Category: Security Infos

Nextcloud Owncloud Opensource Risk’s

If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks: Based on this Article You must know: Details of Security about your current used PHP Versions (7.X) Details of your used Database Version (MySQL..) Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter) See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS) You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy) Use the SSH Tunnels on unknown Ports and Login via Key Files which must be […]

Ubuntu 16.04 Compiz Hang Kernel

After Ubuntu published the latest Kernel Patches for Meltdown and Spectre the Kernel 4.4.0-104/109-generic let Intel Graphics freeze or hang on Compiz with Unity. Howto fix: Install the latest Kernel 4.4.0-112-generic do: sudo apt-get install linux-image-4.4.0-112-generic sudo apt-get install linux-image-extra-4.4.0-112-generic reboot then: sudo apt-get autoremove –purge -y This removes older kernels and save Space! Do test the PC for hanging again!!!

Meltdown Spectre VM Hosting

Thru current IT News you may have heard about the major Security Problem of x86 Technology. If your Websites current hosted on VM at VM Providers, contact them to get current news about their bug handling of their VM Host Servers. If you get no details, then shutdown your sites temporarily, or look for a other solution which isn’t running on x86 Technology. Otherwise you can try to switch from php-kits to static HTML Websites. On the Net there are very helpful tools to do this easy. For WordPress is a WP to HTML Plugin available. This dumps your blog […]

Debian: without sytemd

If you run Debian Servers, you read last weeks about security problems of systemd service manager. On several tests i have seen much systems having problems on service starts on boot like on debian, raspian .. This is a result of not clean redesigned scripts of the services by the Maintainers like the Proxy Server “privoxy” Package… For Tests i decided to try the new Debian Fork Replacement DEVUAN  for Desktop and a standard Debian Server Setup without systemd! Howto purge Systemd on a Debian System read this external Wiki: http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation or try Devuan for Server and Desktop: https://devuan.org/ Remark: […]

Security: Disable USB Drive mount for Users

If you share your Systems and you want to disable USB Drive connects there is a small solution. By default the gvfs Service handle all automounts and drive scans. On old Linux Systems you could purge the complete gvfsd “Backend” but Ubuntu-Desktop forces some pakets to the default Desktop Package! If you purge it the working Desktop can be destroyed! It’s easier to disable the “USB Drivers” called Modules from load on Start! Cause Rules are “Software” and can FAIL unknown!! Howto? Edit the /etc/modprobe.d/blacklist.conf and add: blacklist usb_storage blacklist uas Update initramfs (Kernel Image) update-initramfs -u -k all reboot […]

Security: Isolated Browser eMail Programs

If you want to be more secure, on Linux you can isolate used programs on different Users! All you need is installed by default! Howto: Add a new User for eMail and Browser to the System with: $sudo adduser mailuser $sudo adduser webuser now install if not installed by default “gksu” User Switch $sudo apt-get install gksu copy now the default App Links to webuser’s Home Desktop, for mailuser enter mailuser’s name $cp /usr/share/applications/firefox-esr.desktop /home/webuser/Desktop/firefox-esr.desktop edit the firefox-esr.desktop by right click on nautilus or a editor and change command line: old: /usr/lib/firefox-esr/firefox-esr %u to: gksu -u webuser -w "/usr/lib/firefox-esr/firefox-esr %u" […]