Firefox Stop Home Calls

During my last Network Monitoring found out that MANY of „free“ Software calls home permanent

Article:
https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

.. if you want to be safe, block all OUTGOING Traffic by a Firewall or local DNS Server and use a Proxy with Auth Mechanism!

Major Bug: UFW stopped thru logrotate

On Debian Sid i have seen that ufw service is stopped on logrotate!!

Its a bad known bug!

Workaround:

  • Set all Services like Dovecot, Postfix to listen on LOCALHOST (127.0.0.1) if not needed over Internet
  • Enable ONLY encrypted AUTH (Login) to Postfix! (TLS 1.2)
  • Disable unneeded Services ! like Samba, FTP…
  • move config from /etc/logrotate.d/ufw to /root/ to disable ufw logrotate !!
  • edit /etc/ufw/ufw.conf set LOGLEVEL to „off“
  • restart the Server and check open Ports next Days from outside with:

$sudo nmap -PN my.server.com

Split Files on embedded Linux Systems

If you run a embedded Linux PC like raspi often some Linux Commands fail without error messages, cause the hardware performance is low tech.

Same i have seen on the split command..

to split a 50GB Photos-Archive File to 4Gb on a USB Drive i found out that:

sudo split -b 4096m -d -u Photos.tgz Photos-Archive_

fix the job..
Cause option -u disable IO-Caching over the 2.0 USB Port to the RAM of the raspi that the Data of the Output Stream is written direct to the Drive.

FastGlacier Client on Linux AWS Cloud Backup

If you are a Newbie on AWS Glacier Cloud Backup you want to use a simple Backup Uploader you can use FastGlacier inside Wine!

Major Info: Glacier puts only Files up to 4GB size, split 50GB Tar/Zip Files to 4GB!!

  1. Setup AWS free Account !!
  2. Go to IAM create User, set User Role to Glacier full access
  3. Write down User and Password key at IAM
  4. now go right to you loved Cloud Area like Frankfurt or Asia
  5. Setup new vault, logout..
  6. install wine
  7. install winetricks dotnet40 Framework
  8. install FastGlacier
  9. have fun..

sudo apt-get install wine 
sudo apt-get winetricks

Run winetricks installer now via X-Desktop it needs X-Output!! for the Dialog to you!
inside terminal from GUI
winetricks dotnet40

Download free FastGlacier search on Google..
Double klick at the FastGlacier.exe
Setup your Client with AWS User+KEY
…enjoy..

Remark: Glacier need often 3-4 hours between updates !! (retrieve Inventory and Delete Folders) If Popups shows Erros try it hours later again!! Glacer is slow but cheap backup solution against lost Hardware thru fire!

Don’t upload confidential data without ENCRYPTION !!

Ubuntu Snap on Bionic 18.04 Reasons

If you upgrade or install Ubuntu to 18.04 the last and current LTS Version you have may asked yourself „what the hell is snap loop device?“

Easy Snap was hidden built in to print MONEY, sure?? YES see manpage snap.. “ BUY A SNAP !!“
snap-ubuntu-print-money

.. its a new try to get money since Amazon Shop Link implementation.. like others from Appstores..

Howto get rid off? Removing of snapd with purge app Apps by deps..

# sudo apt-get remove snapd --purge

Some may ask do i need snaps? No cause most packages still live at the debian apt repository

Snap Shop of ubuntu:

https://snapcraft.io/

If you want to learn and config Linux use apt..

Apache MEMCACHED UDP Protection

Current a lot of sites blogging about memcached attacks on Servers here some details:

  • Memcached Servers need a installed and running Service called „memcached“
  • Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service
  • The Memcached Service uses a own Config File at debian /etc/memcached.conf
  • By default it MUST listen to localhost or socket
  • Admins MUST setup a FIREWALL like „ufw“ (iptables) and MUST check own Server for OPEN PORTS with nmap
  • The Problem is that Attackers can run Scripts against to your Server in a 10^6 Range like a BOTNET !! with ONE PC cause MEMCACHED supports this high count of REQUESTS without going down.
  • DO NEVER HOLD CONFIDENTIAL DATA ON WEBSERVERS!!!

Test to open Port using nmap Port Scan with UDP Option NOT TCP:

sudo nmap -sU -p 11211 www.myserver.xyz

If the scan echo this YOU MUST check or install a FIREWALL!:
Host is up (0.10s latency).
PORT      STATE         SERVICE
11211/udp open|filtered unknown

if Echo shows this you are safe:
PORT      STATE    SERVICE
11211/udp filtered unknown

check your current Apache PHP Modules:

$sudo php -m

if memcached listed, the php api is active time to check more..

check for memcached service:

$sudo dpkg -l |grep mem

is memcached listed the service is installed, then do:
$sudo ps aux|grep mem

if the echo shows:
memcache ... /usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1 -P /var/run/memcached/memcached.pid

the Service is active an listening..

Sample Config:
/etc/memcached.conf

# memcached default config file
# 2003 - Jay Bonci <jaybonci@debian.org>
# This configuration file is read by the start-memcached script provided as
# part of the Debian GNU/Linux distribution.

# Run memcached as a daemon. This command is implied, and is not needed for the
# daemon to run. See the README.Debian that comes with this package for more
# information.
-d

# Log memcached's output to /var/log/memcached
logfile /var/log/memcached.log

# Be verbose
-v

# Be even more verbose (print client commands as well)
-vv

# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
-m 128

# Default connection port is 11211
-p 11211

# Run the daemon as root. The start-memcached will default to running as root if no
# -u command is present in this config file
-u memcache

# Specify which IP address to listen on. The default is to listen on all IP addresses
# This parameter is one of the only security measures that memcached has, so make sure
# it's listening on a firewalled interface.
-l 127.0.0.1

# Limit the number of simultaneous incoming connections. The daemon default is 1024
-c 300

# Lock down all paged memory. Consult with the README and homepage before you do this
# -k

# Return error when memory is exhausted (rather than removing items)
-M

# Maximize core file limit
# -r

# Use a pidfile
-P /var/run/memcached/memcached.pid

Setup Firewall (ufw):

$sudo apt-get install ufw
$sudo ufw allow 80/tcp
$sudo ufw allow 443/tcp
$sudo ufw enable

Retest with NMAP Port Scan your OPEN Ports! Do this monthly! Cause sometimes the Firewall can have unknown Problems!!

Check the Memcached Log at /var/log/memcached.log for Events

Ubuntu 16.04 Compiz Hang Kernel

After Ubuntu published the latest Kernel Patches for Meltdown and Spectre the Kernel 4.4.0-104/109-generic let Intel Graphics freeze or hang on Compiz with Unity.

Howto fix:

Install the latest Kernel 4.4.0-112-generic

do:
sudo apt-get install linux-image-4.4.0-112-generic
sudo apt-get install linux-image-extra-4.4.0-112-generic

reboot

then:

sudo apt-get autoremove --purge -y

This removes older kernels and save Space! Do test the PC for hanging again!!!