Archive for September, 2014
Shellshock exploit
by Geert on Sep.28, 2014, under Apple
After Heartbleed, there is another serious bug around which is affecting Mac and linux systems. More specifically : it is a bug present in bash. This bug can be exploited and it can give an attacker the possibility to run arbitrary commands on your system. In other words: this is extremely dangerous. An overview of the attack vectors can be found on this site.
There are 2 tests you can perform yourself, to check whether your system is vulnerable to the 2 attack vectors :
In a terminal window, type the following command, followed by enter
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
The result should be :
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
If you get the following output, your system is vulnerable :
vulnerable
this is a test
Also check your system for the second vulnerability :
env X='(){(a)=>\’ bash -c “echo date”; cat echo; rm -f echo
You should see this :
date
cat: echo: No such file or directory
In case you get the following output, your system is again vulnerable to the exploit :
date
[The Current Date and Time]
So what you need to do in case your system returned one or both of the bad outputs
Apple already said they are working on a patch, and that “the vast majority of Apple computers are not vulnerable”. However, I can only highly recommend patching this bug yourself – it doesn’t take long and it’s not complicated.
The only prerequisite is Xcode – Apple’s development platform. You can download it for free from the App Store.
Next, perform the following steps from within a Terminal window :
It will spawn a lot of text while it’s compiling, and it should come up with “BUILD SUCCEEDED” when it’s done.
The second patch will be addressed like so :
Again, you’ll see “BUILD SUCCEEDED“. Now it’s time to make a backup of your old bash. Perform the following commands in a Terminal window :
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
Now replace the old bash with the new, compiled version :
sudo cp build/Release/bash /bin
sudo cp build/Release/sh /bin
Run the 2 tests again; the output should be fine now.
Apache extreme memory usage
by Geert on Sep.13, 2014, under Linux, Personal
My Apache webserver suddenly started to use an insane amount of RAM, freezing the whole box.. There are a couple of things you can tune in order to avoid this from happening. Obviously, one or more scripts are causing this issue. You could either go search for them by running the next commands :
ps -eo pmem,pcpu,pid,user,rss,vsize,args | { head -1 ; sort -k 1 -r -n ; } | head -10
This will sort the top 10 processes which eat away all the RAM. Run the following command to free up memory while you’re troubleshooting :
echo 3 > /proc/sys/vm/drop_caches
Change the next settings in your httpd.conf (typically found in /etc/httpd/conf/) :
<IfModule prefork.c>
StartServers 2
MinSpareServers 2
MaxSpareServers 5
MaxClients 150
MaxRequestsPerChild 500
</IfModule>
LoadModule deflate_module modules/mod_deflate.so
<Location />
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml application/x-javascript
</Location>
KeepAlive On
KeepAliveTimeout 2
MaxKeepAliveRequests 80
<Directory />
Options FollowSymLinks
</Directory>
<Directory />
AllowOverride None
</Directory>
ExtendedStatus Off
Timeout 45
Also, it might be worth having a look at Easyapache and add mpm-prefork, or else Nginx or Litehttpd..