Tuesday, April 9, 2013

HEADS-UP: mod_security packages security update

I recently pushed a security update for mod_security for CVE-2013-1915 mod_security: Vulnerable to XXE attacks.

If you're using this package, please test and provide karma.

Posted by at 0 comments
Labels: ,

Thursday, November 15, 2012

New mod_security and mod_security_crs packages

I just pushed security/bugfix updates for mod_security 2.7.1-3 and mod_security_crs 2.2.6-3 packages, if you are using them please test and provide karma in bodhi.

Note: there's no packages for EPEL5 because of the old libxml2 in RHEL5/CentOS5.

Update: I've pushed an update with backported fixes (from 2.7) in EPEL5, please test. https://admin.fedoraproject.org/updates/mod_security-2.6.8-2.el5

Details:


  • Update to 2.7.1
  • Update Core rules set to 2.2.6
  • Fix build against libxml2 >= 2.9 (upstreamed)
  • Add some missing directives RHBZ #569360
  • Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) (RHBZ #867424, #867773, #867774)


Posted by at 0 comments
Labels: ,

Friday, October 19, 2012

The new fedora pastebin service is in staging

The new fedora pastebin service is in staging:

http://paste.stg.fedoraproject.org/

Please test and report any issues via email (athmane AT fedoraproject.org) or IRC (athmane in #fedora-admin)

Posted by at 1 comments
Labels:

Wednesday, September 12, 2012

Some Openbox tips

1. Add shutdown and reboot to openbox menu

Add the following lines to ~/.config/openbox/menu.xml 
<item label="Restart">
    <action name="Execute">
 <prompt>
  Are you sure you want to reboot ?
 </prompt>
 <command>dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Restart</command>
    </action>
</item>
<item label="Shutdown">
    <action name="Execute">
 <prompt>
  Are you sure you want to shutdown ?
 </prompt>
 <command>dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop</command>
    </action>
</item>

2. Auto-move window to a specific desktop

Add the following lines to ~/.config/openbox/rc.xml in applications section, you can get app/window proprieties using obxprop utility (included in openbox package).

<application name="App_Name">
    <desktop>2</desktop>
</application>

3.Window snapping (like in Gnome 3)

  • Win-Up: Maximize window
  • Win-Down: Minimize window
  • Win-Left: Snap window to the left side
  • Win-Right: Snap window to the right side
Add the following lines to ~/.config/openbox/rc.xml in keyboard section 


    <keybind key="W-Up">
      <action name="ToggleMaximize"/>
    </keybind>
    <keybind key="W-Down">
      <action name="ToggleMaximize"/>
    </keybind>
    <keybind key="W-Left">
      <action name="UnmaximizeFull"/>
      <action name="MoveResizeTo">
        <x>0</x>
        <y>0</y>
        <width>50%</width>
        <height>100%</height>
      </action>
      <action name="ToggleMaximizeVert"/>
    </keybind>
    <keybind key="W-Right">
      <action name="UnmaximizeFull"/>
      <action name="MoveResizeTo">
        <x>50%</x>
        <y>0</y>
        <width>50%</width>
        <height>100%</height>
      </action>
      <action name="ToggleMaximizeVert"/>
    </keybind>
Posted by at 0 comments
Labels:

Tuesday, August 28, 2012

mod_security core rules package for EPEL (RHEL/CentOS)

mod_security core rules packages are in EPEL testing

Posted by at 0 comments
Labels: ,

Saturday, August 25, 2012

mod_security 2.6.7 for el5/el6 (RHEL, CentOS)

mod_security 2.6.7 for el5/el6 (RHEL, CentOS) will be in epel-testing [1][2], core rules packages will follow soon (waiting for epel branches [3]).

EPEL devel list post: https://www.redhat.com/archives/epel-devel-list/2012-August/msg00068.html

Posted by at 0 comments
Labels: ,

Sunday, August 19, 2012

How to add nginx logs to logwatch reports

If you're using nginx package from EPEL6 (uses the same log format as Apache httpd by default) and you want to have a daily report of nginx logs with logwatch, here's a way to do it (there's multiples):

Create the following files:

/etc/logwatch/conf/logfiles/nginx.conf:

LogFile = nginx/*access.log
LogFile = nginx/*access.log.1

Archive = nginx/*access.log.*.gz

# Expand the repeats (actually just removes them now)
*ExpandRepeats

# Keep only the lines in the proper date range...
*ApplyhttpDate
/etc/logwatch/conf/services/http.conf:
###########################################################################
# Configuration file for http filter 
###########################################################################

Title = "nginx"

# Which logfile group...
LogFile = nginx

# Define the log file format
#
# This is now the same as the LogFormat parameter in the configuration file
# for httpd.  Multiple instances of declared LogFormats in the httpd
# configuration file can be declared here by concatenating them with the
# '|' character.  The default, shown below, includes the Combined Log Format,
# the Common Log Format, and the default SSL log format.
#$LogFormat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"|%h %l %u %t \"%r\" %>s %b|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# The following is supported for backwards compatibility, but deprecated:
# Define the log file format
#
#   the only currently supported fields are:
#   client_ip
#   request
#   http_rc
#   bytes_transfered
#   agent
#
#$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent"
#$HTTP_FORMAT = "space     space space    brace    quote   space        space       quote   quote" 
# Define the field formats
#
#   the only currently supported formats are:
#   space = space delimited field
#   quote = quoted ("..") space delimited field
#   brace = braced ([..]) space delimited field

# Flag to ignore 4xx and 5xx error messages as possible hack attempts
#
# Set flag to 1 to enable ignore
# or set to 0 to disable
$HTTP_IGNORE_ERROR_HACKS = 0

# Ignore requests
# Note - will not do ANY processing, counts, etc... just skip it and go to
# the next entry in the log file. 
# Examples:
# 1. Ignore all URLs starting with /model/ and ending with 1 to 10 digits
#   $HTTP_IGNORE_URLS = ^/model/\d{1,10}$
#
# 2. Ignore all URLs starting with /model/ and ending with 1 to 10 digits and
#   all URLS starting with /photographer and ending with 1 to 10 digits
#   $HTTP_IGNORE_URLS = ^/model/\d{1,10}$|^/photographer/\d{1,10}$
#   or simply:
#   $HTTP_IGNORE_URLS = ^/(model|photographer)/\d{1,10}$

# To ignore a range of IP addresses completely from the log analysis,
# set $HTTP_IGNORE_IPS. For example, to ignore all local IP addresses:
#
#   $HTTP_IGNORE_IPS = ^10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\.
#

# The variable $HTTP_USER_DISPLAY defines which user accesses are displayed.
# The default is not to display user accesses:
$HTTP_USER_DISPLAY = 0
# To display access failures:
# $HTTP_USER_DISPLAY = "$field{http_rc} >= 400"
# To display all user accesses except "Unauthorized":
# $HTTP_USER_DISPLAY = "$field{http_rc} != 401"


# vi: shiftwidth=3 tabstop=3 et
Posted by at 0 comments
Labels: ,
Subscribe to: Posts (Atom)