attackers to
cause a denial of service via a NULL pointer dereference.  This flaw
only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is
enabled, which is not the default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.  The fix was developed by
Matt Caswell of the OpenSSL development team.

SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
===============================================================================
 
A race condition in the ssl3_read_bytes function can allow remote
attackers to inject data across sessions or cause a denial of service.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the
default and not common.

OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

This issue was reported in public.  

Anonymous ECDH denial of service (CVE-2014-3470)
================================================

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.

OpenSSL 0.9.8 users should upgrade to 0.9.8za
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.

Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this
issue.  This issue was reported to OpenSSL on 28th May 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

Other issues
============

OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for
CVE-2014-0076: Fix for the attack described in the paper "Recovering
OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
Reported by Yuval Yarom and Naomi Benger.  This issue was previously
fixed in OpenSSL 1.0.1g.


References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20140605.txt

Note: the online version of the advisory may be updated with additional
details over time.

'via Blog this'

How to install CentOS into VirtualBox (Including Guest Additions)

1. Create VM

• 16GB Dynamic Drive
• 2 vCPU
• 2GB RAM
• PAE
• 128MB Video
• 3D Acceleration

2. Install OS

• Attach DVD Image
• Start
• Test Media (Optional)
• Right-Ctrl is the default host key (to free mouse and keyboard)
• Basic storage devices
• Use All Space
• Desktop Install
• Create your non-root user
• Put this user in wheel group so they can use sudo
• Use su - and then visudo to uncomment wheel group in sudoers

3. Configure network

• Network cards are unconnected by default
• Connect using network manager (right-click icon at top of screen and edit connection)
• If you need to clone VM, remove or edit network card entry in /etc/udev/rules.d/70-persistent-net.rules and remove card in Network Manager

4a. Patch (GUI)

• You only need to do 4a. or 4b. not both!
• Need to update before compiling Guest Additions else newly downloaded software will not match existing versions
• System > Administration > Software Update

• First update to update the updater
• Second update to update the OS
• Reboot

4b. Patch (CLI)

• sudo yum update
• Reboot

5a. Add RPMForge repo (GUI)

• Download latest RPMforge release from http://pkgs.repoforge.org/rpmforge-release
• As of writing for x86 this is http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
• Open using Package Installer
• Install when offered

5b. Add RPMForge repo (CLI)

• Download repo RPM  using wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
• install rpm -i rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

6a. Install DKMS (GUI)

• System > Administration > Add/Remove Software
• Search for dkms
• Install accepting dependencies

6b. Install DKMS (CLI)

• sudo yum install dkms

7a. Install development tools (GUI)

• System > Administration > Add/Remove Software
• Expand Development and then expand Development tools
• Select all packages and then apply

7b. Install development tools (CLI)

• sudo yum groupinstall “Development Tools”

8a. Install Guest Additions (GUI)

• Insert Guest Additions CD image (Devices > Insert Guest Additions CD Image…)
• Click Open Autorun Prompt > OK > Run
• Eject CD
• Reboot

8b. Install Guest Additions (CLI)

• Insert Guest Additions CD image (Devices > Insert Guest Additions CD Image…)
• Cancel pop-up
• cd /media/VBOXADDITIONS_4.x.xx_xxxxx/
• sudo ./VBOXLinuxAdditions.run
• cd /
• Eject CD

• Reboot

Fun with file systems

I've identified a need to replicate some file system information in Linux for a number of reasons:

1. Primary to secondary site for DR purposes
2. As above but with file locking for limited live-live operation
3. As above but with record locking for full live-live operation (thinking SAMBA shares here)

I've identified a number of file system features that will let me do this, so I'm going to have a geeky day looking at them:

1. B-tree file system (BTRFS)
2. Logical volume manager (LVM)
3. A. N. Other cluster file system

I think BTRFS is going to be to slow for virtual machines, and LVM has the advantage of running different file systems inside the container sysyem. The might be other options such as rsync but I would really like the solution to be as independent of the applications being replicated as possible (don't want to run rsync in a virtual machine for example).

Any suggestions greatly received, but I'm off to get CentOS in Oracle VM VirtualBox installed for a starting point.

Maxthon Labs Private Beta

I've been test Maxthon browser for quite some time and I find it feature rich with some good Desktop to Mobile synchronisation capabilities. Apparently they are working on a new product in prvate beta. Want a chance to try it? http://lnc.hr/x6WaV

Magic Quadrant for Cloud Infrastructure as a Service

Magic Quadrant for Cloud Infrastructure as a Service:



'via Blog this'

Microsoft Security Bulletin MS14-021 - Critical

Microsoft Security Bulletin MS14-021 - Critical:

This is the Zero Day exploit for IE.

'via Blog this'

Audit File Access & Protect Data From Theft With ByStorm FileSure

Audit File Access & Protect Data From Theft With ByStorm FileSure:

Allows auditing and permissions overide (enforcement).

'via Blog this'

0000430: OpenVAS GreenBone Security Assistant (webUI) - MantisBT

0000430: OpenVAS GreenBone Security Assistant (webUI) - MantisBT: "texlive-latex-extra"

Had problems getting Greenbone Security Assistant OpenVAS in BackLinux v3.13 producing reports in PDF format.

Found a Kali Linux bug indicating that the package texlive-latex-extra had to be installed in order to produce PDF reports.

It's an extra 650MB+ of stuff to install but it did fix the PDF report issue.

'via Blog this'

How to change the port and IP for Greenbone OpenVAS on BackLinux

By default, Greenbone OpenVAS on BackLinux v3.13 listens on port 9293 on the loopback address (127.0.0.1).

To change this, edit the /etc/default/greenbone-security-assistant and change the GSA_ADDRESS and GSA_PORT lines.

Changing these to 0.0.0.0 and 443 respectively, will make the GUI available on the standard HTTPS port. You'll only be able to do this as long as your have nothing else listening on that port.

You can confirm what ports are in use by using netstat -ant.

BASH script to wrap around Heartbleed scanner

The following script wraps around the Heartbleed scanner talked about in the previous post to scan all IP addresses within a file and output the results to a log.
I know it's basic, but it works - I'd be very happy if someone could come up with a script that would accept a subnet in CIDR format and scan all IP's with that subnet. Something like "hbscan 172.16.1.0/24"

Step-by-step:

1. Create a ~/heartbleed
2. Copy the Heartbleed binary into the folder created at (1)
3. Copy the script below into the ~/heartbleed direcotry and call it something like hbscan
4. Make hbscan runnable (chmod 755 hbscan)
5. Copy file(s) containing the IP addresses you wish to scan into ~/heartbleed
6. Create a ~/heartbleed/scans directory
7. Scan the networks using './hbscan filewithips'

Here's the script I used:

#!/bin/bash
E_BADARGS=65
logs=~/heartbleed/scans
today=`date +%F`
if [ -z "$1" ]; then
  echo " Usage: `basename $0` list"
  exit $E_BADARGS
fi
if [ ! -d $logs/$today ]; then
  echo "[*] Creating $logs/$today"
  mkdir $logs/$today
fi
hosts=$1
touch $logs/$today/$hosts
while read -r host
do
  echo "[*] Scanning $host..."
  ~/heartbleed/Heartbleed $host 2>> $logs/$today/$hosts
done < $hosts
echo "[*] Scans completed."

That script was frankenstiened from:
http://www.commondork.com/2013/07/06/bash-script-to-scan-subnets-with-nmap/